Researchers at the University of Birmingham have uncovered networking threats which enable third parties to track the physical presence of mobile phones connected to 3G networks.

During the study the researchers, in collaboration with the Technical University of Berlian, discovered two flaws on the current 3G standard. One forces the devices to disclose its temporary identity (TMSI), which is then correlated with a static identity (IMSI) paging request. The other involves a devices Authentication and Key Agreement protocol, whereby attackers can send a message to determine whether a phone is nearby, by distinguishing between two different error replies from the targeted device.

The security threats posed by this discovery, which were tested on networks including T-Mobile, Vodafone and O2, are fairly obvious. Luckily, the research team is also proposing solutions to the issue, and is working together with operators and standards organisations to promote adoption of privacy-protecting solutions in future mobile networks.

“The attacks could be used to track staff movements within a building. It could be used by stalkers who want to follow individuals, or spouses that want to track their partners movements,” said University of Birtmingham Computer Security professor Mark Ryan, who led the study. “This work is part of a more general effort by the Birmingham research team to identify privacy concerns and to promote privacy-friendly technologies.”