There’s a big problem with the 4G mobile networks and the hackers are taking advantage of it. It seems that they can track someone’s location on Facebook and WhatsApp, by using anonymised identifiers with which the user is connecting to a network. An anonymised identifier is a temporary number called a Temporary Mobile Subscriber Identity and it contains eight digits which the network uses to identify the device. The hackers are using this number and when its owner connects to the network, they are able to detect the device’s location.
If you added someone to your list of friends on Facebook and you’re sending a message, he/she will receive it in the Inbox folder. If you’re sending a message to someone you haven’t added, most likely, that message will end up in the Other folder, which will trigger a paging request from a network and it contains the location information related to that particular TMSI number.
WhatsApp has the typing notification feature, which informs the users that his contact is composing a message, but when this happens, the connection is triggered. The hacker who knows your number will send you a message and if you’ll start typing, this will trigger the connection and will issue a paging request containing the location data. If the hacker lives nearby, in an area of 2 square kilometers, he will easily track your location. When it comes to the 2G and 3G networks, the tracking area is only around 100km2 and this doesn’t represent a big security issue.
Some researchers from Aalto University, the University of Helsinki, Technische Universitat Berlin and Telekom Innovation Laboratories are warning the Facebook and WhatsApp users that the hackers are monitoring the signals with some easily-accessible network hardware. If the TMSIs would refresh more often, not every three days, the users’ privacy would be more protected and these incidents wouldn’t be possible.