WhatsApp and its owner Facebook are the leading applications when it comes to attracting huge online traffic.
These two (Facebook Messenger and WhatsApp) have a following that exceeds well over 1.5 billion people when combined, something that really keeps hackers attracted to the apps.
In a new revelation, security researchers have come out claiming that it is now extremely simple for hackers to find out the location of any person using WhatsApp or Facebook Messenger. To do this, hackers are exploiting a fault in 4G mobile networks.
According to the report, hackers can use these messaging apps to find the anonymous identifiers that devices are usually assigned when connecting to a network and then use them to find you.
How it works
The research was carried out by a group of experts from Finland and Germany where they revealed that when a smartphone is connected to a network, the network assigns it a number known as Temporary Mobile Subscriber Identity or simply TMSI. This is an 8-digit number that the network then uses to identify the connected device rather than use the phone number of the owner. This is a way of keeping this secure, but apparently, things are not secure as thought.
Apparently, a hacker who is keeping tabs on radio communications can easily tie this TMSI to a victim by sending them a WhatsApp or Messenger message. In both apps, a special “paging request” will be triggered from a network with location details about a specific TMSI number.
Any attempt to send your friend a message on Facebook will mean that there are some signals being sent from point A to point C via point B. When you receive a message on WhatsApp and you start typing, the user on the other end is notified, which means signals are moving around as well. These are enough to trigger a connection and as such, a paging request will be issued by network in question.
These paging requests come with data about your location and in the case of 4G networks; this data can be used to track the location of the user, but within an area of 2 square kilometers. With the case of 2G and 3G networks, a smartphone would be placed within “tracking area” of about 100 square kilometers, which is less of a security threat. However, 4G networks place these devices in much smaller “cells” of about 2 square kilometers, which makes the life of a hacker trying to locate you a lot easier.
While the placement of phones in smaller tracking areas by 4G networks has the benefit of allowing better understanding of network issues, it seems the same network is also responsible for giving away crucial data about smartphone owners.
While TMSI numbers are meant to be protective, the mechanism they use is probably what leads to this flaw’s success. Usually, TMSI numbers refresh regularly in order to ensure that the user stays safe when online, however, the problem is that at times they may persist for up to 3 days, which is enough time for the hacker to his or her thing, the researchers revealed.