How is it possible for someone to track my location based on my cellular phone?
Mobile Device manufacturers have put a lot of effort into trying to conceal a user’s identity, which would make it hard to track and identify a person based on their cellular phone.
The challenge though, is doing it in a way that doesn’t break the wireless LAN protocol, and also doesn’t require consumers to do anything to conceal their identity.
Unfortunately for us consumers, and fortunately for those in the know, there are still ways to track people based on their cellular device.
Tracking a cellular device that connects to a Wi-Fi network
Every modern cell phone has a feature called “Private MAC Addressing” enabled by default. This feature assigns a totally random Media Access Control (MAC) address to a cellular phone. So how would you track it?
Well, private MAC addressing, although random, persists across every wireless network the mobile device connects to. This means that, although random, every time you connect to the wireless network named “Starbucks” your MAC address will stay the same, and it doesn’t matter if you connect to one in Virginia this week, and California the next. That MAC address will stay the same, making it possible to track that person every time they connect to the same wireless network name twice.
Unfortunately, even if you try to “Forget this Network” that random MAC address will still persist, so there is no easy way to stop this from happening.
Tracking a cellular device that connects to cellular
Every cell phone with a cellular data plan has what is called a Subscriber Identification Module (SIM) card. This card is what data plan providers use to monitor the data used each month, which is then charged back to that user on their monthly cell phone bill. That SIM card has what is called an International Mobile Subscriber Identifier (IMSI) number that is then used to correlate cellular data usage to the subscriber (user).
If someone was able to get ahold of that IMSI number they would then be able to track a device whenever that device was using cellular data. Every time you leave your house, unless you have a hotspot, you are using cellular data to surf the internet. As an attacker there are ways to trick a cellular device into revealing its IMSI number, which could then be used for malicious purposes.
This same type of attack could also be used to defend against attackers who are trying to break into the wireless network, and thankfully it doesn’t just help identify the type of device being used, but it also helps identify the user who is subscribed to the data plan, revealing the identity of the attacker!