[airprobe-main] Cell phone tracking using ss7 hlr lookups

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/baseband-devel@lists.osmocom.org/.

Karsten Nohl nohl at virginia.edu
Thu Feb 25 19:50:54 UTC 2010


Hi Yanis,

I'm CCing the OsmoconBB list who could perhaps help setup a MSC-GPS  
data collector.

On Feb 22, 2010, at 8:09 PM, Yanis Pavlidis wrote:

> Hi all,
>
> not exactly related to airprobe itself, but I am sure people on this  
> list could answer my question.
> So, after reading Tobias Engels' presentation on 25c3 ( http://events.ccc.de/congress/2008/Fahrplan/attachments/1262_25c3-locating-mobile-phones.pdf 
>  ), I found out you can perform an HLR lookup and come up with the  
> current MSC number that "controls" the connection of the subscriber,  
> for any subscriber.

Yes, every telco company and VoIP provider with SS7 access in the  
world always knows where you are. Scary.

> My question is, is this MSC number, visible from the mobile phone  
> side? If yes, somebody could actually wardrive, to get the MSC  
> number-to-location mapping?
> Can airprobe, or OpenBTS help?

Creating the {MSC -> location} mapping database would be a very  
worthwhile exercise. The data collection would have to happen from  
phones. Either we create an application for one of the popular phone  
platforms (Symbian, Android, iPhone). Anybody on the list knows if  
these phones expose the MSC number to application software?

Alternative, the Osmocon project could probably expose the MSC  
information easily. The project is still in early stages and it will  
take a few months until a collector software could be running. I  
wonder if any of the supported Motorola phones have GPS?

> Forgive my ignorance on all-things-gsm, I am just beginning exploring!

Thanks for bringing up the topic!

> Thanks all,
> Yanis

Cheers,

	-Karsten




More information about the baseband-devel mailing list