GPS Weakness Could Enable Mass Smartphone Hacking
Weaknesses in the technology that allows smartphone users to pinpoint themselves on a map, or check into restaurants and bars using apps such as Foursquare, could allow those users to be tracked remotely.
Ralf-Philipp Weimann, a researcher at the University of Luxembourg, reported this finding at the Black Hat computer security conference in Las Vegas yesterday. He believes that the complex mechanism by which phones get location fixes likely also hides vulnerabilities that could allow the mechanism to be used to install and run malicious code on the device.
Smartphones do not use GPS satellites alone to determine their location, because doing so accurately requires complex calculations based on signals collected from four orbiting satellites, a process that takes as long as 12 minutes. Instead, they use assisted GPS (A-GPS), in which a cellular network supplies an approximate location to simplify and speed up the necessary GPS calculations. A-GPS also allows a device to ask the mobile network to do the work and send back the exact location fix once it's finished.