The location information that is being sent as part of each user's GTP traffic includes the mobile country code, the mobile network code, cell identifiers, the International Mobile Subscriber Identity (IMSI) code and location area codes. The two security experts showed that by putting all of this data into a freely available online service, they can track a user's location on a map.
The distribution of the vulnerable hosts appears to be global, Kho and Kuiters said, adding that they've notified the operators who own them about the issues. Running the scans and identifying the vulnerable hosts was not difficult and the tools used are freely available, so it is possible that other people have done it before and maybe even already exploited the issues, they added.
Sign up for CIO Asia eNewsletters.