Advanced Mobile Threats 101: Phone Tracking

Phone tracking is the practice of observing a smartphone user’s locations and movements. More than just dots on a map, an individual’s location data can be mined by threat actors for insights into behaviors, preferences, associations and more.

How does phone tracking work?

Threat actors have a number of tools at their disposal for accessing the historical and real-time location information of a targeted smartphone.

• Cellular surveillance: Phone tracking is effectively baked into cellular functionality, as cellular providers need to know where each mobile device on their network is located at all times in order to deliver calls, texts and data. These locations are logged by the provider via detailed, up-to-the-minute records. To access an individual’s records, threat actors can utilize a commercially available tracking system that has access to carrier location databases, or they can hack the person’s telecom provider.

• Data brokers: Through location services, a smartphone allows apps to gather and use information based on current phone location to provide a variety of location-based services, from mapping to weather. Location services can enlist GPS, cellular, WiFi and Bluetooth. Commonly, an app developer will embed a software development kit (SDK) into their app that essentially siphons location data directly to a data broker, which may then analyze the data and/or combine it with users’ information to create or bolster detailed audience profiles. To access this data, threat actors can purchase it by posing as a front company, hack the broker’s database or leverage a compromised account.

• Spyware: For highly targeted location tracking, threat actors can employ smartphone spyware against an individual. Whether obtained commercially or developed in-house, such spyware can, in addition to gathering other sensitive information, track the target’s location in real time.

• IMSI catchers: For location tracking within a defined geographic area, threat actors can make use of an IMSI catcher, which is essentially a fake cell tower designed to trick smartphones within range into connecting to it. Once connected to a targeted smartphone, the IMSI catcher can force the device to respond with its location, among other capabilities.

• Side channels: Though still largely in the realm of experimentation, researchers have demonstrated that a smartphone’s location can be inferred using alternate resources contained within the phone, including those accessible without requiring explicit permission from the user. For example, numerous research teams have demonstrated that motion sensors can be used to figure out driving routes. Such a capability could be added to any app.

What are the key risks of phone tracking?

While smartphone location data can certainly reveal an individual’s home, place of business and other frequently visited sites, the data can also paint an incredibly vivid narrative of a person’s life, as each location point is associated with a specific date and time. Threat actors can analyze the data to infer the person’s behaviors and preferences and to detect actionable patterns. When combined with aggregated location data, an individual’s location data can illuminate hidden associations and locations.

The following are some of the potential insights buried in location data.

• Key locations: An individual’s home address isn’t hard to pick out from the data, as the smartphone will be in a fixed position for hours at a time as the target sleeps each night. If the target’s identity is unknown, a threat actor can determine it using their inferred address and publicly available information.

• Habits and routines: Over a long-enough time frame, the target’s routines will become clear. Perhaps there’s a visit to the same coffee shop every morning, a weekly yoga class or a predilection for a certain fast-food establishment.

• Preferences: From repeated visits to similar types of places, one can draw conclusions about the target’s preferences. For example, repeated visits to golf courses indicate a passion for golf. Similarly, the target’s sexual preferences can be inferred based on the types of clubs they visit.

• Health issues: Location data can reveal long hospital visits, visits to health specialists, psychiatry sessions and other evidence of medical treatment.

• Involvement in events: If the target attended a protest, a party, a political rally or any other event, this would appear in the location data. Aggregated location data can show which fellow attendees were present during these occasions.

• Hidden locations: Aggregated location data can reveal clusters in unusual or unlisted locations and tip off threat actors about the presence of a secret military base or skunkworks project.

• Hidden associations: Aggregated location data can help uncover associations not previously known, perhaps indicating confidential talks with a corporate takeover target or a secret romantic relationship.

In the hands of a malicious actor, such insights can facilitate physical tracking, blackmail, the outing of deeply held secrets and more.

How can Privoro help you protect yourself from phone tracking?

Users can counter location tracking by turning off their device’s location services and related radios when on the move. However, manipulating software settings is inconvenient and easy to forget to do consistently. On top of that, the operating system and any spyware on the device can continue to gather location data. We recommend using Vault – our two-in-one RF shielding and audio masking device – as a convenient and highly assured way to achieve location privacy.