Shocking.
Okay ... not really. That technology is quite old now and never really was all that secure to begin with.
Researchers have demonstrated structural cracks in GSM mobile networks that make it easy to find the number of most US-based cellphone users and to track virtually any GSM-enabled handset across the globe. The hack builds off research by Tobias Engel who in late 2008 showed how to track the whereabouts of cellphones by tapping …
A bit hyped there? What the researchers actually did was acted as a cellular network. Now what surprises me is "He was able to access the database using commercial services offered by companies in Europe." So there are commercial services which allowed an individual to directly talk to Telecom Core networks. That surprises me.
That you can then gain data by effective war dialing " They then called the account over and over using huge blocks of spoofed numbers" is trivial.
A final note: the location provided by the telecom network is a "location area" which is much larger than individual cell sites. But yes, it certainly does tell you if someone is internationally roaming.
So, someone inside or acting as a cellular network, can tell the location of an individual subscriber, and by abusing the network (war dialing) they can likely workout similar information for people on other networks. This is like being surprised that people in the tax office can look up Brad Pitt's tax return.
Having pontificated on all that, good article apart from the hype.
So surely the key (as with all such systems) is to ensure that such service critical platforms are not exposed to the world at large. However I'm still not clear how the researchers are able to derive the name of the cellphone user. You'd need to get to the billing/CMS system before you get that level of detail.
Firstly, the level of access to databases (especially the HLR) and network infrastructure here seems a bit beyond the average hacker. It would surely require an insider and not to mention it all sounds highly illegal so the "threat" of companies, private investigators and the like popping up that can harvest the information seems unlikely. Governments already have access to the information anyway, so there's nothing new. The rest of the threat is from a handful of hackers who have the resources and they're just going to go after big names. The average mobile user is hardly under threat here.
Secondly, I don't see how the caller ID database or HLR reveals any names. Or at least it's easy to not reveal anything. Just pop into a shop and get a PAYG sim. You don't need to give full details, or you can just lie (but besides details are usually on a mail in card that won't be registered for weeks), pop in the sim and have it registered by the automated system (usually doesn't ask for details), and off you go. Best caller ID will do is reveal the number associated with the SIM.
Maybe this only works in the US where reverse lookup of numbers is fairly easy from what I understand.
The real threat they revealed, which is far easier to attack is the well known one to spoof a caller ID and use that to access voice mail without authentication and thus harvest voice mails. Simple to protect against if operators just enforce the authentication regardless of whether you call the mailbox from your own phone or not (or maybe this is an option already with some).