Home   >   Featured   >   GSM localizer without GPS – Part 1
Introduction

GSM localizer without GPS – Part 1
Introduction

By on December 20, 2010
Pin It

Download the article

 

 

 

 

Do you still think you need GPS to know where a person or vehicle is? Well, here is some news for you: by using cellular network data and properly querying Google, even a simple GSM module is able to determine one’s position, with a fairly acceptable error margin.

GSM LOCALIZER BOARD

Although so far all localization systems have been based on GPS technology, it is now conceivable to be able to fairly precisely locate a vehicle or person carrying a GSM cellular device without having to resort to a satellite dish. Is this a miracle? Of course, not! It is simply an ingenious marriage between the information provided by the radio mobile phone network and the cell coordinate data drawn from Internet portals such as Google Maps.  To be sure, GPS is not entirely dispensed with, but this new system allows for localization without directly utilizing GPS technology; simply put, we are able to locate the desired object fairly precisely by using database availability together with the geographic position of the cells themselves. Officially, cell coordinates are not publicly known; in fact, they are carefully guarded by those companies that use them for the services they provide. If so, where do we find such data? Who can give them to us, and how? The answer is very simple. There are numerous Internet portals that have stored the information we need using those very services they provide to their users. For instance, through Google Maps Mobile, Google has been able to store billions of data regarding the location of its clients’ cell phones; such data are provided by the phones themselves: once a smartphone connects to the Google service, it sends out both the cell identifier with which it is associated and the geographic location obtained from its own GPS. However, some sites embrace an open-source  philosophy and utilize information willfully sent by their users in order to create databases such as the one mentioned above. These systems allow them to receive automatically and update the coordinates of the various cells that play a fundamental role in GSM localization. It is important to point out that, unlike in Italy, in some countries, phone companies make those cell coordinates available, which greatly facilitates the entire localization process. Though this is but one hypothesis among others, it may very well be that Google has relied on its Maps Mobile service to obtain the data it needed. Some, on the other hand, claim that the vehicles employed to shoot films to be used for Street View were equipped with cell phones so that the position of cells with respect to the coordinates provided by GPS devices could be detected and recorded. Thus, whenever the phone switched cells, a computer would record their coordinates, which in turn would feed the database. This latter hypothesis may in part be true; however, it is more likely that Google built its archive using its Maps Mobile service. If this is correct, in exchange for a free service, Google used its own clients to obtain information that would have otherwise taken time (simply to go around and record the position of cells) and money to pay for staff and moving expenses or to buy data from phone companies, providing they were willing to sell them. Naturally, there is nothing wrong with this strategy: a similar strategy is used by big supermarkets, which give their most loyal clients discounts in exchange for a membership card through which they are able to determine how much everyone spends and to get precious information that allows them to optimize sales according to geographic area and time of year. A favor in exchange for a favor… But how does GSM localization work? The radio mobile network is made up of a number of adjacent radio cells, each of which is characterized by an identifier consisting of four data: a progressive number (Cell ID), a code related to the area in which that given cell is (LAC, or Local Area Code), the code of national network to which the cell belongs (MCC, an acronym for  Mobile Country Code), and finally the company code (MNC, or Mobile Network Code), which obviously identifies the phone company itself. For this reason, once a cell name and coordinates are known, and considering the maximum distance allowed between this cell and a phone  before the phone connects to a new cell, it is possible to find out, approximately, the most distant position of the phone itself. For example, if the maximum distance has been determined to be one mile, the cell phone can be within a one-mile radius. It can be deduced that the more cells are found in a given area, the more precisely one can determine where the phone is located (up to 200-350 feet). The idea of employing only a GSM device to build a remote localization system occurred to us when we realized that Google Maps Mobile, which had been conceived to allow smartphones equipped with a GPS receiver to use Google for satellite navigation, was extended to all cell phones, as long as they were able to support GPRS or UMTS data.   That realization made a light bulb go on, and not only in our heads. Indeed, many people started wondering how on earth Google was able to tell someone whose phone was devoid of a GPS receiver where he or she was at that particular time. Given that the technique in question has inflexible rules, we thought of the only possible solution, which is totally understandable considering that, in the GSM radio mobile phone system, the radio connection allowing for phone calls and access to data and Internet services is maintained by a network of radio bridges, that is, the cells mentioned above.  When a cell phone is on, it connects to the cell that allows for the best possible connection, but also detects signals from neighboring  cells so that the phone can switch to a new one when the cell being used starts performing poorly due, for example, to the fact that the user is moving. The communication message between a cell phone and a cell contains the cell’s identifier, sent out by the cell itself; every identifier is unique. This entails that every cell phone, when connected to the network of a given network, has specific information about the cell it is relying on. We, therefore, concluded that Google Maps Mobile is able to track the position of a cell phone by simply associating the name of a given cell with the data regarding its position; in other words, a cell phone transmits the data of the cell it is connected to via the GPRS network, and the Google Maps Mobile Server associates such data to the position of the cell itself. While working out the details of our project, we were still testing the ground, given that Google not only is disinclined from publishing its data on the web, but also refrains from explaining how to use them. So, what we did was connect a USB-interfaced GPRS cell phone (on which we had uploaded Google Maps Mobile) to a computer which, in turn, was connected to the web via LAN. Using programs such as Microsoft Network Monitor, we sniffed the communication between the cell phone and the Google server and realized that our hypothesis was indeed correct: Google knows the position (or coordinates) of the cells of the radio mobile system and can even state where a cell is if provided with that cell’s ID. Once the position of a cell is known, and considering that the coverage radius for each cell is also known, it is easy to find the circular zone, whose radius equals the coverage radius, where the cell phone requesting location tracking is located. Naturally, this method allows but for a rough estimate: determining the precise position of the cell phone hinges on data regarding the coverage of a given cell which can only be provided by the Google server.

b) Device verifies the cell linked and sends a request via GPRS to Google
OpenStore

About Staff

19 Comments

  1. Pingback: [Thursday] GSM tracking without GPS - Hack a Day

  2. Pingback: GSM tracking without GPS | Boomeroo Web Resources

  3. Pingback: GSM tracking without GPS | House of Mods

  4. Pingback: GSM tracking without GPS « Black Hat Security

  5. Pingback: GSM tracking without GPS | No Chance With B

  6. Pingback: Electronics-Lab.com Blog » Blog Archive » Position location with GSM cellular

  7. Pingback: styczen

Leave a Reply

Your email address will not be published. Required fields are marked *