According to section 3.6 of the report they were able to get smartphones to send location information to the network without any authentication of the network. As HAR network was not offering 112 (it was sending information that it does not support emergency calls) it looks like the ability to get location information is not limited to emergency calls.
GSM triangulation alone is very accurate, no need for GPS for emergencies, especially given the fact that if you report an emergency using your cell phone, then you can always be located. With GPS you don't have that comfort, as you can be e.g. in a tunnel, not to mention time to get a GPS fix (triangulation is instant).
If it's so accurate, why do we bother with GPS on the phone at all?
When I've used Google's map applet on 3G phones (not N900) without GPS, it's only accurate to 1km or so, sometimes a few hundred metres, sometimes a few km. That's not accurate enough for emergency service. Does Google's mobile service not use GSM triangulation?
no, they don't. They mustn't. And that's fine the way it is. I'd feel rather unhappy about every random greedy company being able to locate my phone (phone != UMTS datastick btw. You're *calling* google?) no matter if I agree or not.
When I've used Google's map applet on 3G phones (not N900) without GPS, it's only accurate to 1km or so, sometimes a few hundred metres, sometimes a few km.
This is the same experience I've had using network location with Maemo Mapper.
That report is quite alarming, but not surprising. Maybe the N900 could be the first phone to close this security hole?
The posting by tomaszrybak is most useful. The question becomes, if GPS is 'disabled' via the N900 menu, will the phone still be able to provide its GPS coordinates by responding to a RRLP (Radio Resource LCS (Location) Protocol) request?
According to section 3.6 of the report they were able to get smartphones to send location information to the network without any authentication of the network. As HAR network was not offering 112 (it was sending information that it does not support emergency calls) it looks like the ability to get location information is not limited to emergency calls.
If it's so accurate, why do we bother with GPS on the phone at all?
When I've used Google's map applet on 3G phones (not N900) without GPS, it's only accurate to 1km or so, sometimes a few hundred metres, sometimes a few km. That's not accurate enough for emergency service. Does Google's mobile service not use GSM triangulation?
All of these use the id of the cell you're connected to, they may also make some educated guesses based on other visible cells and their signal levels (if they have such low-level access to the radio, which is unlikely).
This has nothing to do with triangulation which is done from the network side basically by asking the handset to tell the time difference (== signal travel time == distance) for a number of basestations and then calculating the position based on the positions of the basestations (known very accurately to the operator) and the distance of the phone from them. With three basestations the handset can be located to the accuracy of the clocks, with two it can probably be located quite accurately as well but I'm ill so I can't do the math now.
If basestations include a direction vector the triangualation with two of them would be accurate enough. But I think they're only using signal strength to project a circle around them and calculate the crossing areas as your possible locations.
This area will be bigger with only two BS (not necessary, but likely).
However, this whole thing seems strange to me, as you may be in a parking lot, with bad network connection at all, and the BS triangulation will yield to false values?
The posting by tomaszrybak is most useful. The question becomes, if GPS is 'disabled' via the N900 menu, will the phone still be able to provide its GPS coordinates by responding to a RRLP (Radio Resource LCS (Location) Protocol) request?
From N900 schematics (leaked to Internet) I see GPS chip connected directly to CMT (GSM) chip. So, it is possible because GPS requests are carried by some air GSM messages and GSM chip may handle it around software.
But an access security - is it implemented or not - is another story.
BTW, triangulation method is done inside provider infrastructure and has nothing with phone HW and SW.
This area will be bigger with only two BS (not necessary, but likely).
However, this whole thing seems strange to me, as you may be in a parking lot, with bad network connection at all, and the BS triangulation will yield to false values?
They will definitely have approximate direction (the antennas are organized in such way that channels should not overlap between towers), but it's not the signal strength used for triangulation but clock delta (==signal travel time == distance).
Probably with a bit of planning it's possible that the antennas are organized in such way that for most cases there is only one possible location that is in correct approx direction and exact distances from both towers.
Again, this is basically only available to the network operators (and other parties that have the ability to inject arbitary requests into the network [think law-enforcement tap points]).
