WELCOME TO RIVER DAVES PLACE

Cell Tower Guys and other Techies - Approximate location question

C-2

Well-Known Member
Joined
Sep 26, 2007
Messages
12,197
Reaction score
7,625
I was impressed with responses I read in another post, so I was hoping to get some insight from the experts. Here the story…

A digital document signing service provides the IP addresses of parties signing documents as a method to verify the location of the signing parties.

I argue, what happens when one of the parties signs the document from a cell phone, or an iPad?

Based on what I’ve learned, providing the IP address of a cell phone/pad as a means to verify location is worthless due to the fact cell data (and not voice only) is fed to centralized MSC’s, which can be up to 30-40 miles away from the actual cell tower the cell phone/pad connects to.

The other parties argue IP addresses are handed out by each tower the cell phone connects to, and thus while not perfect, the IP address of a cell used in a document signing transaction is a meaningful way to verify approximate location of the cell phone/iPad (5-7 miles).

What do you guys think? :)

Things I'm NOT interested in, and I'm not asking about - subpoena the cell company, triangulation, or search warrants.
 

C-2

Well-Known Member
Joined
Sep 26, 2007
Messages
12,197
Reaction score
7,625
For example, on my personal phone:

I leave Riverside and up until I hit Pomona, my IP address resolves back to Riverside.
In our office building and not connected to WiFi, my IP address resolves to West Covina
From West Covina I drive down to the road a bit to San Gabriel, and the IP address resolves to Santa Ana

Huh?
 

paradise

Spooner
Joined
Feb 19, 2008
Messages
4,423
Reaction score
4,298
Yeah that seems like a terrible way to validate a location. IP geolocation hasn’t been that accurate for quite some time and with VPNs it is almost laughable to use that as a means of a legal signing location. For example the ipv6 address on my ATT phone resolves to Garden Grove. I’m in El Cajon... :/

Seems to me it would be FAR too easy to trick or manipulate that. Maybe as a secondary backup to GPS but even then...
 

MohavValley

Well-Known Member
Joined
Mar 24, 2016
Messages
415
Reaction score
373
I'm not an expert but I think it might be the closest server location that can handle the data traffic once the over the air data stream has been received by your closest tower?

I get the same thing, email server bans log in attempts from random locations as far as 50 miles away when I'm I'm on the road.
 
  • Like
Reactions: C-2

DILLIGAF

Well-Known Member
Joined
Jan 10, 2008
Messages
17,194
Reaction score
24,221
Tim...Midlife advantage possibly could answer this for you.

He doesnt post here much anymore though.

Try PM him.
 
  • Like
Reactions: C-2

ka0tyk

Warlock Performance Boats Merchandise Connections
Joined
Oct 4, 2010
Messages
9,030
Reaction score
11,389
ip address is a retarded way for location verification. easily spoofed. especially with VPN services and how cheap they are. i can open windscribe on my phone and you'd think i was in russia. not to mention each device isnt getting a unique IP so whats the point?

if you require real ACCURATE verification, wrap your web application into an app and require that GPS location is turned on.
 
  • Like
Reactions: C-2

Racey

Maxwell Smart-Ass
Joined
Sep 18, 2007
Messages
21,341
Reaction score
45,537
Yeah that seems like a terrible way to validate a location. IP geolocation hasn’t been that accurate for quite some time and with VPNs it is almost laughable to use that as a means of a legal signing location. For example the ipv6 address on my ATT phone resolves to Garden Grove. I’m in El Cajon... :/

Seems to me it would be FAR too easy to trick or manipulate that. Maybe as a secondary backup to GPS but even then...

I agree, Geolocation is not accurate or valid enough, in any sense, to be used as some legal foundation for location. The services rely on honor system and imperfect data mining to get a relative location.

I've had my Century Link IP address here in Southern Nevada geolocate to St Louis MO before (no vpn).

@DaveH spent the better part of 25 years as an AT&T cell tech, and RF engineer, he could answer your questions about the backhaul and Geolocation.
 
  • Like
Reactions: C-2

hallett21

Well-Known Member
Joined
Nov 9, 2010
Messages
17,006
Reaction score
20,464
Why would you need a location for an Esig?


Sent from my iPhone using Tapatalk
 
  • Like
Reactions: C-2

DaveH

Well-Known Member
Joined
Sep 9, 2008
Messages
2,544
Reaction score
3,402
OK so here is the deal...…..

pretty much all cell phones have GPS capabilities now. So it is possible to get very accurate location data from a mobile phone. this all started pre-GPS for 911 services where triangulation was used and even that can be very accurate, albeit in high density areas where there are many towers to measure from and not so much in rural areas where towers are sparse. GPS fixed all this.

the problem is, data apps are different then the embedded signaling the service provider uses to locate your phone. while the tinfoil hat people freak out about being "tracked" it is a necessary part of any mobile network. for example, you are in LA...get on a plane...how does the system know where to send your incoming call when you land in Ney York? because your phone is constantly updating your location to a network.

so why cant this level of accuracy work for apps? now we are getting into the back ground IP world where I didnt have much to do with (worked in the radio side of it). But more then likely whats known as an SGSN (subscriber gateway serving node) that is the mobile networks interface between the outside world IP and the mobile IP traffic, is generating your IP.

in dense areas, there are many SGSN's but rural areas may have the gateway a long way from where the traffic is originating. It wasn't necessary for this level of detailed information about subscribers to be sent to all nodes of an IP world, which increases network signaling and demand on a mobile operators network. in other words...the less data the network provider has to haul it saves the operator $$$.

as technology ever increases and people are used to these types of services, what most don't understand is the amount of infrastructure and support required to do so. demand drives what the network operators spend capital on, so that's why something of this nature is not a big deal to the provider.

cell towers absolutely DO NOT assign IP addresses. all a cell tower is nothing more then a radio to "landline" converter....up unitll not that long ago all backhaul from a cell tower was old school T1 based, now its ethernet backhaul. the only thing you can get from a tower is what radio sector the traffic originated from.

I would also bet this is a service a network operator would be very leery of offering for legal reasons. think of the risk involved if people start developing apps that can get your phone location. while there are other ways of getting this data that is being mined and SOLD......for example.....take Facebook, which gets a picture YOU post....they can get the meta data to figure out where you were (that is if your don't freely give them the location when you tag a location) to build a profile on you and sell. lots of fine print and legal maneuvering to make this ever happen.
 
Last edited:
  • Like
Reactions: C-2

C-2

Well-Known Member
Joined
Sep 26, 2007
Messages
12,197
Reaction score
7,625
Hey, thanks for the responses!

A special thanks to DaveH - you provided helpful insights; I was hoping somebody had that type of knowledge.

So, if I understand this correctly, IP addresses are not handed out by individual cell towers. Rather, requests are passed on to the MSC, which assigns IP addresses to each cell device, similar to what NAT does on home networks.. So, the MSC is the gateway, and the IP address seen on the cell phone is actually the gateway/MSC?

Regardless, DaveH says individual cell towers do not hand out IP addresses. So, that in itself would make using an IP address as a means of verifying location...a waste of time.

The company I'm talking about is the largest esign company out there (please do not reference their name, sometimes large companies monitor postings, as evidenced on this website by Suddenfail). They offer signers IP addresses and email as points of "verification/authentication." Unless I'm missing something, I don't see how an IP address is relevant, or reliable.

If I remember correctly, MAC addresses are embedded in every data packet. I would think offering MAC addresses, instead of IP addresses, is a far more reliable method of verification. Or, use some type of browser fingerprinting service, or the GPS data.
 

C-2

Well-Known Member
Joined
Sep 26, 2007
Messages
12,197
Reaction score
7,625
I also ran accross this article earlier this year, and I'm embarrassed to say did not know this was possible...

https://motherboard.vice.com/en_us/...ollars-located-phone-microbilt-zumigo-tmobile

I Gave a Bounty Hunter $300. Then He Located Our Phone
T-Mobile, Sprint, and AT&T are selling access to their customers’ location data, and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country.
  • facebook-square.svg
    SHARE
  • twitter.svg
    TWEET
Nervously, I gave a bounty hunter a phone number. He had offered to geolocate a phone for me, using a shady, overlooked service intended not for the cops, but for private individuals and businesses. Armed with just the number and a few hundred dollars, he said he could find the current location of most phones in the United States.

The bounty hunter sent the number to his own contact, who would track the phone. The contact responded with a screenshot of Google Maps, containing a blue circle indicating the phone’s current location, approximate to a few hundred metres.

Queens, New York. More specifically, the screenshot showed a location in a particular neighborhood—just a couple of blocks from where the target was. The hunter had found the phone (the target gave their consent to Motherboard to be tracked via their T-Mobile phone.)

The bounty hunter did this all without deploying a hacking tool or having any previous knowledge of the phone’s whereabouts. Instead, the tracking tool relies on real-time location data sold to bounty hunters that ultimately originated from the telcos themselves, including T-Mobile, AT&T, and Sprint, a Motherboard investigation has found. These surveillance capabilities are sometimes sold through word-of-mouth networks.

Whereas it’s common knowledge that law enforcement agencies can track phones with a warrant to service providers, IMSI catchers, or until recently via other companies that sell location data such as one called Securus, at least one company, called Microbilt, is selling phone geolocation services with little oversight to a spread of different private industries, ranging from car salesmen and property managers to bail bondsmen and bounty hunters, according to sources familiar with the company’s products and company documents obtained by Motherboard. Compounding that already highly questionable business practice, this spying capability is also being resold to others on the black market who are not licensed by the company to use it, including me, seemingly without Microbilt’s knowledge.

Motherboard’s investigation shows just how exposed mobile networks and the data they generate are, leaving them open to surveillance by ordinary citizens, stalkers, and criminals, and comes as media and policy makers are paying more attention than ever to how location and other sensitive data is collected and sold. The investigation also shows that a wide variety of companies can access cell phone location data, and that the information trickles down from cell phone providers to a wide array of smaller players, who don’t necessarily have the correct safeguards in place to protect that data.

“People are reselling to the wrong people,” the bail industry source who flagged the company to Motherboard said. Motherboard granted the source and others in this story anonymity to talk more candidly about a controversial surveillance capability.

Got a tip? You can contact Joseph Cox securely on Signal on +44 20 8133 5190, OTR chat on [email protected], or email [email protected].

Your mobile phone is constantly communicating with nearby cell phone towers, so your telecom provider knows where to route calls and texts. From this, telecom companies also work out the phone’s approximate location based on its proximity to those towers.

Although many users may be unaware of the practice, telecom companies in the United States sell access to their customers’ location data to other companies, called location aggregators, who then sell it to specific clients and industries. Last year, one location aggregator called LocationSmart faced harsh criticism for selling data that ultimately ended up in the hands of Securus, a company which provided phone tracking to low level enforcement without requiring a warrant. LocationSmart also exposed the very data it was selling through a buggy website panel, meaning anyone could geolocate nearly any phone in the United States at a click of a mouse.

[Subscribe to CYBER on Apple Podcasts or any podcast app.]

There’s a complex supply chain that shares some of American cell phone users’ most sensitive data, with the telcos potentially being unaware of how the data is being used by the eventual end user, or even whose hands it lands in. Financial companies use phone location data to detect fraud; roadside assistance firms use it to locate stuck customers. But AT&T, for example, told Motherboard the use of its customers’ data by bounty hunters goes explicitly against the company’s policies, raising questions about how AT&T allowed the sale for this purpose in the first place.

“The allegation here would violate our contract and Privacy Policy,” an AT&T spokesperson told Motherboard in an email.

In the case of the phone we tracked, six different entities had potential access to the phone’s data. T-Mobile shares location data with an aggregator called Zumigo, which shares information with Microbilt. Microbilt shared that data with a customer using its mobile phone tracking product. The bounty hunter then shared this information with a bail industry source, who shared it with Motherboard.

The CTIA, a telecom industry trade group of which AT&T, Sprint, and T-Mobile are members, has official guidelines for the use of so-called “location-based services” that “rely on two fundamental principles: user notice and consent,” the group wrote in those guidelines. Telecom companies and data aggregators that Motherboard spoke to said that they require their clients to get consent from the people they want to track, but it’s clear that this is not always happening.

1546965711398-microbilt2.jpeg

A flowchart showing how the phone location data trickled down from T-Mobile to Motherboard. Image: Motherboard.
A second source who has tracked the geolocation industry told Motherboard, while talking about the industry generally, “If there is money to be made they will keep selling the data.”

“Those third-level companies sell their services. That is where you see the issues with going to shady folks [and] for shady reasons,” the source added.

Frederike Kaltheuner, data exploitation programme lead at campaign group Privacy International, told Motherboard in a phone call that “it’s part of a bigger problem; the US has a completely unregulated data ecosystem.”

Microbilt buys access to location data from an aggregator called Zumigo and then sells it to a dizzying number of sectors, including landlords to scope out potential renters; motor vehicle salesmen, and others who are conducting credit checks. Armed with just a phone number, Microbilt’s “Mobile Device Verify” product can return a target’s full name and address, geolocate a phone in an individual instance, or operate as a continuous tracking service.

“You can set up monitoring with control over the weeks, days and even hours that location on a device is checked as well as the start and end dates of monitoring,” a company brochure Motherboard found online reads.

Posing as a potential customer, Motherboard explicitly asked a Microbilt customer support staffer whether the company offered phone geolocation for bail bondsmen. Shortly after, another staffer emailed with a price list—locating a phone can cost as little as $4.95 each if searching for a low number of devices. That price gets even cheaper as the customer buys the capability to track more phones. Getting real-time updates on a phone’s location can cost around $12.95.

“Dirt cheap when you think about the data you can get,” the source familiar with the industry added.

1546963678950-microbilt_pricelist.png

A section of the price list Motherboard obtained. Image: Motherboard.
It’s bad enough that access to highly sensitive phone geolocation data is already being sold to a wide range of industries and businesses. But there is also an underground market that Motherboard used to geolocate a phone—one where Microbilt customers resell their access at a profit, and with minimal oversight.

“Blade Runner, the iconic sci-fi movie, is set in 2019. And here we are: there's an unregulated black market where bounty-hunters can buy information about where we are, in real time, over time, and come after us. You don't need to be a replicant to be scared of the consequences,” Thomas Rid, professor of strategic studies at Johns Hopkins University, told Motherboard in an online chat.

The bail industry source said his middleman used Microbilt to find the phone. This middleman charged $300, a sizeable markup on the usual Microbilt price. The Google Maps screenshot provided to Motherboard of the target phone’s location also included its approximate longitude and latitude coordinates, and a range of how accurate the phone geolocation is: 0.3 miles, or just under 500 metres. It may not necessarily be enough to geolocate someone to a specific building in a populated area, but it can certainly pinpoint a particular borough, city, or neighborhood.

In other cases of phone geolocation it is typically done with the consent of the target, perhaps by sending a text message the user has to deliberately reply to, signalling they accept their location being tracked. This may be done in the earlier roadside assistance example or when a company monitors its fleet of trucks. But when Motherboard tested the geolocation service, the target phone received no warning it was being tracked.

The bail source who originally alerted Microbilt to Motherboard said that bounty hunters have used phone geolocation services for non-work purposes, such as tracking their girlfriends. Motherboard was unable to identify a specific instance of this happening, but domestic stalkers have repeatedly used technology, such as mobile phone malware, to track spouses.

As Motherboard was reporting this story, Microbilt removed documents related to its mobile phone location product from its website.

A Microbilt spokesperson told Motherboard in a statement that the company requires anyone using its mobile device verification services for fraud prevention must first obtain consent of the consumer. Microbilt also confirmed it found an instance of abuse on its platform—our phone ping.

“The request came through a licensed state agency that writes in approximately $100 million in bonds per year and passed all up front credentialing under the pretense that location was being verified to mitigate financial exposure related to a bond loan being considered for the submitted consumer,” Microbilt said in an emailed statement. In this case, “licensed state agency” is referring to a private bail bond company, Motherboard confirmed.

“As a result, MicroBilt was unaware that its terms of use were being violated by the rogue individual that submitted the request under false pretenses, does not approve of such use cases, and has a clear policy that such violations will result in loss of access to all MicroBilt services and termination of the requesting party’s end-user agreement,” Microbilt added. “Upon investigating the alleged abuse and learning of the violation of our contract, we terminated the customer’s access to our products and they will not be eligible for reinstatement based on this violation.”

Zumigo confirmed it was the company that provided the phone location to Microbilt and defended its practices. In a statement, Zumigo did not seem to take issue with the practice of providing data that ultimately ended up with licensed bounty hunters, but wrote, “illegal access to data is an unfortunate occurrence across virtually every industry that deals in consumer or employee data, and it is impossible to detect a fraudster, or rogue customer, who requests location data of his or her own mobile devices when the required consent is provided. However, Zumigo takes steps to protect privacy by providing a measure of distance (approx. 0.5-1.0 mile) from an actual address.” Zumigo told Motherboard it has cut Microbilt’s data access.

"People are reselling to the wrong people."

In Motherboard’s case, the successfully geolocated phone was on T-Mobile.

“We take the privacy and security of our customers’ information very seriously and will not tolerate any misuse of our customers’ data,” A T-Mobile spokesperson told Motherboard in an emailed statement. “While T-Mobile does not have a direct relationship with Microbilt, our vendor Zumigo was working with them and has confirmed with us that they have already shut down all transmission of T-Mobile data. T-Mobile has also blocked access to device location data for any request submitted by Zumigo on behalf of Microbilt as an additional precaution.”

Microbilt’s product documentation suggests the phone location service works on all mobile networks, however the middleman was unable or unwilling to conduct a search for a Verizon device. Verizon did not respond to a request for comment.

AT&T told Motherboard it has cut access to Microbilt as the company investigates.

“We only permit the sharing of location when a customer gives permission for cases like fraud prevention or emergency roadside assistance, or when required by law,” the AT&T spokesperson said.

Sprint told Motherboard in a statement that “protecting our customers’ privacy and security is a top priority, and we are transparent about that in our Privacy Policy [...] Sprint does not have a direct relationship with MicroBilt. If we determine that any of our customers do and have violated the terms of our contract, we will take appropriate action based on those findings.” Sprint would not clarify the contours of its relationship with Microbilt.

These statements sound very familiar. When The New York Times and Senator Ron Wyden published details of Securus last year, the firm that was offering geolocation to low level law enforcement without a warrant, the telcos said they were taking extra measures to make sure their customers’ data would not be abused again. Verizon announced it was going to limit data access to companies not using it for legitimate purposes. T-Mobile, Sprint, and AT&T followed suit shortly after with similar promises.

After Wyden’s pressure, T-Mobile’s CEO John Legere tweeted in June last year “I’ve personally evaluated this issue & have pledged that @tmobile will not sell customer location data to shady middlemen.”

"It appears these promises were little more than worthless spam in their customers’ inboxes."

Months after the telcos said they were going to combat this problem, in the face of an arguably even worse case of abuse and data trading, they are saying much the same thing. Last year, Motherboard reported on a company that previously offered phone geolocation to bounty hunters; here Microbilt is operating even after a wave of outrage from policy makers. In its statement to Motherboard on Monday, T-Mobile said it has nearly finished the process of terminating its agreements with location aggregators.

“It would be bad if this was the first time we learned about it. It’s not. Every major wireless carrier pledged to end this kind of data sharing after I exposed this practice last year. Now it appears these promises were little more than worthless spam in their customers’ inboxes,” Wyden told Motherboard in a statement. Wyden is proposing legislation to safeguard personal data.

Due to the ongoing government shutdown, the Federal Communications Commission (FCC) was unable to provide a statement.

“Wireless carriers’ continued sale of location data is a nightmare for national security and the personal safety of anyone with a phone,” Wyden added. “When stalkers, spies, and predators know when a woman is alone, or when a home is empty, or where a White House official stops after work, the possibilities for abuse are endless.”
 

DaveH

Well-Known Member
Joined
Sep 9, 2008
Messages
2,544
Reaction score
3,402
Hey, thanks for the responses!

A special thanks to DaveH - you provided helpful insights; I was hoping somebody had that type of knowledge.

So, if I understand this correctly, IP addresses are not handed out by individual cell towers. Rather, requests are passed on to the MSC, which assigns IP addresses to each cell device, similar to what NAT does on home networks.. So, the MSC is the gateway, and the IP address seen on the cell phone is actually the gateway/MSC?

Regardless, DaveH says individual cell towers do not hand out IP addresses. So, that in itself would make using an IP address as a means of verifying location...a waste of time.

The company I'm talking about is the largest esign company out there (please do not reference their name, sometimes large companies monitor postings, as evidenced on this website by Suddenfail). They offer signers IP addresses and email as points of "verification/authentication." Unless I'm missing something, I don't see how an IP address is relevant, or reliable.

If I remember correctly, MAC addresses are embedded in every data packet. I would think offering MAC addresses, instead of IP addresses, is a far more reliable method of verification. Or, use some type of browser fingerprinting service, or the GPS data.


seems to me the simple way around all this is for the company wanting these signed docs.....they need to develop THEIR OWN APP.

that way when anyone want to use their service, they install the app on their device and you can make location sharing a condition of use.

end of story, solid location, no legal hassles.
 
Top