From Ars Technica:
The attack works by exploiting features in GSM, or Global System for Mobile Communications, cellular networks that transmit data sent between base stations and phones in clear text. By simply calling the target’s mobile number and monitoring the network’s radio signals as it locates the phone, the attacker can quickly confirm if the person is located in what’s known as the LAC, or Location Area Code. Attackers can use the same technique to determine if the target is within close proximity to a given base station within the LAC.
This is helpful for figuring out where, in a specific geographic area, a person is or (in case you’re interested) where they aren’t. This latter use – clarifying that a person isn’t in a specific LAC – is particularly useful if you are launching some action that is made easier by a person’s non-presence. (Hint: Think burglary).
This new GSM attack builds on other research around monitoring a person’s location by exploiting mobile phones. For a good overview of the information used in similar kinds of surveillance, see Claudio A. Ardagna et als. chapter in Digital Privacy: Theory, Technologies, and Practices.
Excited Pixels 