There seem to be several methods employed for use in a location tracking campaign by various entities. Some entities might not be able to get the approval for the real-time data, and others might have much better relationships and tools. I have found this EFF article(linked, try section 3.4 for your question)[0] to be helpful in understanding the possibilities.
It appears to be possible to do quite a bit of location tracking/location verification without any help at all from the telcos. The calls they are referring to seems to mean calling a phone and hanging up quickly. This causes the cell network to issue a high priority RRC paging request (someone is calling you!) which causes your handset to wake up and begin broadcasting to the cell network.
This enables passive eavesdropping and coarse location detection via monitoring the RF lansdcape for TSMI/IMSI collection and correlation. It is then possible to narrow down a large area to the specific cell, ~2km area, from there you can use another beacon or maybe regular direction finding and trilateration to pinpoint a signal. This sounds like an operation which requires 3-5 operators, but I don't know about the procedures.
Some cell network packets contain GPS location and other subscriber data, which could be intercepted and analyzed by this advanced threat.
With the aid of a Cell Site Simulator/Stingray, it seems to be possible to use this method to sense the handset and then use the CSS to hijack a handset's tower association turning coarse location data into a normal MITM. There are many other location sensing techniques such as a GSM Tripwire device or packet analysis.
Interesting stuff. The cell phones are rather evil.
a bit, but the calls are simply meant to generate a high priority gsm packet (normal cell tower behavior) which will cause the handset to emit data in response to the cell network, allowing location fixing to move forward.
It doesn't have to be a no-ring call, it can be anybody at all with a legit call, text message, etc. Its favorable for the operator to do so in a way that will not alert the user, hence the no-ring call stuff.
In my experience some handsets will report fast hang-ups as a missed call, and others won't.
You can probably enable airplane mode/rfkill to shut down this threat from the less spooky nerds who would use it. No GSM radio = no GSM packets.
It appears to be possible to do quite a bit of location tracking/location verification without any help at all from the telcos. The calls they are referring to seems to mean calling a phone and hanging up quickly. This causes the cell network to issue a high priority RRC paging request (someone is calling you!) which causes your handset to wake up and begin broadcasting to the cell network.
This enables passive eavesdropping and coarse location detection via monitoring the RF lansdcape for TSMI/IMSI collection and correlation. It is then possible to narrow down a large area to the specific cell, ~2km area, from there you can use another beacon or maybe regular direction finding and trilateration to pinpoint a signal. This sounds like an operation which requires 3-5 operators, but I don't know about the procedures.
Some cell network packets contain GPS location and other subscriber data, which could be intercepted and analyzed by this advanced threat.
With the aid of a Cell Site Simulator/Stingray, it seems to be possible to use this method to sense the handset and then use the CSS to hijack a handset's tower association turning coarse location data into a normal MITM. There are many other location sensing techniques such as a GSM Tripwire device or packet analysis.
Interesting stuff. The cell phones are rather evil.
[0] - https://www.eff.org/ro/wp/gotta-catch-em-all-understanding-h...