Gaining Control on Advanced Mobile Location

Advanced Mobile Location (AML) is an ETSI standard for sending the user’s precise location during emergency call over mobile network. In this talk, we analyze the implementation of AML on Android and iOS and list out possible attack vectors and mitigations.

Advanced Mobile Location (AML) is an ETSI standard for sending the user’s precise location during emergency call over mobile network. When an emergency call had been placed, smartphones with AML integrated sends the current precise location to the emergency call dispatch center via either SMS or HTTP(S). Unlike traditional cell ID based location tracking, AML collects precise location information on smartphone side from various sources such as Wi-Fi, GPS, and others. The nature of AML collecting the precise location information, and the potentially insecure transport layer such as SMS can make AML a good candidate to be exploited. We start from analyzing the implementation of AML on Android and iOS, and how different network operators from different regions handle the AML request during the emergency calls. From the analysis of implementation, we found that hijacking AML messages will be possible by combination of traditional attacks. However, being an emergency assistance technology, we also need to discuss what is required for both security and fast handling of emergency situations.