Does the exploit only allow the location of a user to an area in which the attackers are sampling traffic? I mean, can they only see if a certain phone is "here" or "not here"? Or does all the location data for all users travel the whole tower network at all times? That doesn't sound very viable, but I guess it could be.
If it is true that the method can only tell "here" or "not here" (as opposed to "over there"), it could still be used by, say, agents of some kind, who wish to enter a restricted area while the owner is away; all they'd need is to track when the owner's phone begins to be "here", which would give them time to vacate the premises (especially if the LA is quite large).
On the other hand, since I like Phased Arrays so much, I bet it's possible to combine data collected over time to pinpoint a user further... if the attackers are capable of tracking the target as it transits through several LAs (and with a rig costing only a couple of hundred dollars, that's not impossible), there are definite methods of narrowing things down:
Even without using advanced mathematics to peek through the fog-of-war (and I'd be very surprised if this was not possible), a dedicated tracker has good old-fashioned methods of doing this:
1) Speed of transitions can be noted (when does a tower stop sending for that number, when does a tower begin to send for that number, etc.
2) From this can be estimated the traveling speed of the target to some precision, which means that the mode of transport can be estimated. Precision doesn't even have to be better than +/- 10 km/h - that's enough to tell whether the person is likely walking, driving or bicycling...
3) A rough trajectory can be combined with map data to find the most likely routes of travel, and with tracking over time, the route can be narrowed down eventually (excepting perhaps in built-up areas with streets in a close-knit rectangular grid).
So, if the idea is to be able to know when and where to go to pick up a target, this method would definitely work. At the very least, I would recommend that armored transport crews should give up their cell phones while on the job (but maybe they already have).
Keep Up with TechRepublic