Cell Phone Manufacturers Offer Carefully Worded Denials To Question Of Whether NSA Can Track Powered-Down Cell Phones

from the it's-not-so-much-what's-being-said,-it's-how-it's-being-said dept

Wed, Nov 13th 2013 5:29am — Tim Cushing

Back in July, a small but disturbing detail on the government's cell phone tracking abilities was buried inside a larger story detailing the explosive expansion of the NSA post-9/11. Ryan Gallagher at Slate pulled this small paragraph out and highlighted it.

By September 2004, the NSA had developed a technique that was dubbed “The Find” by special operations officers. The technique, the Post reports, was used in Iraq and “enabled the agency to find cellphones even when they were turned off.” This helped identify “thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq,” according to members of the special operations unit interviewed by the Post.

Ars Technica reports that some security researchers are calling this statement into question and have contacted cell phone providers for statements on the NSA's claim. Only a few have responded at this point, and their denials have been worded very specifically.

Google had this to say:

When a mobile device running the Android Operating System is powered off, there is no part of the Operating System that remains on or emits a signal. Google has no way to turn on a device remotely.

Google may not have a way, but that doesn't mean the NSA doesn't.

Nokia:

Our devices are designed so that when they are switched off, the radio transceivers within the devices should be powered off. We are not aware of any way they could be re-activated until the user switches the device on again. We believe that this means that the device could not be tracked in the manner suggested in the article you referenced.

Once again, we're looking at words like "should" and "not aware." This doesn't necessarily suggest Nokia does know of methods government agencies could use to track phones that are off, but it doesn't entirely rule it out either.

Samsung's response is more interesting. While declaring that all components should be turned off when the phone is powered down, it does acknowledge that malware could trick cell phone users into believing their phone is powered down when it isn't. Ericsson, which is no longer in the business of producing cell phones (and presumably has less to lose by being forthright), was even more expansive on the subject.

The only electronics normally remaining in operation are the crystal that keeps track of time and some functionality sensing on-button and charger connection. The modem (the cellular communication part) cannot turn on by itself. It is not powered in off-state. Power and clock distribution to the modem is controlled by the application processor in the mobile phone. The application processor only turns on if the user pushes the on-switch. There could, however, be potential risks that once the phone runs there could be means to construct malicious applications that can exploit the phone.

On the plus side, the responding manufacturers seem to be interested in ensuring a powered down phone is actually powered down, rather than just put into a "standby" or "hibernation" mode that could potentially lead to exploitation. But the implicit statement these carefully worded denials make is that anything's possible. Not being directly "aware" of something isn't the same thing as a denial.

Even if the odds seem very low that the NSA can track a powered down cell phone, the last few months of leaks have shown the agency has some very surprising capabilities -- some of which even stunned engineers working for the companies it surreptitiously slurped data from.

Not only that, but there's historical evidence via court cases that shows the FBI has used others' phones as eavesdropping devices by remotely activating them and using the mic to record conversations. As was noted by c|net back in 2006, whatever the FBI utilized apparently worked even when phones were shut off.

The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.

Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years.

Short of pulling out the battery (notably not an option in some phones), there seems to be little anyone can do to prevent the device from being tracked and/or used as a listening device. The responding companies listed above have somewhat hedged their answers to the researcher's questions, most likely not out of any deference to government intelligence agencies, but rather to prevent looking ignorant later if (or when) subsequent leaks make these tactics public knowledge.

Any powered up cell phone performs a lot of legwork for intelligence agencies, supplying a steady stream of location and communications data. If nothing else, the leaks have proven the NSA (and to a slightly lesser extent, the FBI) has an unquenchable thirst for data. If such exploits exist (and they seem to), it would be ridiculous to believe they aren't being used to their fullest extent.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: mobile phones, privacy, surveillance, tracking
Companies: ericsson, google, nokia, samsung

85 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

rw (profile), 13 Nov 2013 @ 5:32am

Apple?
Where's Apple's Iphone?
[ link to this | view in chronology ]
Larry Vrooman (profile), 13 Nov 2013 @ 5:51am

Cell phone ID / tracking
All that is needed, is a VERY small RFID chip to the phone.
No power, no battery is necessary.
[ link to this | view in chronology ]
- John Fenderson (profile), 13 Nov 2013 @ 6:57am
  
  Re: Cell phone ID / tracking
  Not exactly true. Passive RFID (the kind that needs no power) is powered by a radio signal from the reader. Either the reader has to be physically close, or the antenna has to be very large and powerful.
  [ link to this | view in chronology ]
  - Larry Vrooman (profile), 13 Nov 2013 @ 8:54am
    
    Re: Re: Cell phone ID / tracking
    Here is a link to a long range reader;
    http://www.iautomate.com/products/wavetrend-l-rx202-long-range-rfid-reader.html
    
    450 feet, plenty of range to read / track roads, highways,
    shopping malls, public venues, etc.
    [ link to this | view in chronology ]
    - Mr. Applegate, 13 Nov 2013 @ 10:04am
      
      Re: Re: Re: Cell phone ID / tracking
      The link you provided is capable of reading Active RFID tags, not PASSIVE RFID tags, which was what John Fenderson was pointing out. From the manufacturer's Information Sheet.
      http://www.wavetrend.net/downloads/information-sheets/readers/RX202.pdf
      
      The RX202 reader detects and decodes RFID (radio frequency identification) signals from Wavetrend�s range of active RFID tags.
      You must provide a fair amount of RF energy to provide enough power for a passive RFID tag to respond. Here is some interesting information:
      Generally speaking RFID tag maximum read distances are as follows:
      
      125 kHz. and 134.3 kHz. Low Frequency (LF) Passive RFID Tags -read distance of 30 cm (1 foot) or less - usually 10 cm (4 inches) unless you are using a very large tag which can have a read distance of up to 2 meters when attached to metal. SkyRFID can provide several different LF 134.2 tags which produce read distances of 1 - 2 meters in industrial environments. We also have special readers that allow for a 1 - 2 meter read distance using standard size tags. There are no limits with SkyRFID!
      
      13.56 MHz. High Frequency (HF) Passive RFID Tags - maximum read distance of 1.5 meters (4 foot 11 inches) - usually under 1 meter (3 feet) and you can use a single or multi port reader plus custom antennas to extend the read range to longer tag read distances or a wider RFID read zone. To obtain more than 1 meter you need a reader with more than 1 watt RFID output power. SkyRFID can supply 13.56 readers with RF power outputs up to 10 watts for multiple antenna connections and over 1 meter tag read distances.
      
      860 ~ 960 MHz. Ultra High Frequency (UHF) Passive RFID Tags - minimum read distance of over 1 meter or 3 feet. Gen2 tags can have a read range of up to 12 meters or 37 feet, however new generation of IC's plus antenna designs are now pushing this distance to over 15 meters! Gen 2 tags can be either 860 MHz. or 902 MHz. frequencies. Gen2 EPCglobal are multifrequency 860 ~ 960 MHz. Gen 2 Semi-active battery assisted tags are semi-passive (semi-active) tags have a read range of up to 50 meters or about 162 feet. Gen 2 Semi-active tags are just emerging on the market. We have both readers and tags available for those companies that need to be on the leading edge or simply need the range of the Gen 2 Semi-active technology. SkyRFID Windshield tags out latest version read at over 12 meters (40 feet) when attached to the inside of a windhsield and using our OEM hand held reader. You can get far longer read distances using our Sky fixed readers using Gen 2 US frequency 902~ 928 MHz.
      
      860 ~ 960 MHz. 3rd and 4th Generation IC/Silicon - The new generation 3 and 4 (Monza4, Higgs3 and NXP G2XM) silicon (Integrated Circuit) is now available in numerous inlay designs. This new silicon (IC) provides up to 40% more sensitivity while reducing RF interference. This means that a tag using this new generation of silicon can have a read range of over 16 meters or 50 feet under FCC regulations of 4 watts EIRP. For your local power regulations see RFID Frequencies and Transmission Power. SkyRFID is now offering many H3, Monza4 and NXP G2XM tags and has tested these tags at read distances of over 16 meters or 53 feet using 30 dBi power and a single antenna!
      RTLS - Real Time Location Systems - Usually LF and SHF - now you can have a UHF RTLS that is extremely accurate and can easily control 250,000 sq feet on a single switch. Use the Contact Us for more information.
      
      433 MHz Ultra High Frequency Active RFID Tags - up to 500 meter read range (1,500 feet) SkyRFID carries a complete line of 433 MHz readers and tags that can be used for many industrial,healthcare, mining, and other tracking and locating applications.
      
      2.45 GHz. Super High Frequency Active RFID Tags - up to 100 meter read range (325 feet) There are several different modulations for 2.45 GHz. and you can also have real time location information from these active tags.
      
      Source: http://www.skyrfid.com/RFID_Tag_Read_Ranges.php
      
      The latest technology Passive RFID Tags can be read at about 50 Feet max.
      [ link to this | view in chronology ]
      - Larry Vrooman (profile), 13 Nov 2013 @ 11:13am
        
        Re: Re: Re: Re: Cell phone ID / tracking
        I stand correct, thanks.
        
        However, these are known / public performance parameters.
        The government / NSA would probably have better performance with their SECRET hardware.
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 13 Nov 2013 @ 11:57am
        
        Re: Re: Re: Re: Re: Cell phone ID / tracking
        They don't have access to magic, though. There are fundamental laws of physics involved here.
        [ link to this | view in chronology ]
        
        Mr. Applegate, 13 Nov 2013 @ 12:13pm
        
        Re: Re: Re: Re: Re: Cell phone ID / tracking
        That is very true. If you ignore FCC Regulations about directed RF at given frequency ranges you can get better response distances. The problem there is you normally cause interference with other types of communications in the process. Also the antennas on most passive tags are pretty poor for transmitting.
        
        I think I see my next electronics project on the way. May have to do a little "WarDriving" but rather than looking for WIFI, maybe I will look for RFID Readers. I doubt I find much around me, but hey, you never know.
        [ link to this | view in chronology ]
        
        Larry Vrooman (profile), 13 Nov 2013 @ 12:21pm
        
        Re: Re: Re: Re: Re: Re: Cell phone ID / tracking
        The real secret(s) IMHO would be in the antenna. Bigger is better. Suppose it was located in that big advertising sign on the side of the highway? The size would reduce power requirements, therefore reducing interference. Nobody uses advertising signs for dual purposes, right?
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 13 Nov 2013 @ 12:55pm
        
        Re: Re: Re: Re: Re: Re: Re: Cell phone ID / tracking
        You need both a big antenna and more power if you want to get any serious distance.
        
        You need a low of power because you're powering the rfid tag. The amount of power a radio signal carries falls off at the rate of the square of the distance from the source. Using a larger antenna does not reduce the power requirements for this.
        
        You need a larger antenna because the radio signal the tag generates in response to the reader is pretty weak. If you're trying to pick up a weak signal (made even weaker because of that square-of-the-distance thing), you need a large antenna.
        
        In short, as Mr. Applegate points out, there is pretty much only one way you could transmit the kind of power you need to accomplish what you're talking about without causing too much interference for everything else around, and that's a directional antenna. but using a directional antenna sucks pretty hard if you're trying to track a bunch of things that are always moving around.
        
        I'm not saying that what you're suggesting is technically impossible. It might well be. however, it would not be possible to do it in a way that goes unnoticed, and it would be very, very expensive.
        
        It's much cheaper, and almost as good, to simply track everyone's Wifi & cell signal beacons. Which is what is actually done. Nobody worries about people pulling batteries because almost nobody pulls batteries.
        [ link to this | view in chronology ]
        
        Derek Kerton (profile), 14 Nov 2013 @ 10:19am
        
        Re: Re: Re: Re: Re: Re: Re: Re: Cell phone ID / tracking
        John, I think you nailed it here.
        
        While the small debate with Applegate is fun, readers here should remember that "what can be done" and "what can be done affordable, consistently, and unnoticed" are very different.
        [ link to this | view in chronology ]
- Ark, 21 Nov 2013 @ 8:29am
  
  Re: Cell phone ID / tracking
  If you store a phone in a pouch that is lined with aluminum foil, I believe this will protect against RFID.
  [ link to this | view in chronology ]
yagmur, 13 Nov 2013 @ 5:55am

take the battery out to be sure.
in turkey, another country with excessive government surveillance, it is common practise to pull the battery from cell phones and leaving phones outside of a room if you want your communications to remain secret and you suspect you may be targeted (professors during a faculty meeting do so).
[ link to this | view in chronology ]
- btr1701 (profile), 13 Nov 2013 @ 9:20am
  
  Re: take the battery out to be sure.
  > in turkey, another country with excessive
  > government surveillance, it is common practise
  > to pull the battery from cell phones and
  > leaving phones outside of a room if you
  > want your communications to remain secret
  
  That's standard practice in America, also. In every government building that deals with classified information, you'll find racks of cell-phone-sized cubbyholes outside the doors to the SCIFs and everyone is required to leave all devices capable of sending or receiving EM signals in those cubbys. Bringing a cell phone into a SCIF is a serious violation and will bring you no end of grief.
  [ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 6:01am

The question should be asked of the networks, as they add and modify the phone software. They are the ones, rather than the manufacturers who would enable covert phone use, and respond to warrants.
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 13 Nov 2013 @ 6:01am

Heh, heh. At last you're suspicious of "Google has no way".
Believe that's the first time I've seen Mike or minions express doubt of a Google statement. The wall has cracked.

Anyhoo, if you're actually wondering whether such tech exists: stop wondering! -- Not only does it exist (no, I don't have any "proof" to link, but it's OBVIOUS that on-off switching is totally under computer control, and how else would the Emergency Alert system work?), BUT all phones periodically communicate to cell towers too.

To keep gadgets from spying, you'll need to take the battery out and put it in a metal box. SPYING IS THE MAIN PURPOSE OF THE GADGETS. That you get some use out of them is distant secondary just to trick you: gov't and Rich are tickled pink that you actually pay to have their spies in your pocket!

It's not the 20th century, kids. You are now in the dystopic Brave New World of 1950's science fiction -- made practical and routine, isn't just vague text outlines. Total control of the populace now IS possible because The Rich have billions of gadgets to spy on everyone all the time. -- YOU do NOT own those gadgets! Get that old notion out of your heads! The gadgets aren't under YOUR control! The Rich own them! -- And The Rich believe that they quite literally own YOU too. It's feudalism with high-tech gadgets to keep you dulled with empty entertainments and watched all the time.
[ link to this | view in chronology ]
- ChrisB (profile), 13 Nov 2013 @ 6:23am
  
  Re: Heh, heh. At last you're suspicious of "Google has no way".
  The "Rich" don't care about you, unless you have money to spend (I'm assuming you don't, because you post here day and night). The government does care about you. Google, and other businesses, are victims, just like the rest of us, of an out of control government.
  [ link to this | view in chronology ]
  - Anonymous Coward, 13 Nov 2013 @ 6:44am
    
    Re: Re: Heh, heh. At last you're suspicious of "Google has no way".
    "Google, and other businesses, are victims, just like the rest of us, of an out of control government."
    
    I can see that you are a serious contender for the Funny award this week.
    [ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 6:04am

Faraday cage
Right now, this instant, my personal cell phone is not just powered down. Rather, I'm also keeping it in a Faraday cage.

That's just me. Maybe I'm paranoid, maybe I'm just cautious. Whatever. I like my privacy�and, at any rate�I do enjoy the luxury of not needing to carry around a tracking device 24x7. Finally, I also do understand that many other people can't afford the luxury I enjoy.
[ link to this | view in chronology ]
- Nurlip (profile), 13 Nov 2013 @ 8:13am
  
  Re: Faraday cage
  you are definitely paranoid. (and cautious). But that's warranted given what we now know the gov't can do so, kudos. i do wish i had a faraday cage.. just to say i have one..
  [ link to this | view in chronology ]
  - Derek Kerton (profile), 14 Nov 2013 @ 10:23am
    
    Re: Re: Faraday cage
    Then get a Mylar bag. $12 bucks at Amazon. It's a functional Faraday cage, which doesn't actually need to be a "cage" to meet the definition.
    
    http://www.amazon.com/10-Inch-300cc-Oxy-Sorb-Absorbers-Preservation/dp/B006T5ES9O/ref=sr_ 1_4?ie=UTF8&qid=1384453248&sr=8-4&keywords=mylar+bag
    
    If you have one of those bags hard drives are shipped in, that works, too.
    [ link to this | view in chronology ]
- Anonymous Coward, 13 Nov 2013 @ 9:08am
  
  Re: Faraday cage
  Just because you're paranoid, doesn't mean they aren't out to get you.
  [ link to this | view in chronology ]
  - Anonymous Coward, 13 Nov 2013 @ 9:25am
    
    Re: Re: Faraday cage
    Just because you're paranoid, doesn't mean they aren't out to get you.
    
    Oh, I don't think they're out to get me. No, rather, I think they're out to get � everyone.
    [ link to this | view in chronology ]
    - Derek Kerton (profile), 14 Nov 2013 @ 10:24am
      
      Re: Re: Re: Faraday cage
      There's a "funny" button, but there's no "sad/funny" button.
      [ link to this | view in chronology ]
maroon78 (profile), 13 Nov 2013 @ 6:07am

the second OS in your smart phone
see the following for more details:
http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone
[ link to this | view in chronology ]
- zub, 13 Nov 2013 @ 6:27am
  
  Re: the second OS in your smart phone
  Exactly my thoughts - if there's something, it can be hiding there. Nobody really sees what it does, and it's typically the master... +1
  [ link to this | view in chronology ]
- Anonymous Coward, 13 Nov 2013 @ 6:48am
  
  Re: the second OS in your smart phone
  Sigh...
  It seems surveillance is virtually impossible to avoid. Read the comments after this article wherein the point is made that even phones that aren't "smart" have this stuff buried in them.
  [ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 6:17am

although it was about 8-10years ago, i had a Samsung phone, using Vodafone. twice it turned on by itself whilst on holiday. apart from anything else, i ended up with a bill from the network provider which i had a hard job getting removed and only then after it was admitted that the phone could basically 'start itself' and did so to keep track of where the phone was!!
[ link to this | view in chronology ]
Capt ICE Enforcer, 13 Nov 2013 @ 6:41am

Lost phones.
Please citizens, quit asking me to find your lost phones.

V/R
Capt ICE Enforcer,
Defender of the Rich.
[ link to this | view in chronology ]
Chronno S. Trigger (profile), 13 Nov 2013 @ 6:54am

There's an easy way to find out. The transceiver takes up a lot of power. Charge up your cell phone the entire way and then turn it off. After a week of it being off, if the battery is around 70% or 50%, you know something's up. If it's still 99%, that thing was off.

I figured this out with my iPod touch. Since I only used it for website testing, it was on standby most of the time. Even with the wifi and GPS off, it would be completely dead in two days. Then I decided to charge it and just turn it off. After two weeks, I turned it back on to test with and the battery was 100%. My first thought was "At least I know when this thing's off, it's off."
[ link to this | view in chronology ]
- Anonymous Coward, 13 Nov 2013 @ 7:37am
  
  Re:
  "The transceiver takes up a lot of power."
  
  This is false. GSM chips are rather energy efficient. They only eat a lot of power when they are actively transmitting lots of data for a long period of time (like, during a call or while surfing the web).
  
  Tracking you via GSM is very cheap, energetically speaking.
  [ link to this | view in chronology ]
  - Chronno S. Trigger (profile), 13 Nov 2013 @ 8:24am
    
    Re: Re:
    It still takes up power and a lot more of it then a time keeper. Even at low power, after a week it will take up a vary noticeable amount of the battery.
    [ link to this | view in chronology ]
  - Derek Kerton (profile), 14 Nov 2013 @ 10:38am
    
    Re: Re:
    Not false. An active GSM radio must maintain a line of communications with the nearest towers, or if out of range, try to contact a tower. This activity is largely listening to control information from the BTS (tower), but some confirmation replies are also required.
    
    While I agree that this kind of standby power use is much lower than active transmissions of data, over couple of days, even when the phone is not actively used, the "Control channel" traffic will cause some notable battery loss. When powered off, this should not occur.
    
    See: https://en.wikipedia.org/wiki/Control_channel
    (MS means mobile station, or phone)
    [ link to this | view in chronology ]
    - Larry Vrooman (profile), 14 Nov 2013 @ 11:19am
      
      Re: Re: Re:
      So, can we agree that when 'powered off' and stored
      in bag/cage, it cannot communicate, or drain the battery?
      [ link to this | view in chronology ]
      - nasch (profile), 14 Nov 2013 @ 3:40pm
        
        Re: Re: Re: Re:
        So, can we agree that when 'powered off' and stored
        in bag/cage, it cannot communicate, or drain the battery?
        
        If it's really and truly off, it can't do either. If it's still trying to communicate then it won't be able to if it's in a Faraday cage of some sort, but the battery drain could be worse since the device may "scream" louder and louder trying to get in touch with a tower it will never reach.
        [ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 6:57am

There's always a Faraday pouch.
[ link to this | view in chronology ]
Anshar (profile), 13 Nov 2013 @ 7:03am

There's an old-fashioned solution�
Manufacturers could go back to a hardware power switch that physically disconnects the power supply from the rest of the device. A small charging circuit on the battery side of the switch could still allow it to be charged while off. It could even be a secondary power switch for users who wish to be 100% certain their phone is truly powered down.
[ link to this | view in chronology ]
- John Fenderson (profile), 13 Nov 2013 @ 1:02pm
  
  Re:
  They could, but then people would get mad that they have to wait for the phone to boot up every time they want to make a call.
  [ link to this | view in chronology ]
  - nasch (profile), 14 Nov 2013 @ 3:41pm
    
    Re: Re:
    They could, but then people would get mad that they have to wait for the phone to boot up every time they want to make a call.
    
    "It could even be a secondary power switch for users who wish to be 100% certain their phone is truly powered down."
    
    Meaning there would be a primary power button that just turns the screen off.
    [ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 7:06am

Not laughing so hard at my 3310 now are ya?
[ link to this | view in chronology ]
- John Fenderson (profile), 13 Nov 2013 @ 1:06pm
  
  Re:
  The 3310 is not exempt from any of these issues.
  [ link to this | view in chronology ]
David, 13 Nov 2013 @ 7:24am

Most phones have alarm clocks. You can set an alarm for a particular time and switch the phone off (as in, press the power-off button).

At the given alarm time, the phone will still wake up and ring. Yes, that's right, the alarm function does not require you keeping the whole thing on (surprised me when I found out the first time). That goes for rather old "dumb" mobile phones, I should think it would go for smart phones still (they have similar control circuitry I think).

Actually, most laptops can do the same via the RTC and ACPI.

The point is "only when the power button is pressed" is a verifiable falsehood by just using standard phone functionality.
[ link to this | view in chronology ]
kenichi tanaka (profile), 13 Nov 2013 @ 7:32am

Somebody needs to tell the geniuses in the intelligence community that if someone removes the battery from their cell phone, there is no way, in Hell, that government intelligence agencies can turn your phone back on, through malware or otherwise.

"Hey, Beavis."

"Heh, heh. What's up, Butthead."

"Mobile Phones can be tracked without a battery."

"Now why didn't Bill gates think of that?"

LOLS
[ link to this | view in chronology ]
- ltlw0lf (profile), 13 Nov 2013 @ 9:56am
  
  Re:
  Somebody needs to tell the geniuses in the intelligence community that if someone removes the battery from their cell phone, there is no way, in Hell, that government intelligence agencies can turn your phone back on, through malware or otherwise.
  
  CMOS? A second, much smaller battery contained in the device which powers vital memory functions, kept topped off by the main battery but which can function when the main battery is removed for a limited period of time.
  
  Just a guess. I have no real way of knowing if this is possible, but I don't think it is so cut and dry and I'd never say never in this case.
  [ link to this | view in chronology ]
  - Anonymous Coward, 15 Nov 2013 @ 1:32am
    
    Re: Re:
    the power to the RAM is enough to keep the data stored in the RAM intact, it is not enough power for it to function as a RAM, that requires to correct VCC and the power to drive the I/O transistors of the RAN, these parts to not have power applied in standby mode, so it retains the data, but does not work as a RAN (you cant read or write from it).
    
    Look up the type of RAM used in your phone, then download the data sheet for it, and find out for yourself.
    
    All you have to do is look, and you would not have to 'guess' or believe Masnick, (who damn well should know better).
    [ link to this | view in chronology ]
  - Anonymous Coward, 15 Nov 2013 @ 1:36am
    
    Re: Re:
    CMOS stands for Complementary Metal Oxide Silicon, its a type of logic, is requires less power that TTL (Transistor, transistor logic), but is not as fast as ECL (emitter collector logic).
    
    If you like look up "static RAM standby' and find out for yourself how "battery backup" and such work, you might even learn something..
    [ link to this | view in chronology ]
Pixelation, 13 Nov 2013 @ 7:42am

Great, now I need to make a tinfoil hat for my phone...
[ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 7:45am

...
wrap it in foil, nuf said
[ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 7:48am

RTC alarm wakeup
The only electronics normally remaining in operation are the crystal that keeps track of time and some functionality sensing on-button and charger connection.

When they say "the crystal that keeps track of the time", they are talking about the RTC, a circuit not unlike what you would find on a common digital watch (it is even the same kind of crystal). Notably, that circuit often can be programmed to wake up the system at a specific time. If it is wired correctly (and I suspect it often is), all one needs to do is to program it with the desired wakeup time.

This way, you can have a completely powered off phone, wasting almost no power, which can still wake up by itself and report its location.

The only completely reliable way to prevent a phone from reporting its location is to remove the main battery. The auxiliary RTC battery, when present, is only connected to the RTC circuit, and even if that was not the case, it does not have enough power to run the whole phone, especially the power-hungry radios.
[ link to this | view in chronology ]
Akakak, 13 Nov 2013 @ 8:02am

Just to fuel the feelings of paranoia. Here's a possible attack vector. The lower level system that controls the radio section of cell phones. http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone
[ link to this | view in chronology ]
Wally (profile), 13 Nov 2013 @ 8:14am

Sort of like the varilium patch Spock gave to Kirk in Star Trek VI...
[ link to this | view in chronology ]
mr. sim (profile), 13 Nov 2013 @ 8:19am

and now you know why cell phones are being made where you can't take the batteries. formally if you wanted to "go dark" you'd take the battery out of the phone and that's that. you pop it back in when you make a call. but now they make the battery unable to be reached to prevent you from actually being able to turn off the phone physically. next comes the phones operating system having a remote trip switch so the phone makers, plan providers and the government to track you and suck up that all important location info and you can't stop them
[ link to this | view in chronology ]
- John Fenderson (profile), 13 Nov 2013 @ 10:48am
  
  Re:
  Those are mostly iPhones, which make the battery nonremovable to ensure lock-in with Apple and that you'll eventually have to buy a new iPhone.
  
  The majority of other smartphones I see, even the very newest, have removable batteries.
  [ link to this | view in chronology ]
- Anonymous Coward, 13 Nov 2013 @ 3:01pm
  
  Re:
  I doubt that's the reason they're irremovable. It's just a convenient side effect. These days they're making batteries in odd shapes and as thin as possible so sometimes they're just plastic bags with electrodes hanging out. Anything they can do to keep the phone thinner, they will do. That's the profit driver there, making a sleek phone.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 13 Nov 2013 @ 3:41pm
    
    Re: Re:
    I don't think that's it, either. If it was, then why is it that iPhone batteries are not removable, but my Samsung battery is -- even though the Samsung is almost half as thick as the iPhone?
    [ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 9:00am

Apparently this worked for finding IED device triggers that used cell phones. In order for this to work, it has to cover more than one type of cell phone. So just how many makers of cell phones are there globally? Somehow I think it comes down to the major makers. Like the communications giants they are likely being paid good money to ensure these methods are available. After all, if you were to look at the inside of a phone, would you be able to pick out the component that didn't belong? Especially if it was inserted by the manufacturer.

So either they aren't talking, they know and are playing dumb, or like Google and /. they are a victim of circumstances. Given other co-operative events by communications giants, I would not put it past them to have a known method by this time to do so.

As the microphone trick shows, there are ways to remotely activate phones, be that malware or whatever. Doesn't change the fact it's done.
[ link to this | view in chronology ]
- Anonymous Coward, 13 Nov 2013 @ 11:04am
  
  Re:
  Point of order: cell-phone triggers for IEDs traditionally rely on having the phone turned ON. If the NSA can track powered-down phones (or, more likely, remotely crack them to keep them from fully powering down), that's another thing entirely.
  [ link to this | view in chronology ]
ME, 13 Nov 2013 @ 9:59am

How to prevent a cell phone from connecting:
Simple. Wrap it in aluminium foil. It will not be able to connect to anything since aluminium blocks radio frequencies.
[ link to this | view in chronology ]
Slappy, 13 Nov 2013 @ 10:11am

There are two options: 1) Don't use a cell phone. 2) Shield the phone when not in use. The feds aren't as stupid as some would like them to be, and cell phone manufacturers routinely make concessions to law enforcement. The feds know the first "remedy" is to take out that battery to thwart tracking. That doesn't work because GUESS WHAT'S IN THE BATTERY?
[ link to this | view in chronology ]
- John Fenderson (profile), 13 Nov 2013 @ 10:50am
  
  Re:
  GUESS WHAT'S IN THE BATTERY?
  
  What? Electricity?
  [ link to this | view in chronology ]
  - Anonymous Coward, 13 Nov 2013 @ 11:14am
    
    Re: Re:
    
    GUESS WHAT'S IN THE BATTERY?
    What? Electricity?
    Lithium. � It's lithium.
    
    �
    
    �
    
    From Wikipedia, The Free Encyclopedia: Lithium (medication)
    �.�.�.�used as a psychiatric medication. A number of salts of lithium are used as mood-stabilizing drugs, primarily in the treatment of bipolar disorder, where they have a role in the treatment of depression and particularly of mania, both acutely and in the long term.�.�.�.
    [ link to this | view in chronology ]
  - Slappy, 14 Nov 2013 @ 4:19am
    
    Re: Re:
    Obviously, and another tiny item run by same said electricity.
    [ link to this | view in chronology ]
    - nasch (profile), 14 Nov 2013 @ 3:58pm
      
      Re: Re: Re:
      Obviously, and another tiny item run by same said electricity.
      
      Wait, you're saying there's another tiny cell phone inside your cell phone battery?
      [ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 10:17am

now go buy your smart tv with built in WiFi and Xbox one so you can be monitored like all good patriots should want. you have nothing to hide and since those used games break copyright we now have unlimited probable cause
[ link to this | view in chronology ]
aldestrawk (profile), 13 Nov 2013 @ 10:18am

"Short of pulling out the battery (notably not an option in some phones), there seems to be little anyone can do to prevent the device from being tracked and/or used as a listening device."

It's not that hopeless. As pointed out in some of the previous comments a faraday cage or bag is sufficient to prevent remote activation of your cell phone. These are now being made and will probably become more common. If you don't care about style, you can just use a mylar bag. There are 2 caveats to keep in mind;
1). Not any bag made from metallized film will do. I have tested anti-static bags that don't work.
2). make sure it is fully closed and stays that way in your pocket or purse.

Your bag is easily tested. Just call your phone while its in the bag. The test is better if it is done in a place that shows the maximum bars for service. For foolproof testing, stand next to a cell tower for your carrier and do the same thing.

This avoids having to worry about; whether the radio circuitry is really turned off or not, getting a phone with a removable battery, secret secondary batteries, or secret RFID chips.

If some of the phone manufacturers are being coy about denying the ability to remotely activate a turned off phone, it might be because they have allowed the phone to be configured to listen while "off". It is conceivable to me (but I'm not convinced) that manufacturers along with carriers in conformance with CALEA might allow a phone to be set in a pseudo-off mode in response to a wiretap order. Regardless, this can still be defeated with a Faraday bag.
[ link to this | view in chronology ]
- Anonymous Coward, 13 Nov 2013 @ 10:27am
  
  Re:
  Your bag is easily tested. Just call your phone while its in the bag.
  
  Your phone should be POWERED ON during this test.
  [ link to this | view in chronology ]
  - John Fenderson (profile), 13 Nov 2013 @ 11:16am
    
    Re: Re:
    But powered off or put in airplane mode when using the bag for real. When a cell phone can't reach a tower, it increases the power of its transmission. As a result, storing a powered-up cellphone in a faraday cage will drain the battery faster.
    [ link to this | view in chronology ]
    - Anonymous Coward, 15 Nov 2013 @ 1:25am
      
      Re: Re: Re:
      when it's powered off, or in airplane mode, no power is applied to the RF sections of your phone, so the phone does not 'increase power' the phone has no power in those modes.
      
      Have you ever put two identical phones powered down one in a faraday cage and other not ?
      
      I bet you have not, otherwise you would not make such a stupid statement.
      [ link to this | view in chronology ]
  - aldestrawk (profile), 13 Nov 2013 @ 12:45pm
    
    Re: Re:
    Of course. I thought that would be obvious unless you can arrange for the FBI or the NSA to try the remote activation at an agreed to time.
    [ link to this | view in chronology ]
    - Anonymous Coward, 13 Nov 2013 @ 1:46pm
      
      Re: Re: Re:
      I thought that would be obvious
      
      You don't write technical documentation for a living, do you? You're not a professional technical writer?
      [ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 10:40am

Today is a good day to have a POTS line.
[ link to this | view in chronology ]
Marak, 13 Nov 2013 @ 2:57pm

I havnt read through the comments (i will later, promise!). Quick thing i noticed, "no part of the android system is operating when the phone is offline".

Thats all well and good but all phones (all) have two operating systems.

The second system that is closed source that controls things such as the gps, 3g, radio etc. Ill pull up the article later (also to confirm which pieces of hardware are under control ).

Note these pieces of hw under control could be quite useful at identifying a phone and locating it.

That is where your tracking ability comes from.
[ link to this | view in chronology ]
- marak (profile), 13 Nov 2013 @ 3:29pm
  
  Re:
  Ok so i got a chance and read the other posts (told you i would!), and some people have touched on it, but here's a link (happened to be reading it yesterday, woo for timing).
  
  http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone
  
  In short everything related to radio is controlled by a secondary OS, also USB and and GPS (possibly more still need to read the white paper).
  
  Update: quick read through these are also tied to the chip:
  
  Microphone and speakers.
  
  These are closed chips so we dont have any of the source code and have to rely on information given - joy -.-
  [ link to this | view in chronology ]
  - Anonymous Coward, 15 Nov 2013 @ 1:22am
    
    Re: Re:
    yes the radio (and GPS) have their own firmware, just as a PC has a BIOS, and firmware to read the keyboard (and the keyboards own CPU).
    
    But when the power is off to that circuitry, the software does not run, as the power is off !!!!! Closed chips or not, if the chip has no power applied to it, it does not work, pretty basic stuff !!!
    [ link to this | view in chronology ]
    - Noe, 21 Nov 2013 @ 9:34am
      
      Re: Re: Re:
      If the RTOS has been hacked, and it controls the power circuitry, then it can shut off the Android/iOS CPU and yet still communicate with the cell towers.
      
      Pretty simple stuff!!
      [ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 3:28pm

Just Test the Damn Things!
Checking an electronic device for A) powered off radiation, and B) response to an RFID query, is almost a no-brainer. Needed: one screen room for RF isolation, One RF spectrum analyzer to measure any radiation from the device, 3 An RFID test rig to stimulate the device and measure it's responses, plus appropriate antennae. None of this is rocket science, and is easily accomplished. Why doesn't someone do it? And no, I ain't got the equipment or I would.
[ link to this | view in chronology ]
- marak (profile), 13 Nov 2013 @ 3:30pm
  
  Re: Just Test the Damn Things!
  Same no equip avail here for me to test. Anyone got a local hacker station available? (or anyone know of one in japan that they speak english at? lol)
  [ link to this | view in chronology ]
  - Anonymous Coward, 13 Nov 2013 @ 5:41pm
    
    Re: Re: Just Test the Damn Things!
    Back in the day, I'm talkin' mid 1980s to mid 1990s, there used to be companies that specialized in testing computers and components for Part 15 compliance. These shops were ideal for this sort of testing. I don't know if they still exist, but I think so.
    [ link to this | view in chronology ]
- Anonymous Coward, 15 Nov 2013 @ 1:19am
  
  Re: Just Test the Damn Things!
  people do it all the time, myself included, and I can tell you from practical experience, AND studying the circuit diagrams of these systems, that if they are OFF, they DO NOT radiate or receive RF AT ALL, NEVER.
  
  Talk all the conspiracy theories you like, it just makes those claiming otherwise look like people have NO IDEA of even the basics of electronics.
  
  When a Cell phone is off, there is at best a very small amount of power to the start button, and possibly (probably) a small holding current for the internal RAM, it is enough power to hold the data, but not enough to allow it to be used as ram. The CPU is not powered, the memory is not powered, the GPS is not powered, the Bluetooth is not powered, it emits no RF energy, it is not capable of receiving any RF energy, IT IS FUCKING OFF, for Gods sake !!!
  
  Look at the types of IC's used in your phone, then look up the technical data sheet for that component, make your own decision (sure a degree in electronics engineering might help) but if you study it long and hard enough you might be able to work it out for yourself..
  
  But don't take off your faraday cage tin foil hats, otherwise major league baseball might come and get you.
  [ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 5:19pm

SIM cards have their own micro processor. What we should really be asking is, who designs and manufactures the cellphone modems used inside most smartphones? Is it the phone manufactures, or someone else?
[ link to this | view in chronology ]
Anonymous Coward, 13 Nov 2013 @ 5:52pm

How Come They Haven't Tested The Phones?
You know, the more I think about this, the more I wonder just exactly WHY some outfit like Anandtech or CNet or Engadget hasn't done the tests necessary? This stuff is fairly simple, compared to the motherboard, hard disk/SSD, or heatsink testing that goes on. This is also not the first time this question has come up, and STILL no testing has been done. Anyone know why?
[ link to this | view in chronology ]
- Anonymous Coward, 13 Nov 2013 @ 6:11pm
  
  Re: How Come They Haven't Tested The Phones?
  As I said, this is not the first time this question has come up, on Techdirt, even!
  
  http://www.techdirt.com/articles/20130723/12395923907/even-powering-down-cell-phone-cant-keep-n sa-tracking-its-location.shtml
  [ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2013 @ 1:08am

Carefully worded !!!!
What are you saying you say things that are not carefully worded, and lets have a look at that they are saying.

WHEN THE FREAKING THING IT IS OFF.... IT IS OFF !!!!

what part of "NO POWER TO THE RADIO" don't you understand ???

For someone with "TECH" in their URL, you would think you would know better,

WHEN THE FUCKING THING IS OFF, it's POWERED DOWN, ITS OFF !!!!! GEEEZUS F CHRIST.

I am sorry but the stupidity of the author of this "article" is beyond comprehension. VERY, VERY SAD....
Have you given up on having any pretence of competence, or for that matter sanity ??

Simply amazing !!!!!!
[ link to this | view in chronology ]
Nop (profile), 3 Mar 2015 @ 9:34pm

"there seems to be little anyone can do to prevent the device from being tracked and/or used as a listening device"
Sure there is: Put the phone inside a Faraday Cage, eg; a wire mesh pouch, or for an ad hoc solution, inside a microwave oven, or metal box.
[ link to this | view in chronology ]
Luxi Turna (profile), 25 Jul 2017 @ 12:41pm

Fixed batteries are ONLY so the NSA can listen to your phone all the time
(I'm a grad student in digital forensics and network security, if that gives me at least a little credibility).

Cut off contact with the cell network for privacy AND YOUR BATTERY WILL DIE.

When they can't see a tower, phones turn up the RF power all the way and leave it there until they connect.

The effect is maximum battery drain, more than anything you can do except the flashlight function.

Not a solution except for brief times you want to talk about something you absolutely don't want them to hear.

The fact that ALL phones now have fixed batteries when removable batteries have huge advantages (the battery dies, phone reset, etc) is SMOKING GUN EVIDENCE that the NSA either forced the companies or more likely bribed them with millions of our tax money, to force the phones to always be able to listen to you secretly and tell where you are.

The NSA defeated the gold-standard, trusted RSA encryption by paying RSA 30 million dollars to put in a back door.

Their excuse—that the phone looks prettier if you can't remove the battery—is so WAY beyond ridiculous that it's insulting to hear them tell it to us.
[ link to this | view in chronology ]