Cell Phone Manufacturers Offer Carefully Worded Denials To Question Of Whether NSA Can Track Powered-Down Cell Phones
from the it's-not-so-much-what's-being-said,-it's-how-it's-being-said dept
Back in July, a small but disturbing detail on the government's cell phone tracking abilities was buried inside a larger story detailing the explosive expansion of the NSA post-9/11. Ryan Gallagher at Slate pulled this small paragraph out and highlighted it.
By September 2004, the NSA had developed a technique that was dubbed “The Find” by special operations officers. The technique, the Post reports, was used in Iraq and “enabled the agency to find cellphones even when they were turned off.” This helped identify “thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq,” according to members of the special operations unit interviewed by the Post.Ars Technica reports that some security researchers are calling this statement into question and have contacted cell phone providers for statements on the NSA's claim. Only a few have responded at this point, and their denials have been worded very specifically.
Google had this to say:
When a mobile device running the Android Operating System is powered off, there is no part of the Operating System that remains on or emits a signal. Google has no way to turn on a device remotely.Google may not have a way, but that doesn't mean the NSA doesn't.
Nokia:
Our devices are designed so that when they are switched off, the radio transceivers within the devices should be powered off. We are not aware of any way they could be re-activated until the user switches the device on again. We believe that this means that the device could not be tracked in the manner suggested in the article you referenced.Once again, we're looking at words like "should" and "not aware." This doesn't necessarily suggest Nokia does know of methods government agencies could use to track phones that are off, but it doesn't entirely rule it out either.
Samsung's response is more interesting. While declaring that all components should be turned off when the phone is powered down, it does acknowledge that malware could trick cell phone users into believing their phone is powered down when it isn't. Ericsson, which is no longer in the business of producing cell phones (and presumably has less to lose by being forthright), was even more expansive on the subject.
The only electronics normally remaining in operation are the crystal that keeps track of time and some functionality sensing on-button and charger connection. The modem (the cellular communication part) cannot turn on by itself. It is not powered in off-state. Power and clock distribution to the modem is controlled by the application processor in the mobile phone. The application processor only turns on if the user pushes the on-switch. There could, however, be potential risks that once the phone runs there could be means to construct malicious applications that can exploit the phone.On the plus side, the responding manufacturers seem to be interested in ensuring a powered down phone is actually powered down, rather than just put into a "standby" or "hibernation" mode that could potentially lead to exploitation. But the implicit statement these carefully worded denials make is that anything's possible. Not being directly "aware" of something isn't the same thing as a denial.
Even if the odds seem very low that the NSA can track a powered down cell phone, the last few months of leaks have shown the agency has some very surprising capabilities -- some of which even stunned engineers working for the companies it surreptitiously slurped data from.
Not only that, but there's historical evidence via court cases that shows the FBI has used others' phones as eavesdropping devices by remotely activating them and using the mic to record conversations. As was noted by c|net back in 2006, whatever the FBI utilized apparently worked even when phones were shut off.
The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.Short of pulling out the battery (notably not an option in some phones), there seems to be little anyone can do to prevent the device from being tracked and/or used as a listening device. The responding companies listed above have somewhat hedged their answers to the researcher's questions, most likely not out of any deference to government intelligence agencies, but rather to prevent looking ignorant later if (or when) subsequent leaks make these tactics public knowledge.
Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.
While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years.
Any powered up cell phone performs a lot of legwork for intelligence agencies, supplying a steady stream of location and communications data. If nothing else, the leaks have proven the NSA (and to a slightly lesser extent, the FBI) has an unquenchable thirst for data. If such exploits exist (and they seem to), it would be ridiculous to believe they aren't being used to their fullest extent.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: mobile phones, privacy, surveillance, tracking
Companies: ericsson, google, nokia, samsung
Reader Comments
Subscribe: RSS
View by: Time | Thread
Apple?
[ link to this | view in thread ]
Cell phone ID / tracking
No power, no battery is necessary.
[ link to this | view in thread ]
take the battery out to be sure.
[ link to this | view in thread ]
[ link to this | view in thread ]
Heh, heh. At last you're suspicious of "Google has no way".
Anyhoo, if you're actually wondering whether such tech exists: stop wondering! -- Not only does it exist (no, I don't have any "proof" to link, but it's OBVIOUS that on-off switching is totally under computer control, and how else would the Emergency Alert system work?), BUT all phones periodically communicate to cell towers too.
To keep gadgets from spying, you'll need to take the battery out and put it in a metal box. SPYING IS THE MAIN PURPOSE OF THE GADGETS. That you get some use out of them is distant secondary just to trick you: gov't and Rich are tickled pink that you actually pay to have their spies in your pocket!
It's not the 20th century, kids. You are now in the dystopic Brave New World of 1950's science fiction -- made practical and routine, isn't just vague text outlines. Total control of the populace now IS possible because The Rich have billions of gadgets to spy on everyone all the time. -- YOU do NOT own those gadgets! Get that old notion out of your heads! The gadgets aren't under YOUR control! The Rich own them! -- And The Rich believe that they quite literally own YOU too. It's feudalism with high-tech gadgets to keep you dulled with empty entertainments and watched all the time.
[ link to this | view in thread ]
Faraday cage
That's just me. Maybe I'm paranoid, maybe I'm just cautious. Whatever. I like my privacy—and, at any rate—I do enjoy the luxury of not needing to carry around a tracking device 24x7. Finally, I also do understand that many other people can't afford the luxury I enjoy.
[ link to this | view in thread ]
the second OS in your smart phone
http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Heh, heh. At last you're suspicious of "Google has no way".
[ link to this | view in thread ]
Re: the second OS in your smart phone
[ link to this | view in thread ]
Lost phones.
V/R
Capt ICE Enforcer,
Defender of the Rich.
[ link to this | view in thread ]
Re: Re: Heh, heh. At last you're suspicious of "Google has no way".
I can see that you are a serious contender for the Funny award this week.
[ link to this | view in thread ]
Re: the second OS in your smart phone
It seems surveillance is virtually impossible to avoid. Read the comments after this article wherein the point is made that even phones that aren't "smart" have this stuff buried in them.
[ link to this | view in thread ]
I figured this out with my iPod touch. Since I only used it for website testing, it was on standby most of the time. Even with the wifi and GPS off, it would be completely dead in two days. Then I decided to charge it and just turn it off. After two weeks, I turned it back on to test with and the battery was 100%. My first thought was "At least I know when this thing's off, it's off."
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Cell phone ID / tracking
[ link to this | view in thread ]
There's an old-fashioned solution…
[ link to this | view in thread ]
[ link to this | view in thread ]
At the given alarm time, the phone will still wake up and ring. Yes, that's right, the alarm function does not require you keeping the whole thing on (surprised me when I found out the first time). That goes for rather old "dumb" mobile phones, I should think it would go for smart phones still (they have similar control circuitry I think).
Actually, most laptops can do the same via the RTC and ACPI.
The point is "only when the power button is pressed" is a verifiable falsehood by just using standard phone functionality.
[ link to this | view in thread ]
"Hey, Beavis."
"Heh, heh. What's up, Butthead."
"Mobile Phones can be tracked without a battery."
"Now why didn't Bill gates think of that?"
LOLS
[ link to this | view in thread ]
Re:
This is false. GSM chips are rather energy efficient. They only eat a lot of power when they are actively transmitting lots of data for a long period of time (like, during a call or while surfing the web).
Tracking you via GSM is very cheap, energetically speaking.
[ link to this | view in thread ]
[ link to this | view in thread ]
...
[ link to this | view in thread ]
RTC alarm wakeup
When they say "the crystal that keeps track of the time", they are talking about the RTC, a circuit not unlike what you would find on a common digital watch (it is even the same kind of crystal). Notably, that circuit often can be programmed to wake up the system at a specific time. If it is wired correctly (and I suspect it often is), all one needs to do is to program it with the desired wakeup time.
This way, you can have a completely powered off phone, wasting almost no power, which can still wake up by itself and report its location.
The only completely reliable way to prevent a phone from reporting its location is to remove the main battery. The auxiliary RTC battery, when present, is only connected to the RTC circuit, and even if that was not the case, it does not have enough power to run the whole phone, especially the power-hungry radios.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Faraday cage
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Cell phone ID / tracking
http://www.iautomate.com/products/wavetrend-l-rx202-long-range-rfid-reader.html
450 feet, plenty of range to read / track roads, highways,
shopping malls, public venues, etc.
[ link to this | view in thread ]
So either they aren't talking, they know and are playing dumb, or like Google and /. they are a victim of circumstances. Given other co-operative events by communications giants, I would not put it past them to have a known method by this time to do so.
As the microphone trick shows, there are ways to remotely activate phones, be that malware or whatever. Doesn't change the fact it's done.
[ link to this | view in thread ]
Re: Faraday cage
[ link to this | view in thread ]
Re: take the battery out to be sure.
> government surveillance, it is common practise
> to pull the battery from cell phones and
> leaving phones outside of a room if you
> want your communications to remain secret
That's standard practice in America, also. In every government building that deals with classified information, you'll find racks of cell-phone-sized cubbyholes outside the doors to the SCIFs and everyone is required to leave all devices capable of sending or receiving EM signals in those cubbys. Bringing a cell phone into a SCIF is a serious violation and will bring you no end of grief.
[ link to this | view in thread ]
Re: Re: Faraday cage
Oh, I don't think they're out to get me. No, rather, I think they're out to get everyone.
[ link to this | view in thread ]
Re:
CMOS? A second, much smaller battery contained in the device which powers vital memory functions, kept topped off by the main battery but which can function when the main battery is removed for a limited period of time.
Just a guess. I have no real way of knowing if this is possible, but I don't think it is so cut and dry and I'd never say never in this case.
[ link to this | view in thread ]
How to prevent a cell phone from connecting:
[ link to this | view in thread ]
Re: Re: Re: Cell phone ID / tracking
The latest technology Passive RFID Tags can be read at about 50 Feet max.
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
It's not that hopeless. As pointed out in some of the previous comments a faraday cage or bag is sufficient to prevent remote activation of your cell phone. These are now being made and will probably become more common. If you don't care about style, you can just use a mylar bag. There are 2 caveats to keep in mind;
1). Not any bag made from metallized film will do. I have tested anti-static bags that don't work.
2). make sure it is fully closed and stays that way in your pocket or purse.
Your bag is easily tested. Just call your phone while its in the bag. The test is better if it is done in a place that shows the maximum bars for service. For foolproof testing, stand next to a cell tower for your carrier and do the same thing.
This avoids having to worry about; whether the radio circuitry is really turned off or not, getting a phone with a removable battery, secret secondary batteries, or secret RFID chips.
If some of the phone manufacturers are being coy about denying the ability to remotely activate a turned off phone, it might be because they have allowed the phone to be configured to listen while "off". It is conceivable to me (but I'm not convinced) that manufacturers along with carriers in conformance with CALEA might allow a phone to be set in a pseudo-off mode in response to a wiretap order. Regardless, this can still be defeated with a Faraday bag.
[ link to this | view in thread ]
Re:
Your phone should be POWERED ON during this test.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
The majority of other smartphones I see, even the very newest, have removable batteries.
[ link to this | view in thread ]
Re:
What? Electricity?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Cell phone ID / tracking
However, these are known / public performance parameters.
The government / NSA would probably have better performance with their SECRET hardware.
[ link to this | view in thread ]
Re: Re:
From Wikipedia, The Free Encyclopedia: Lithium (medication)
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Cell phone ID / tracking
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Cell phone ID / tracking
I think I see my next electronics project on the way. May have to do a little "WarDriving" but rather than looking for WIFI, maybe I will look for RFID Readers. I doubt I find much around me, but hey, you never know.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Cell phone ID / tracking
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Cell phone ID / tracking
You need a low of power because you're powering the rfid tag. The amount of power a radio signal carries falls off at the rate of the square of the distance from the source. Using a larger antenna does not reduce the power requirements for this.
You need a larger antenna because the radio signal the tag generates in response to the reader is pretty weak. If you're trying to pick up a weak signal (made even weaker because of that square-of-the-distance thing), you need a large antenna.
In short, as Mr. Applegate points out, there is pretty much only one way you could transmit the kind of power you need to accomplish what you're talking about without causing too much interference for everything else around, and that's a directional antenna. but using a directional antenna sucks pretty hard if you're trying to track a bunch of things that are always moving around.
I'm not saying that what you're suggesting is technically impossible. It might well be. however, it would not be possible to do it in a way that goes unnoticed, and it would be very, very expensive.
It's much cheaper, and almost as good, to simply track everyone's Wifi & cell signal beacons. Which is what is actually done. Nobody worries about people pulling batteries because almost nobody pulls batteries.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re:
You don't write technical documentation for a living, do you? You're not a professional technical writer?
[ link to this | view in thread ]
Thats all well and good but all phones (all) have two operating systems.
The second system that is closed source that controls things such as the gps, 3g, radio etc. Ill pull up the article later (also to confirm which pieces of hardware are under control ).
Note these pieces of hw under control could be quite useful at identifying a phone and locating it.
That is where your tracking ability comes from.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Just Test the Damn Things!
[ link to this | view in thread ]
Re:
http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone
In short everything related to radio is controlled by a secondary OS, also USB and and GPS (possibly more still need to read the white paper).
Update: quick read through these are also tied to the chip:
Microphone and speakers.
These are closed chips so we dont have any of the source code and have to rely on information given - joy -.-
[ link to this | view in thread ]
Re: Just Test the Damn Things!
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Just Test the Damn Things!
[ link to this | view in thread ]
How Come They Haven't Tested The Phones?
[ link to this | view in thread ]
Re: How Come They Haven't Tested The Phones?
http://www.techdirt.com/articles/20130723/12395923907/even-powering-down-cell-phone-cant-keep-n sa-tracking-its-location.shtml
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Cell phone ID / tracking
While the small debate with Applegate is fun, readers here should remember that "what can be done" and "what can be done affordable, consistently, and unnoticed" are very different.
[ link to this | view in thread ]
Re: Re: Faraday cage
http://www.amazon.com/10-Inch-300cc-Oxy-Sorb-Absorbers-Preservation/dp/B006T5ES9O/ref=sr_ 1_4?ie=UTF8&qid=1384453248&sr=8-4&keywords=mylar+bag
If you have one of those bags hard drives are shipped in, that works, too.
[ link to this | view in thread ]
Re: Re: Re: Faraday cage
[ link to this | view in thread ]
Re: Re:
While I agree that this kind of standby power use is much lower than active transmissions of data, over couple of days, even when the phone is not actively used, the "Control channel" traffic will cause some notable battery loss. When powered off, this should not occur.
See: https://en.wikipedia.org/wiki/Control_channel
(MS means mobile station, or phone)
[ link to this | view in thread ]
Re: Re: Re:
in bag/cage, it cannot communicate, or drain the battery?
[ link to this | view in thread ]
Re: Re: Re: Re:
in bag/cage, it cannot communicate, or drain the battery?
If it's really and truly off, it can't do either. If it's still trying to communicate then it won't be able to if it's in a Faraday cage of some sort, but the battery drain could be worse since the device may "scream" louder and louder trying to get in touch with a tower it will never reach.
[ link to this | view in thread ]
Re: Re:
"It could even be a secondary power switch for users who wish to be 100% certain their phone is truly powered down."
Meaning there would be a primary power button that just turns the screen off.
[ link to this | view in thread ]
Re: Re: Re:
Wait, you're saying there's another tiny cell phone inside your cell phone battery?
[ link to this | view in thread ]
Carefully worded !!!!
WHEN THE FREAKING THING IT IS OFF.... IT IS OFF !!!!
what part of "NO POWER TO THE RADIO" don't you understand ???
For someone with "TECH" in their URL, you would think you would know better,
WHEN THE FUCKING THING IS OFF, it's POWERED DOWN, ITS OFF !!!!! GEEEZUS F CHRIST.
I am sorry but the stupidity of the author of this "article" is beyond comprehension. VERY, VERY SAD....
Have you given up on having any pretence of competence, or for that matter sanity ??
Simply amazing !!!!!!
[ link to this | view in thread ]
Re: Just Test the Damn Things!
Talk all the conspiracy theories you like, it just makes those claiming otherwise look like people have NO IDEA of even the basics of electronics.
When a Cell phone is off, there is at best a very small amount of power to the start button, and possibly (probably) a small holding current for the internal RAM, it is enough power to hold the data, but not enough to allow it to be used as ram. The CPU is not powered, the memory is not powered, the GPS is not powered, the Bluetooth is not powered, it emits no RF energy, it is not capable of receiving any RF energy, IT IS FUCKING OFF, for Gods sake !!!
Look at the types of IC's used in your phone, then look up the technical data sheet for that component, make your own decision (sure a degree in electronics engineering might help) but if you study it long and hard enough you might be able to work it out for yourself..
But don't take off your faraday cage tin foil hats, otherwise major league baseball might come and get you.
[ link to this | view in thread ]
Re: Re:
But when the power is off to that circuitry, the software does not run, as the power is off !!!!! Closed chips or not, if the chip has no power applied to it, it does not work, pretty basic stuff !!!
[ link to this | view in thread ]
Re: Re: Re:
Have you ever put two identical phones powered down one in a faraday cage and other not ?
I bet you have not, otherwise you would not make such a stupid statement.
[ link to this | view in thread ]
Re: Re:
Look up the type of RAM used in your phone, then download the data sheet for it, and find out for yourself.
All you have to do is look, and you would not have to 'guess' or believe Masnick, (who damn well should know better).
[ link to this | view in thread ]
Re: Re:
If you like look up "static RAM standby' and find out for yourself how "battery backup" and such work, you might even learn something..
[ link to this | view in thread ]
Re: Cell phone ID / tracking
[ link to this | view in thread ]
Re: Re: Re:
Pretty simple stuff!!
[ link to this | view in thread ]
Sure there is: Put the phone inside a Faraday Cage, eg; a wire mesh pouch, or for an ad hoc solution, inside a microwave oven, or metal box.
[ link to this | view in thread ]
Fixed batteries are ONLY so the NSA can listen to your phone all the time
Cut off contact with the cell network for privacy AND YOUR BATTERY WILL DIE.
When they can't see a tower, phones turn up the RF power all the way and leave it there until they connect.
The effect is maximum battery drain, more than anything you can do except the flashlight function.
Not a solution except for brief times you want to talk about something you absolutely don't want them to hear.
The fact that ALL phones now have fixed batteries when removable batteries have huge advantages (the battery dies, phone reset, etc) is SMOKING GUN EVIDENCE that the NSA either forced the companies or more likely bribed them with millions of our tax money, to force the phones to always be able to listen to you secretly and tell where you are.
The NSA defeated the gold-standard, trusted RSA encryption by paying RSA 30 million dollars to put in a back door.
Their excuse—that the phone looks prettier if you can't remove the battery—is so WAY beyond ridiculous that it's insulting to hear them tell it to us.
[ link to this | view in thread ]