Cell Phone Manufacturers Offer Carefully Worded Denials To Question Of Whether NSA Can Track Powered-Down Cell Phones

from the it's-not-so-much-what's-being-said,-it's-how-it's-being-said dept

Back in July, a small but disturbing detail on the government's cell phone tracking abilities was buried inside a larger story detailing the explosive expansion of the NSA post-9/11. Ryan Gallagher at Slate pulled this small paragraph out and highlighted it.

By September 2004, the NSA had developed a technique that was dubbed “The Find” by special operations officers. The technique, the Post reports, was used in Iraq and “enabled the agency to find cellphones even when they were turned off.” This helped identify “thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq,” according to members of the special operations unit interviewed by the Post.
Ars Technica reports that some security researchers are calling this statement into question and have contacted cell phone providers for statements on the NSA's claim. Only a few have responded at this point, and their denials have been worded very specifically.

Google had this to say:
When a mobile device running the Android Operating System is powered off, there is no part of the Operating System that remains on or emits a signal. Google has no way to turn on a device remotely.
Google may not have a way, but that doesn't mean the NSA doesn't.

Nokia:
Our devices are designed so that when they are switched off, the radio transceivers within the devices should be powered off. We are not aware of any way they could be re-activated until the user switches the device on again. We believe that this means that the device could not be tracked in the manner suggested in the article you referenced.
Once again, we're looking at words like "should" and "not aware." This doesn't necessarily suggest Nokia does know of methods government agencies could use to track phones that are off, but it doesn't entirely rule it out either.

Samsung's response is more interesting. While declaring that all components should be turned off when the phone is powered down, it does acknowledge that malware could trick cell phone users into believing their phone is powered down when it isn't. Ericsson, which is no longer in the business of producing cell phones (and presumably has less to lose by being forthright), was even more expansive on the subject.
The only electronics normally remaining in operation are the crystal that keeps track of time and some functionality sensing on-button and charger connection. The modem (the cellular communication part) cannot turn on by itself. It is not powered in off-state. Power and clock distribution to the modem is controlled by the application processor in the mobile phone. The application processor only turns on if the user pushes the on-switch. There could, however, be potential risks that once the phone runs there could be means to construct malicious applications that can exploit the phone.
On the plus side, the responding manufacturers seem to be interested in ensuring a powered down phone is actually powered down, rather than just put into a "standby" or "hibernation" mode that could potentially lead to exploitation. But the implicit statement these carefully worded denials make is that anything's possible. Not being directly "aware" of something isn't the same thing as a denial.

Even if the odds seem very low that the NSA can track a powered down cell phone, the last few months of leaks have shown the agency has some very surprising capabilities -- some of which even stunned engineers working for the companies it surreptitiously slurped data from.

Not only that, but there's historical evidence via court cases that shows the FBI has used others' phones as eavesdropping devices by remotely activating them and using the mic to record conversations. As was noted by c|net back in 2006, whatever the FBI utilized apparently worked even when phones were shut off.
The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.

Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years.
Short of pulling out the battery (notably not an option in some phones), there seems to be little anyone can do to prevent the device from being tracked and/or used as a listening device. The responding companies listed above have somewhat hedged their answers to the researcher's questions, most likely not out of any deference to government intelligence agencies, but rather to prevent looking ignorant later if (or when) subsequent leaks make these tactics public knowledge.

Any powered up cell phone performs a lot of legwork for intelligence agencies, supplying a steady stream of location and communications data. If nothing else, the leaks have proven the NSA (and to a slightly lesser extent, the FBI) has an unquenchable thirst for data. If such exploits exist (and they seem to), it would be ridiculous to believe they aren't being used to their fullest extent.



Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    rw (profile), Nov 13th, 2013 @ 5:32am

    Apple?

    Where's Apple's Iphone?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Larry Vrooman (profile), Nov 13th, 2013 @ 5:51am

    Cell phone ID / tracking

    All that is needed, is a VERY small RFID chip to the phone.
    No power, no battery is necessary.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Nov 13th, 2013 @ 6:57am

      Re: Cell phone ID / tracking

      Not exactly true. Passive RFID (the kind that needs no power) is powered by a radio signal from the reader. Either the reader has to be physically close, or the antenna has to be very large and powerful.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Larry Vrooman (profile), Nov 13th, 2013 @ 8:54am

        Re: Re: Cell phone ID / tracking

        Here is a link to a long range reader;
        http://www.iautomate.com/products/wavetrend-l-rx202-long-range-rfid-reader.html

        450 feet, plenty of range to read / track roads, highways,
        shopping malls, public venues, etc.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Mr. Applegate, Nov 13th, 2013 @ 10:04am

          Re: Re: Re: Cell phone ID / tracking

          The link you provided is capable of reading Active RFID tags, not PASSIVE RFID tags, which was what John Fenderson was pointing out. From the manufacturer's Information Sheet.
          http://www.wavetrend.net/downloads/information-sheets/readers/RX202.pdf

          The RX202 reader detects and decodes RFID (radio frequency identification) signals from Wavetrend’s range of active RFID tags.
          You must provide a fair amount of RF energy to provide enough power for a passive RFID tag to respond. Here is some interesting information:
          Generally speaking RFID tag maximum read distances are as follows:

          125 kHz. and 134.3 kHz. Low Frequency (LF) Passive RFID Tags -read distance of 30 cm (1 foot) or less - usually 10 cm (4 inches) unless you are using a very large tag which can have a read distance of up to 2 meters when attached to metal. SkyRFID can provide several different LF 134.2 tags which produce read distances of 1 - 2 meters in industrial environments. We also have special readers that allow for a 1 - 2 meter read distance using standard size tags. There are no limits with SkyRFID!

          13.56 MHz. High Frequency (HF) Passive RFID Tags - maximum read distance of 1.5 meters (4 foot 11 inches) - usually under 1 meter (3 feet) and you can use a single or multi port reader plus custom antennas to extend the read range to longer tag read distances or a wider RFID read zone. To obtain more than 1 meter you need a reader with more than 1 watt RFID output power. SkyRFID can supply 13.56 readers with RF power outputs up to 10 watts for multiple antenna connections and over 1 meter tag read distances.

          860 ~ 960 MHz. Ultra High Frequency (UHF) Passive RFID Tags - minimum read distance of over 1 meter or 3 feet. Gen2 tags can have a read range of up to 12 meters or 37 feet, however new generation of IC's plus antenna designs are now pushing this distance to over 15 meters! Gen 2 tags can be either 860 MHz. or 902 MHz. frequencies. Gen2 EPCglobal are multifrequency 860 ~ 960 MHz. Gen 2 Semi-active battery assisted tags are semi-passive (semi-active) tags have a read range of up to 50 meters or about 162 feet. Gen 2 Semi-active tags are just emerging on the market. We have both readers and tags available for those companies that need to be on the leading edge or simply need the range of the Gen 2 Semi-active technology. SkyRFID Windshield tags out latest version read at over 12 meters (40 feet) when attached to the inside of a windhsield and using our OEM hand held reader. You can get far longer read distances using our Sky fixed readers using Gen 2 US frequency 902~ 928 MHz.

          860 ~ 960 MHz. 3rd and 4th Generation IC/Silicon - The new generation 3 and 4 (Monza4, Higgs3 and NXP G2XM) silicon (Integrated Circuit) is now available in numerous inlay designs. This new silicon (IC) provides up to 40% more sensitivity while reducing RF interference. This means that a tag using this new generation of silicon can have a read range of over 16 meters or 50 feet under FCC regulations of 4 watts EIRP. For your local power regulations see RFID Frequencies and Transmission Power. SkyRFID is now offering many H3, Monza4 and NXP G2XM tags and has tested these tags at read distances of over 16 meters or 53 feet using 30 dBi power and a single antenna!
          RTLS - Real Time Location Systems - Usually LF and SHF - now you can have a UHF RTLS that is extremely accurate and can easily control 250,000 sq feet on a single switch. Use the Contact Us for more information.

          433 MHz Ultra High Frequency Active RFID Tags - up to 500 meter read range (1,500 feet) SkyRFID carries a complete line of 433 MHz readers and tags that can be used for many industrial,healthcare, mining, and other tracking and locating applications.

          2.45 GHz. Super High Frequency Active RFID Tags - up to 100 meter read range (325 feet) There are several different modulations for 2.45 GHz. and you can also have real time location information from these active tags.

          Source: http://www.skyrfid.com/RFID_Tag_Read_Ranges.php


          The latest technology Passive RFID Tags can be read at about 50 Feet max.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            Larry Vrooman (profile), Nov 13th, 2013 @ 11:13am

            Re: Re: Re: Re: Cell phone ID / tracking

            I stand correct, thanks.

            However, these are known / public performance parameters.
            The government / NSA would probably have better performance with their SECRET hardware.

             

            reply to this | link to this | view in chronology ]

            •  
              icon
              John Fenderson (profile), Nov 13th, 2013 @ 11:57am

              Re: Re: Re: Re: Re: Cell phone ID / tracking

              They don't have access to magic, though. There are fundamental laws of physics involved here.

               

              reply to this | link to this | view in chronology ]

            •  
              identicon
              Mr. Applegate, Nov 13th, 2013 @ 12:13pm

              Re: Re: Re: Re: Re: Cell phone ID / tracking

              That is very true. If you ignore FCC Regulations about directed RF at given frequency ranges you can get better response distances. The problem there is you normally cause interference with other types of communications in the process. Also the antennas on most passive tags are pretty poor for transmitting.

              I think I see my next electronics project on the way. May have to do a little "WarDriving" but rather than looking for WIFI, maybe I will look for RFID Readers. I doubt I find much around me, but hey, you never know.

               

              reply to this | link to this | view in chronology ]

              •  
                icon
                Larry Vrooman (profile), Nov 13th, 2013 @ 12:21pm

                Re: Re: Re: Re: Re: Re: Cell phone ID / tracking

                The real secret(s) IMHO would be in the antenna. Bigger is better. Suppose it was located in that big advertising sign on the side of the highway? The size would reduce power requirements, therefore reducing interference. Nobody uses advertising signs for dual purposes, right?

                 

                reply to this | link to this | view in chronology ]

                •  
                  icon
                  John Fenderson (profile), Nov 13th, 2013 @ 12:55pm

                  Re: Re: Re: Re: Re: Re: Re: Cell phone ID / tracking

                  You need both a big antenna and more power if you want to get any serious distance.

                  You need a low of power because you're powering the rfid tag. The amount of power a radio signal carries falls off at the rate of the square of the distance from the source. Using a larger antenna does not reduce the power requirements for this.

                  You need a larger antenna because the radio signal the tag generates in response to the reader is pretty weak. If you're trying to pick up a weak signal (made even weaker because of that square-of-the-distance thing), you need a large antenna.

                  In short, as Mr. Applegate points out, there is pretty much only one way you could transmit the kind of power you need to accomplish what you're talking about without causing too much interference for everything else around, and that's a directional antenna. but using a directional antenna sucks pretty hard if you're trying to track a bunch of things that are always moving around.

                  I'm not saying that what you're suggesting is technically impossible. It might well be. however, it would not be possible to do it in a way that goes unnoticed, and it would be very, very expensive.

                  It's much cheaper, and almost as good, to simply track everyone's Wifi & cell signal beacons. Which is what is actually done. Nobody worries about people pulling batteries because almost nobody pulls batteries.

                   

                  reply to this | link to this | view in chronology ]

                  •  
                    icon
                    Derek Kerton (profile), Nov 14th, 2013 @ 10:19am

                    Re: Re: Re: Re: Re: Re: Re: Re: Cell phone ID / tracking

                    John, I think you nailed it here.

                    While the small debate with Applegate is fun, readers here should remember that "what can be done" and "what can be done affordable, consistently, and unnoticed" are very different.

                     

                    reply to this | link to this | view in chronology ]

    •  
      identicon
      Ark, Nov 21st, 2013 @ 8:29am

      Re: Cell phone ID / tracking

      If you store a phone in a pouch that is lined with aluminum foil, I believe this will protect against RFID.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    yagmur, Nov 13th, 2013 @ 5:55am

    take the battery out to be sure.

    in turkey, another country with excessive government surveillance, it is common practise to pull the battery from cell phones and leaving phones outside of a room if you want your communications to remain secret and you suspect you may be targeted (professors during a faculty meeting do so).

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      btr1701 (profile), Nov 13th, 2013 @ 9:20am

      Re: take the battery out to be sure.

      > in turkey, another country with excessive
      > government surveillance, it is common practise
      > to pull the battery from cell phones and
      > leaving phones outside of a room if you
      > want your communications to remain secret

      That's standard practice in America, also. In every government building that deals with classified information, you'll find racks of cell-phone-sized cubbyholes outside the doors to the SCIFs and everyone is required to leave all devices capable of sending or receiving EM signals in those cubbys. Bringing a cell phone into a SCIF is a serious violation and will bring you no end of grief.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 6:01am

    The question should be asked of the networks, as they add and modify the phone software. They are the ones, rather than the manufacturers who would enable covert phone use, and respond to warrants.

     

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Nov 13th, 2013 @ 6:01am

    Heh, heh. At last you're suspicious of "Google has no way".

    Believe that's the first time I've seen Mike or minions express doubt of a Google statement. The wall has cracked.

    Anyhoo, if you're actually wondering whether such tech exists: stop wondering! -- Not only does it exist (no, I don't have any "proof" to link, but it's OBVIOUS that on-off switching is totally under computer control, and how else would the Emergency Alert system work?), BUT all phones periodically communicate to cell towers too.

    To keep gadgets from spying, you'll need to take the battery out and put it in a metal box. SPYING IS THE MAIN PURPOSE OF THE GADGETS. That you get some use out of them is distant secondary just to trick you: gov't and Rich are tickled pink that you actually pay to have their spies in your pocket!

    It's not the 20th century, kids. You are now in the dystopic Brave New World of 1950's science fiction -- made practical and routine, isn't just vague text outlines. Total control of the populace now IS possible because The Rich have billions of gadgets to spy on everyone all the time. -- YOU do NOT own those gadgets! Get that old notion out of your heads! The gadgets aren't under YOUR control! The Rich own them! -- And The Rich believe that they quite literally own YOU too. It's feudalism with high-tech gadgets to keep you dulled with empty entertainments and watched all the time.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      ChrisB (profile), Nov 13th, 2013 @ 6:23am

      Re: Heh, heh. At last you're suspicious of "Google has no way".

      The "Rich" don't care about you, unless you have money to spend (I'm assuming you don't, because you post here day and night). The government does care about you. Google, and other businesses, are victims, just like the rest of us, of an out of control government.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Nov 13th, 2013 @ 6:44am

        Re: Re: Heh, heh. At last you're suspicious of "Google has no way".

        "Google, and other businesses, are victims, just like the rest of us, of an out of control government."

        I can see that you are a serious contender for the Funny award this week.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 6:04am

    Faraday cage

    Right now, this instant, my personal cell phone is not just powered down. Rather, I'm also keeping it in a Faraday cage.

    That's just me. Maybe I'm paranoid, maybe I'm just cautious. Whatever. I like my privacy—and, at any rate—I do enjoy the luxury of not needing to carry around a tracking device 24x7. Finally, I also do understand that many other people can't afford the luxury I enjoy.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    maroon78 (profile), Nov 13th, 2013 @ 6:07am

    the second OS in your smart phone

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      zub, Nov 13th, 2013 @ 6:27am

      Re: the second OS in your smart phone

      Exactly my thoughts - if there's something, it can be hiding there. Nobody really sees what it does, and it's typically the master... +1

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 13th, 2013 @ 6:48am

      Re: the second OS in your smart phone

      Sigh...
      It seems surveillance is virtually impossible to avoid. Read the comments after this article wherein the point is made that even phones that aren't "smart" have this stuff buried in them.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 6:17am

    although it was about 8-10years ago, i had a Samsung phone, using Vodafone. twice it turned on by itself whilst on holiday. apart from anything else, i ended up with a bill from the network provider which i had a hard job getting removed and only then after it was admitted that the phone could basically 'start itself' and did so to keep track of where the phone was!!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Capt ICE Enforcer, Nov 13th, 2013 @ 6:41am

    Lost phones.

    Please citizens, quit asking me to find your lost phones.

    V/R
    Capt ICE Enforcer,
    Defender of the Rich.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Chronno S. Trigger (profile), Nov 13th, 2013 @ 6:54am

    There's an easy way to find out. The transceiver takes up a lot of power. Charge up your cell phone the entire way and then turn it off. After a week of it being off, if the battery is around 70% or 50%, you know something's up. If it's still 99%, that thing was off.

    I figured this out with my iPod touch. Since I only used it for website testing, it was on standby most of the time. Even with the wifi and GPS off, it would be completely dead in two days. Then I decided to charge it and just turn it off. After two weeks, I turned it back on to test with and the battery was 100%. My first thought was "At least I know when this thing's off, it's off."

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 13th, 2013 @ 7:37am

      Re:

      "The transceiver takes up a lot of power."

      This is false. GSM chips are rather energy efficient. They only eat a lot of power when they are actively transmitting lots of data for a long period of time (like, during a call or while surfing the web).

      Tracking you via GSM is very cheap, energetically speaking.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        Chronno S. Trigger (profile), Nov 13th, 2013 @ 8:24am

        Re: Re:

        It still takes up power and a lot more of it then a time keeper. Even at low power, after a week it will take up a vary noticeable amount of the battery.

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        Derek Kerton (profile), Nov 14th, 2013 @ 10:38am

        Re: Re:

        Not false. An active GSM radio must maintain a line of communications with the nearest towers, or if out of range, try to contact a tower. This activity is largely listening to control information from the BTS (tower), but some confirmation replies are also required.

        While I agree that this kind of standby power use is much lower than active transmissions of data, over couple of days, even when the phone is not actively used, the "Control channel" traffic will cause some notable battery loss. When powered off, this should not occur.

        See: https://en.wikipedia.org/wiki/Control_channel
        (MS means mobile station, or phone)

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Larry Vrooman (profile), Nov 14th, 2013 @ 11:19am

          Re: Re: Re:

          So, can we agree that when 'powered off' and stored
          in bag/cage, it cannot communicate, or drain the battery?

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            nasch (profile), Nov 14th, 2013 @ 3:40pm

            Re: Re: Re: Re:

            So, can we agree that when 'powered off' and stored
            in bag/cage, it cannot communicate, or drain the battery?


            If it's really and truly off, it can't do either. If it's still trying to communicate then it won't be able to if it's in a Faraday cage of some sort, but the battery drain could be worse since the device may "scream" louder and louder trying to get in touch with a tower it will never reach.

             

            reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 6:57am

    There's always a Faraday pouch.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Anshar (profile), Nov 13th, 2013 @ 7:03am

    There's an old-fashioned solution…

    Manufacturers could go back to a hardware power switch that physically disconnects the power supply from the rest of the device. A small charging circuit on the battery side of the switch could still allow it to be charged while off. It could even be a secondary power switch for users who wish to be 100% certain their phone is truly powered down.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Nov 13th, 2013 @ 1:02pm

      Re:

      They could, but then people would get mad that they have to wait for the phone to boot up every time they want to make a call.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        nasch (profile), Nov 14th, 2013 @ 3:41pm

        Re: Re:

        They could, but then people would get mad that they have to wait for the phone to boot up every time they want to make a call.

        "It could even be a secondary power switch for users who wish to be 100% certain their phone is truly powered down."

        Meaning there would be a primary power button that just turns the screen off.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 7:06am

    Not laughing so hard at my 3310 now are ya?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    David, Nov 13th, 2013 @ 7:24am

    Most phones have alarm clocks. You can set an alarm for a particular time and switch the phone off (as in, press the power-off button).

    At the given alarm time, the phone will still wake up and ring. Yes, that's right, the alarm function does not require you keeping the whole thing on (surprised me when I found out the first time). That goes for rather old "dumb" mobile phones, I should think it would go for smart phones still (they have similar control circuitry I think).

    Actually, most laptops can do the same via the RTC and ACPI.

    The point is "only when the power button is pressed" is a verifiable falsehood by just using standard phone functionality.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    kenichi tanaka (profile), Nov 13th, 2013 @ 7:32am

    Somebody needs to tell the geniuses in the intelligence community that if someone removes the battery from their cell phone, there is no way, in Hell, that government intelligence agencies can turn your phone back on, through malware or otherwise.

    "Hey, Beavis."

    "Heh, heh. What's up, Butthead."

    "Mobile Phones can be tracked without a battery."

    "Now why didn't Bill gates think of that?"

    LOLS

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      ltlw0lf (profile), Nov 13th, 2013 @ 9:56am

      Re:

      Somebody needs to tell the geniuses in the intelligence community that if someone removes the battery from their cell phone, there is no way, in Hell, that government intelligence agencies can turn your phone back on, through malware or otherwise.

      CMOS? A second, much smaller battery contained in the device which powers vital memory functions, kept topped off by the main battery but which can function when the main battery is removed for a limited period of time.

      Just a guess. I have no real way of knowing if this is possible, but I don't think it is so cut and dry and I'd never say never in this case.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Nov 15th, 2013 @ 1:32am

        Re: Re:

        the power to the RAM is enough to keep the data stored in the RAM intact, it is not enough power for it to function as a RAM, that requires to correct VCC and the power to drive the I/O transistors of the RAN, these parts to not have power applied in standby mode, so it retains the data, but does not work as a RAN (you cant read or write from it).

        Look up the type of RAM used in your phone, then download the data sheet for it, and find out for yourself.

        All you have to do is look, and you would not have to 'guess' or believe Masnick, (who damn well should know better).

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Nov 15th, 2013 @ 1:36am

        Re: Re:

        CMOS stands for Complementary Metal Oxide Silicon, its a type of logic, is requires less power that TTL (Transistor, transistor logic), but is not as fast as ECL (emitter collector logic).

        If you like look up "static RAM standby' and find out for yourself how "battery backup" and such work, you might even learn something..

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Pixelation, Nov 13th, 2013 @ 7:42am

    Great, now I need to make a tinfoil hat for my phone...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 7:45am

    ...

    wrap it in foil, nuf said

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 7:48am

    RTC alarm wakeup

    The only electronics normally remaining in operation are the crystal that keeps track of time and some functionality sensing on-button and charger connection.

    When they say "the crystal that keeps track of the time", they are talking about the RTC, a circuit not unlike what you would find on a common digital watch (it is even the same kind of crystal). Notably, that circuit often can be programmed to wake up the system at a specific time. If it is wired correctly (and I suspect it often is), all one needs to do is to program it with the desired wakeup time.

    This way, you can have a completely powered off phone, wasting almost no power, which can still wake up by itself and report its location.

    The only completely reliable way to prevent a phone from reporting its location is to remove the main battery. The auxiliary RTC battery, when present, is only connected to the RTC circuit, and even if that was not the case, it does not have enough power to run the whole phone, especially the power-hungry radios.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Akakak, Nov 13th, 2013 @ 8:02am

    Just to fuel the feelings of paranoia. Here's a possible attack vector. The lower level system that controls the radio section of cell phones. http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Wally (profile), Nov 13th, 2013 @ 8:14am

    Sort of like the varilium patch Spock gave to Kirk in Star Trek VI...

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    mr. sim (profile), Nov 13th, 2013 @ 8:19am

    and now you know why cell phones are being made where you can't take the batteries. formally if you wanted to "go dark" you'd take the battery out of the phone and that's that. you pop it back in when you make a call. but now they make the battery unable to be reached to prevent you from actually being able to turn off the phone physically. next comes the phones operating system having a remote trip switch so the phone makers, plan providers and the government to track you and suck up that all important location info and you can't stop them

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Nov 13th, 2013 @ 10:48am

      Re:

      Those are mostly iPhones, which make the battery nonremovable to ensure lock-in with Apple and that you'll eventually have to buy a new iPhone.

      The majority of other smartphones I see, even the very newest, have removable batteries.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 13th, 2013 @ 3:01pm

      Re:

      I doubt that's the reason they're irremovable. It's just a convenient side effect. These days they're making batteries in odd shapes and as thin as possible so sometimes they're just plastic bags with electrodes hanging out. Anything they can do to keep the phone thinner, they will do. That's the profit driver there, making a sleek phone.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), Nov 13th, 2013 @ 3:41pm

        Re: Re:

        I don't think that's it, either. If it was, then why is it that iPhone batteries are not removable, but my Samsung battery is -- even though the Samsung is almost half as thick as the iPhone?

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 9:00am

    Apparently this worked for finding IED device triggers that used cell phones. In order for this to work, it has to cover more than one type of cell phone. So just how many makers of cell phones are there globally? Somehow I think it comes down to the major makers. Like the communications giants they are likely being paid good money to ensure these methods are available. After all, if you were to look at the inside of a phone, would you be able to pick out the component that didn't belong? Especially if it was inserted by the manufacturer.

    So either they aren't talking, they know and are playing dumb, or like Google and /. they are a victim of circumstances. Given other co-operative events by communications giants, I would not put it past them to have a known method by this time to do so.

    As the microphone trick shows, there are ways to remotely activate phones, be that malware or whatever. Doesn't change the fact it's done.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 13th, 2013 @ 11:04am

      Re:

      Point of order: cell-phone triggers for IEDs traditionally rely on having the phone turned ON. If the NSA can track powered-down phones (or, more likely, remotely crack them to keep them from fully powering down), that's another thing entirely.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    ME, Nov 13th, 2013 @ 9:59am

    How to prevent a cell phone from connecting:

    Simple. Wrap it in aluminium foil. It will not be able to connect to anything since aluminium blocks radio frequencies.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Slappy, Nov 13th, 2013 @ 10:11am

    There are two options: 1) Don't use a cell phone. 2) Shield the phone when not in use. The feds aren't as stupid as some would like them to be, and cell phone manufacturers routinely make concessions to law enforcement. The feds know the first "remedy" is to take out that battery to thwart tracking. That doesn't work because GUESS WHAT'S IN THE BATTERY?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Nov 13th, 2013 @ 10:50am

      Re:

      GUESS WHAT'S IN THE BATTERY?


      What? Electricity?

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Nov 13th, 2013 @ 11:14am

        Re: Re:

        GUESS WHAT'S IN THE BATTERY?
        What? Electricity?
        Lithium.   It's lithium.

         

         

        From Wikipedia, The Free Encyclopedia: Lithium (medication)
         . . . used as a psychiatric medication. A number of salts of lithium are used as mood-stabilizing drugs, primarily in the treatment of bipolar disorder, where they have a role in the treatment of depression and particularly of mania, both acutely and in the long term. . . .

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Slappy, Nov 14th, 2013 @ 4:19am

        Re: Re:

        Obviously, and another tiny item run by same said electricity.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          nasch (profile), Nov 14th, 2013 @ 3:58pm

          Re: Re: Re:

          Obviously, and another tiny item run by same said electricity.

          Wait, you're saying there's another tiny cell phone inside your cell phone battery?

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 10:17am

    now go buy your smart tv with built in WiFi and Xbox one so you can be monitored like all good patriots should want. you have nothing to hide and since those used games break copyright we now have unlimited probable cause

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    aldestrawk (profile), Nov 13th, 2013 @ 10:18am

    "Short of pulling out the battery (notably not an option in some phones), there seems to be little anyone can do to prevent the device from being tracked and/or used as a listening device."

    It's not that hopeless. As pointed out in some of the previous comments a faraday cage or bag is sufficient to prevent remote activation of your cell phone. These are now being made and will probably become more common. If you don't care about style, you can just use a mylar bag. There are 2 caveats to keep in mind;
    1). Not any bag made from metallized film will do. I have tested anti-static bags that don't work.
    2). make sure it is fully closed and stays that way in your pocket or purse.

    Your bag is easily tested. Just call your phone while its in the bag. The test is better if it is done in a place that shows the maximum bars for service. For foolproof testing, stand next to a cell tower for your carrier and do the same thing.

    This avoids having to worry about; whether the radio circuitry is really turned off or not, getting a phone with a removable battery, secret secondary batteries, or secret RFID chips.

    If some of the phone manufacturers are being coy about denying the ability to remotely activate a turned off phone, it might be because they have allowed the phone to be configured to listen while "off". It is conceivable to me (but I'm not convinced) that manufacturers along with carriers in conformance with CALEA might allow a phone to be set in a pseudo-off mode in response to a wiretap order. Regardless, this can still be defeated with a Faraday bag.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 13th, 2013 @ 10:27am

      Re:

      Your bag is easily tested. Just call your phone while its in the bag.

      Your phone should be POWERED ON during this test.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), Nov 13th, 2013 @ 11:16am

        Re: Re:

        But powered off or put in airplane mode when using the bag for real. When a cell phone can't reach a tower, it increases the power of its transmission. As a result, storing a powered-up cellphone in a faraday cage will drain the battery faster.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Nov 15th, 2013 @ 1:25am

          Re: Re: Re:

          when it's powered off, or in airplane mode, no power is applied to the RF sections of your phone, so the phone does not 'increase power' the phone has no power in those modes.

          Have you ever put two identical phones powered down one in a faraday cage and other not ?

          I bet you have not, otherwise you would not make such a stupid statement.

           

          reply to this | link to this | view in chronology ]

      •  
        icon
        aldestrawk (profile), Nov 13th, 2013 @ 12:45pm

        Re: Re:

        Of course. I thought that would be obvious unless you can arrange for the FBI or the NSA to try the remote activation at an agreed to time.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Nov 13th, 2013 @ 1:46pm

          Re: Re: Re:

          I thought that would be obvious

          You don't write technical documentation for a living, do you? You're not a professional technical writer?

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 10:40am

    Today is a good day to have a POTS line.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Marak, Nov 13th, 2013 @ 2:57pm

    I havnt read through the comments (i will later, promise!). Quick thing i noticed, "no part of the android system is operating when the phone is offline".

    Thats all well and good but all phones (all) have two operating systems.

    The second system that is closed source that controls things such as the gps, 3g, radio etc. Ill pull up the article later (also to confirm which pieces of hardware are under control ).

    Note these pieces of hw under control could be quite useful at identifying a phone and locating it.

    That is where your tracking ability comes from.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      marak (profile), Nov 13th, 2013 @ 3:29pm

      Re:

      Ok so i got a chance and read the other posts (told you i would!), and some people have touched on it, but here's a link (happened to be reading it yesterday, woo for timing).

      http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone

      In short everything related to radio is controlled by a secondary OS, also USB and and GPS (possibly more still need to read the white paper).

      Update: quick read through these are also tied to the chip:

      Microphone and speakers.

      These are closed chips so we dont have any of the source code and have to rely on information given - joy -.-

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Nov 15th, 2013 @ 1:22am

        Re: Re:

        yes the radio (and GPS) have their own firmware, just as a PC has a BIOS, and firmware to read the keyboard (and the keyboards own CPU).

        But when the power is off to that circuitry, the software does not run, as the power is off !!!!! Closed chips or not, if the chip has no power applied to it, it does not work, pretty basic stuff !!!

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Noe, Nov 21st, 2013 @ 9:34am

          Re: Re: Re:

          If the RTOS has been hacked, and it controls the power circuitry, then it can shut off the Android/iOS CPU and yet still communicate with the cell towers.

          Pretty simple stuff!!

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 3:28pm

    Just Test the Damn Things!

    Checking an electronic device for A) powered off radiation, and B) response to an RFID query, is almost a no-brainer. Needed: one screen room for RF isolation, One RF spectrum analyzer to measure any radiation from the device, 3 An RFID test rig to stimulate the device and measure it's responses, plus appropriate antennae. None of this is rocket science, and is easily accomplished. Why doesn't someone do it? And no, I ain't got the equipment or I would.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      marak (profile), Nov 13th, 2013 @ 3:30pm

      Re: Just Test the Damn Things!

      Same no equip avail here for me to test. Anyone got a local hacker station available? (or anyone know of one in japan that they speak english at? lol)

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Nov 13th, 2013 @ 5:41pm

        Re: Re: Just Test the Damn Things!

        Back in the day, I'm talkin' mid 1980s to mid 1990s, there used to be companies that specialized in testing computers and components for Part 15 compliance. These shops were ideal for this sort of testing. I don't know if they still exist, but I think so.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Nov 15th, 2013 @ 1:19am

      Re: Just Test the Damn Things!

      people do it all the time, myself included, and I can tell you from practical experience, AND studying the circuit diagrams of these systems, that if they are OFF, they DO NOT radiate or receive RF AT ALL, NEVER.

      Talk all the conspiracy theories you like, it just makes those claiming otherwise look like people have NO IDEA of even the basics of electronics.

      When a Cell phone is off, there is at best a very small amount of power to the start button, and possibly (probably) a small holding current for the internal RAM, it is enough power to hold the data, but not enough to allow it to be used as ram. The CPU is not powered, the memory is not powered, the GPS is not powered, the Bluetooth is not powered, it emits no RF energy, it is not capable of receiving any RF energy, IT IS FUCKING OFF, for Gods sake !!!

      Look at the types of IC's used in your phone, then look up the technical data sheet for that component, make your own decision (sure a degree in electronics engineering might help) but if you study it long and hard enough you might be able to work it out for yourself..

      But don't take off your faraday cage tin foil hats, otherwise major league baseball might come and get you.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 5:19pm

    SIM cards have their own micro processor. What we should really be asking is, who designs and manufactures the cellphone modems used inside most smartphones? Is it the phone manufactures, or someone else?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 13th, 2013 @ 5:52pm

    How Come They Haven't Tested The Phones?

    You know, the more I think about this, the more I wonder just exactly WHY some outfit like Anandtech or CNet or Engadget hasn't done the tests necessary? This stuff is fairly simple, compared to the motherboard, hard disk/SSD, or heatsink testing that goes on. This is also not the first time this question has come up, and STILL no testing has been done. Anyone know why?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 15th, 2013 @ 1:08am

    Carefully worded !!!!

    What are you saying you say things that are not carefully worded, and lets have a look at that they are saying.

    WHEN THE FREAKING THING IT IS OFF.... IT IS OFF !!!!

    what part of "NO POWER TO THE RADIO" don't you understand ???

    For someone with "TECH" in their URL, you would think you would know better,

    WHEN THE FUCKING THING IS OFF, it's POWERED DOWN, ITS OFF !!!!! GEEEZUS F CHRIST.

    I am sorry but the stupidity of the author of this "article" is beyond comprehension. VERY, VERY SAD....
    Have you given up on having any pretence of competence, or for that matter sanity ??

    Simply amazing !!!!!!

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This