Legal Spying Via the Cell Phone System

An anonymous reader writes "Two researchers say they have found a way to exploit weaknesses in the mobile telecom system to legally spy on people by figuring out the private cell phone number of anyone they want, tracking their whereabouts, and listening to their voice mail."

Obligatory

[OdoylesRule]

In Soviet Russia, phone calls you!

You missed something

[Anonymous Coward]

In Soviet Russia, phone calls you!

You missed a small detail. It's supposed to be funny, too.

remove battery?

[newdsfornerds]

Is it true that the gubmint can track the location of my cellie even when it's off? Or do I really need to disconnect the battery?

Re:

[Monkeedude1212]

I believe that is true.

I've had a cell phone "turned off" for about a month one time to find the battery completely drained. Some activity must be going on. Just my personal experience. You don't have to buy my FUD though.

Re:

[characterZer0]

I had a Motorola mobile phone that drained faster while off than it did while on. It could just be poor design or corrosion.

Re:remove battery?

[datapharmer]

If you just let a disconnected battery sit in a drawer it will drain itself too. It must be wireless electricity doodads in the battery and phone so the phone can send information on you to the secret police even if the battery is pulled. Quick, run before they find out you know too much!

Or maybe batteries just have a tendency to run dead when not in use due to self-discharge [wikipedia.org]. Now get off my tech site.

Re:

[alan_dershowitz]

He may not have been right about suspecting being spied on because of battery discharge, but the government can in fact remotely activate some cell phones and eavesdrop on nearby conversations with them:

FBI taps cell phone mic as eavesdropping tool [cnet.com]

Re:

[Anonymous Coward]

Dude, it gets worse, I saw this documentary where this rich guy used all the cell phones in a city to listen to the whole city. It got so bad his friend was, like, made at him and everything. I think the police were in on it cause they had this light thing that signaled him when they wanted him to work for them or something.~

Read your own link smartass

[thelexx]

The worst case mentioned on that page was 30% discharge per month.

Re:

[datapharmer]

I don't usually reply to anonymous cowards, but just to clear the air... I didn't mean to be harsh - many cellphones have a soft off (such as the iphone) and others can be modified for monitoring purposes by law enforcement. I just wanted to make the point that just because the battery drains doesn't mean you need to live in a tin foil fort in the woods. And yes, I know wikipedia isn't always right. I didn't feel like searching any harder for another link - the wikipedia one worked and made my point. And y

Re:

[newdsfornerds]

Screw the aluminum foil hat. I'm going with a Ti alloy this time.

Re:

[kaizokuace]

Is that so your hat is lighter allowing you to run faster from the boogy men? There is a reason foil is aluminum and not tin anymore... tin foil actually blocked brainwaves from being gleaned...

Re:remove battery?

[MaskedSlacker]

I once worked in a secured facility (DOE lab) where security briefings included being told that one of the reasons cellphones are not allowed is that they can be remotely tracked, accessed, and the microphones can be activated--even when the phone is off.

Whether its true or not, at a minimum, the people involved in setting security protocols for the DOE certainly think it is.

Re:

[Buelldozer]

There is no question that all of those things can be done.

Re:

[Fastolfe]

It is technically possible to manufacture a phone to do these things, but phones are not normally capable of doing this. Perhaps they were concerned about people bringing in fake phones, or phones that were tampered with or otherwise designed to pretend that they were off? Or maybe they've heard all of the urban legends and, being a "government" facility, they adopt security practices that assume even urban legends are true? Isn't there a phone OS out there that's open source?

Re:

[xeoron]

There was a article in the Boston Globe a few years back that talked about how the FBI had uploaded a custom software update to a turned off phone that would turn the mic on for them to listen to conversations the person was having while not on the phone, and how the phone company helped them do it. All of this came out about 2 years after the fact when they charged several people for charges related to organized crime.

Re:

[poetmatt]

no, it's a bunch of crap. All phones have a battery-less location feature but it's only turned on if you dial 911. Otherwise, having the battery in your phone or not doesn't affect whether or not you can be tracked.

Batteries will naturally dissipate on their own, usually to the tune of 3-30% per day depending on the capacity of the battery. Higher %age on smaller batteries. Have you never heard of that?

Re:

[IndustrialComplex]

no, it's a bunch of crap. All phones have a battery-less location feature but it's only turned on if you dial 911. Otherwise, having the battery in your phone or not doesn't affect whether or not you can be tracked.

I think you mean service-less emergency dial feature. Battery-less the phone isn't going to dial anything.

Re:

[Anonymous Coward]

If it's off for the purposes of an airline, (that is, radio off in order prevent interference), then it's off for the purposes of this, since it depends on the phone communicating with the cell tower.

Re:

[phasm42]

Is it true that the gubmint can track the location of my cellie even when it's off? Or do I really need to disconnect the battery?

It's theoretically possible since it's a soft power-off. Hypothetically, the phone could still be operating while giving the appearance of being turned off. By the same token, it could be taking pictures and transmitting audio even when you're not on a call and not using the camera, or even when "off". Whether this is ever actually done, I don't know.

Re:

[kamochan]

I have been demonstrated exploit code for the n900 which does that. Haven't heard of it in the wild, though...

Re:

[azh]

What about storing your phone in a Faraday cage?

Re:

[newdsfornerds]

Those are expensive. I'll keep it under my lead foil hat for now.

Re:

[Captain Centropyge]

Does a hamster cage count..?

Re:

[MRe_nl]

Is the hamster named Faraday?

Re:

[Matheus]

Why not just live in one [youtube.com] (1:03 in)

Re:

[natehoy]

My house has aluminum siding, and I assure you, it works. I get four bars outside the house, but had to purchase a repeater to get signal inside, or all of my cell phone use at home would have to be while standing next to a window that faces a cell tower.

Re:

[capo_dei_capi]

I wouldn't be so concerned about the gubment, they don't have the staff to track random people just for the hell of it. Since this can apparently be exploited by anyone, I'd be much more worried about that PI your wife hired, and the like.

Re:

[PReDiToR]

Staff? Is that like "people"?
Any decent operation could set up a small shell script to take geographic coordinates from their whole customer base and keep them in a database by number/subscriber/account as an index. With a decent warrant they could also use the remote activation features of most phones to gather this data discretely.
Once that information is in a DB those PIs can just look it up if they have the right access/connections.

24 isn't a fantasy, it is the NSA showing off last year's technology

Re:

[slick7]

I have an iPhone you iNsensitive clod.

It's not a weakness, it's a feature....for iSpy, inc.

Uhm, bad headline.

[dmgxmichael]

Just because it's possible doesn't make it legal.

Re:

[girlintraining]

Just because it's possible doesn't make it legal.

With good enough lawyers, everything is legal.

Re:

[warGod3]

It's only illegal if you get caught.

it's not the headline that's bad.

[fyngyrz]

With good enough lawyers, everything is legal.

With the ability to read the constitution - and reason above a third grade level - it is 100% clear that spying on a US citizen's communications without probable cause AND a warrant is not an authorized power for the US government or a US state. It is also doubtful that there exists, or can exist with constitution as currently constructed, a justification for a private citizen exercising such a power.

Re:

[IndustrialComplex]

With the ability to read the constitution - and reason above a third grade level - it is 100% clear that spying on a US citizen's communications without probable cause AND a warrant is not an authorized power for the US government or a US state. It is also doubtful that there exists, or can exist with constitution as currently constructed, a justification for a private citizen exercising such a power.

The Constitution's prohibitions against search and seizure do not apply to private citizens at all. There a

Re:

[fyngyrz]

I said justification. Not law. Not the same thing at all. It is 100% clear that the constitution was intended to make the feds recognize, and obey, the existence of certain bounds of privacy [fyngyrz.com] that already existed in our society, which private citizens are already expected to comply with.

Please.

[fyngyrz]

Arrogant? No. I'm entitled to an opinion, and to state that opinion. As a citizen, there is no requirement that I keep said opinion(s) to myself. You, on the other hand, are absolutely entitled to counter it. By all means, do so. Every mistake of mine I can correct improves me, and I'm all for that. Calling names, however, gets you nowhere. Try not to worry about my willingness to state my position, and instead, look at the actual position, and if you have a counter, let fly.

Also, I am bound to point out

Re:

[JesseMcDonald]

You started out so well...

With the ability to read the constitution - and reason above a third grade level - it is 100% clear that spying on a US citizen's communications without probable cause AND a warrant is not an authorized power for the US government or a US state.

But then you had to go and ruin it:

It is also doubtful that there exists, or can exist with constitution as currently constructed, a justification for a private citizen exercising such a power.

The Constitution does not apply to private citizens. It is a document which enumerates the powers granted (or explicitly withheld from) the federal government and the states. It may be argued (though I would disagree) that the Constitution permits the federal government to prohibit private citizens from sending or receiving the radio signals required to eavesdrop on the cell phone system. If so, this would be in the domain of the FCC. However, not

Re:

[fyngyrz]

But then you had to go and ruin it:

I didn't ruin anything. I said justification. Not law. See this essay on privacy [fyngyrz.com]. The constitution codifies social rules for privacy in order to limit the authorized powers of the feds. Those rules already existed and they were, and are, quite obvious to anyone in our society that isn't brain damaged or so socially inept they must be kept under supervision.

If that is a problem, either (a) encrypt your over-the-air communications, or (b) communicate through a channe

Re:

[JesseMcDonald]

Those rules already existed and they were, and are, quite obvious to anyone in our society that isn't brain damaged or so socially inept they must be kept under supervision.

I'm so glad that you decided to keep this thread civil...

The constitution codifies social rules for privacy in order to limit the authorized powers of the feds.

Only because the feds are granted powers private citizens don't have. To limit abuses of these powers they are required to get a court to sign off of on violating the property rights of others before they can legally mandate that others grant them access to their private property for search or seizure—something which private citizens are not permitted to do under any circumstances. This has nothing to do with "social rules for privacy".

In the co

Re:

[fyngyrz]

This has nothing to do with "social rules for privacy".

It has everything to do with them. It has been well understood for centuries that privacy was important; the 4th (and to some extent the 3rd) amendment is specifically a mechanism intended to restrain the government from violating privacy unless it has good and sufficient reason, reason it is required to show in order to pursue such a violation. "persons, houses, papers, and effects" precisely define the domain, as of the time of writing, where pri

Re:

[m.ducharme]

Of course, US presidents have been wiping their asses with the Constitution for 10 (30? 100?) years now, so...yeah.

Re:

[fyngyrz]

Former HP's lady CEO told a PI to do it to journalists and was never charged with any wrong doing.

George Bush jr. caused a US citizen to be incarcerated (very) long term without recourse to a lawyer or even a phone call, and he hasn't been charged with any wrong doing either, or impeached, as would have been entirely appropriate for the gross violation of his oath. So what's your point? That application of justice under the constitution and the law is imperfect? I think we all know that already. The po

Re:

[BhaKi]

With complicated enough law, everything is illegal.

Re:

[EdIII]

Just because it's possible doesn't make it right.

Unfortunately, everything that they are doing short of the voicemail hacking is currently legal in 49 states, and possibly 50 states.

They are exposing the extremely weak security of the overall telecom industry. What they did was considered normal operations. Maybe not something that an average person would be doing, but not against any TOS or laws.

It boils down to Caller ID spoofing. Create strong laws, stronger than the ones currently in Congress, and yo

Re:

[b4dc0d3r]

Before anyone latches on to your caller ID spoofing part, these people are not spoofing ID info to a third party - they are generating an incoming call to themselves with spoofed data. From what I can see, the proposed bill does not outlaw that, so they aren't doing anything in this step that *will* be illegal.

And the matching data they buy is not legal in any of the states. They have to buy it from European companies, which obtain it from US companies. So saying it's "legal" is misleading - it's more ac

Re:

[EdIII]

Before anyone latches on to your caller ID spoofing part, these people are not spoofing ID info to a third party - they are generating an incoming call to themselves with spoofed data. From what I can see, the proposed bill does not outlaw that, so they aren't doing anything in this step that *will* be illegal.

That's what I mean by much stronger Caller ID laws. I think that you should be able to prove ownership of a number, on demand, before you can use it as Caller ID. When you are getting an LNP (local

Re:

[boniggy]

From the Article:

DePetrillo said. "We created software that iterates through these numbers and can crawl the entire phone database in the U.S. within a couple of weeks... We have done whole cities and pulled thousands of records." "It's not illegal, nor is it a breach of terms of service," Bailey said.

How is this not illegal? its not an open DB that anyone can browse at freewill. You would need a way to hack/social-engineer the servers in order to get into it. I highly doubt that Verizon/ATT/etc have their entire customer DB's open for anyone to peruse with a data-miner. I'm sure the telco's aren't too happy bout this news.... and i bet they would pay high $$ to see them/this disappear. :)

Re:

[Anonymous Coward]

Clearly it ought to be legal though.

What the fuck are you smoking that makes you think this should be legal?

Re:

[Captain Centropyge]

^^THIS!!

Re:

[tophermeyer]

Clearly it ought to be legal though.

What the fuck are you smoking that makes you think this should be legal?

Um. Whoosh! I think? I'm not sure that post was entirely sincere. Or maybe I'm assuming sarcasm where there isn't any. Either way, maybe you should get ahold of some just to curb some of that hostility brah.

Re:

[crazyvas]

What the fuck are you smoking that makes you think this should be legal?

Whatever it is, it's not legal.

Re:

[pluther]

But it ought to be.

Re:

[SQLGuru]

Saw a line about spoofing caller id info. That isn't legal.....now.

Legal? What about the new caller ID law...

[Orga]

From TFA: DePetrillo used open-source PBX software to spoof the outgoing caller ID and then automated phone calls to himself, triggering the system to force a name lookup. I thought spoofing caller ID was now illegal...

Re:

[Qwell]

Plus the whole breaking into voicemail boxes thing.

Re:

[Monkeedude1212]

It is. And yes, they are doing it on a massive scale to pull thousands of records. So how long before a lawsuit?

Re:Legal? What about the new caller ID law...

[russotto]

He's calling himself, so he'd certainly lack any intent to deceive (which is an element of the new caller ID law). Do most people's cell phones work with caller ID with name? Neither mine (ATT) nor my wife's (Verizon) comes up with a name.

Re:

[__aasqbs9791]

What if he has multiple personality disorder? Or maybe like many car salesmen I know, he openly lies to himself so he can sleep at night? I wouldn't be so quick to assume there's no deception here.

On a more serious note, I was wondering something along those lines myself. I have T-Mobile and I could have sworn that mine used to do caller ID with name years ago. Now it only does it if the number's in my address book, and I was trying to figure out when that changed, or if I'm just insane (strong possibility

Re:

[Cougar Town]

My phone (Rogers) shows the name.

Re:

[Eponymous Coward]

I believe it depends on the intent.

You can still spoof as long as you aren't doing so to deceive or defraud.

Re:

[Ungrounded Lightning]

You can still spoof as long as you aren't doing so to deceive or defraud.

Seems to me that spoofing caller ID in order to trick the database into delivering information on some other phone user constitutes intent to defraud.

Re:

[Eponymous Coward]

Sometimes actions reveal intent, but I don't think it does in this case.

These researchers have apparently tried the attack described in TFA on themselves with no intent to defraud.

If you spoof caller id to trick a database, only a machine has been deceived (and that's arguable). What you do (or intend to do) next is the big question.

Re:

[MikeBabcock]

So if instead of displaying "Michael" I make my phone display "Mike" I'm deceiving someone? Just checking.

Re:

[theY4Kman]

It hasn't been signed into law yet: http://www.govtrack.us/congress/bill.xpd?bill=s111-30 [govtrack.us]

Re:

[theY4Kman]

Sorry, that's the 2009 bill. The 2010 version -- the one relevant now -- is here: http://www.opencongress.org/bill/111-h1258/show [opencongress.org]

In Germany?

[DABANSHEE]

Anyway unless the software he's using is illegal or the order of key strokes he's typing is illegal then nothing he's doing is illegal, well unless the result of using that software with those keystrokes is illegal, but then according to common-law it's up to the law enforcement body to prove he knew what the result would be.

Re:

[J053]

From TFA:

I thought spoofing caller ID was now illegal...

Not yet. The bill passed the US House of Representatives, but not the Senate.

Re:

[Ungrounded Lightning]

And once it IS signed it's still legal if you're in one of a number of other countries when you do it. (I wonder if the EU laws on personal information apply to the caller-ID info retrieval step if it's done there?)

As far as I can see (IANAL) the only step that's currently illegal in the US is cracking past the voicemail password. That's illegal under the Computer Fraud and Abuse act (accessing a protected computer) and occurs at the server location even if it's initiated from outside the US so there's ju

Foot meet bullet.

[cosm]

FTA: ""It's not illegal, nor is it a breach of terms of service," Bailey said."

I get mailed revised TOS and privacy policies from companies on a weekly basis. Now that this is publicized, how long will it stay 'legal'? Usually, loudly exclaiming "nener-nener-boo-boo you can't catch me" to one of the largest, consumer unfriendly, profit motivated industries gets their attention.

What makes them think this is legal....?

[sampson7]

As far as I can tell, they assert that it is legal, therefore they think it is legal. Come on folks -- just because you aren't breaking or entering, or murdering someone does not make what you are doing "legal." There are all sorts of privacy laws that come into play here -- and I strongly suspect that I can find at least one prosecutor/judge/jury combo in this country that disagrees. I can't even begin to describe how many laws could be implicated by breaking into someone's voice mail!

Yes, IAAL, but IANYL.

Re:

[Monkeedude1212]

Yes, IAAL, but IANYL.

Thats pretty pre-emptive of you, you don't even know how much they'd be willing to pay you should you win the case or not!

Re:

[sampson7]

Good point. Yes, IAAL, and I could be Your lawyer.... if the price is right :)

Re:

[idontgno]

As far as I can tell, they assert that it is legal, therefore they think it is legal.

That's a good point. They forgot their "IANAL" disclaimer, just so people understand exactly how much their "legal opinion" is worth.

This means that the average Slashdotter is more legally savvy then these two "researchers".

Re:

[steelfood]

You're right. This sounds like this'll easily run afoul of stalking laws.

Re:

[captaindomon]

Legality, for the most part, is based on intent, not methods. That seems to be often misunderstood by technical audiences. This is most definitely still very illegal.

well going by your logic

[DABANSHEE]

Every civilian in the US can be found guilty of cocaine dealing & have all their property forfeitured, just through the uncorroborated testimony of a paid snitch with a dubious past, & no other evidence what so ever - Ever heard of Mobile, Alabama & Union, Texas? Or look at all the prosecutor/judge/jury combos that have put innocent people to death.

Re:

[mjwalshe]

yes try doing this to Obamas mobile and see what happens.

Not quite

[Itninja]

They say it's legal, and cite no sources (i.e.'we asked our lawyer"). They seem to indicate that since EU telco 'offer it for free', then it must be legal. I would love to see someone defend this in court; especially if they are using the system to track someone covertly.

Re:

[Amouth]

just use the same argument the police use for why they don't need a warrant..

we aren't tracking the person - we are tracking the phone, they aren't required to carry it.

Re:

[PolygamousRanchKid]

Nelson Rockefeller said of his grandfather, John D. Rockefeller, "He didn't break any laws. But a lot of laws were passed because of what he did."

Re:

[AlexBirch]

1) Hire them to spy on a friend
2) Tell friend they're spying on him
3) Friend sues them
4) Profit!!!!

Re:

[muckracer]

> 1) Hire them to spy on a friend
> 2) Tell friend they're spying on him
> 3) Friend sues them
> 4) Profit!!!!

5) Thank $DEITY, that friend will never utter 'I got nothing to hide' again...
6) Move to next person/GOTO 1

What's new?

[Senzo]

We already do that, it's called the Homeland Security Act.

Re:

[Itninja]

I think it's called the Patriot Act:
Oliver Queenan: All cell phone signals are under surveillance, due to the courtesy of our Federal friends over there.
Ellerby: Patriot Act, Patriot Act! I love it, I love it, I love it!

Re:

[Senzo]

Oh yeah, that was the one I was going for. They are both pretty similar in description though :)

It's nearly illegal (and will be soon).

[Anonymous Psychopath]

From TFA: "DePetrillo used open-source PBX software to spoof the outgoing caller ID..."

Last week Congress passed the Truth in Caller ID Act of 2010 [gpo.gov] which will make it illegal "to cause any caller ID service to transmit misleading or inaccurate caller ID information, with the intent to defraud or deceive."

Once that's signed into law they will be on very thin ice arguing that they did not intend to defraud or deceive when they spoof their caller ID to obtain information that they normally would not be able to

Maybe not

[laing]

They may successfully argue that it is still legal. Their method is to call themselves with spoofed caller-id. The network fills in the name associated with the phone number and they build their database. Since they are only calling themselves and they know they are spoofing, they are not "intending to defraud or deceive" anyone.

Re:

[Anonymous Psychopath]

They may successfully argue that it is still legal. Their method is to call themselves with spoofed caller-id. The network fills in the name associated with the phone number and they build their database. Since they are only calling themselves and they know they are spoofing, they are not "intending to defraud or deceive" anyone.

Possibly, but I think most reasonable people would agree that using spoofing to trick the phone company into providing database information you shouldn't have falls under the "deceive" label.

Trespassing?

[digitalmonkey2k1]

Me thinks that the "researchers" need to research a little more... http://www.answers.com/topic/trespass [answers.com] http://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall97-papers/kim-crime.html [mit.edu]

Re:

[slick7]

"Collecting data is only the first step toward wisdom, but sharing data is the first step toward community" -IBM

Charging for data is the first step toward business

Not "perfectly legal" for much longer

[laing]

The US House recently passed a bill [google.com] to make caller ID spoofing illegal. Hopefully the Senate will soon follow suit.

Re:

[SleazyRidr]

While I agree that this won't be legal for much longer (assuming it is now), that bill won't make it illegal. the bill makes it illegal to spoof caller ID with intent to deceive. The intent here is not to deceive so they aren't covered.

Old news...

[Beave]

I'll be interested to read the details, but 2 out of the 3 things have been known for quite some time. The 'caller ID' spoofing trick has been known for _years_. The concept they are touting is known as "back spoofing". I've had friends doing this for a long time. However - there's one problem. No call cell phone associate caller ID with a phone. Yes, back spoofing works great - with _land lines_, but it's always that accurate with cell phones. So, "finding" the cell number that way isn't ver

And how do you define "legal"?

[mea37]

I find it interesting that they claim this is "legal"; I suspect they mean "we don't know of or haven't thought of the laws that one would be breaking by donig this".

Sure, they point out specific steps of the process that don't break specific laws even though you might think they would; but in the end, a series of actions that would each be legal on its own can add up to a crime. Spying on another individual, tracking their whereabouts and spying on their phone calls, is in and of itself illegal no matter

Re:

[DavidTC]

Yeah, they don't seem to grasp the concept that laws can prohibit any and all actions that lead to specific results.

<sarcasm>Because we all know it's not really 'murder' that's illegal, it's every single action that can result in someone else's death that's illegal. If you invent a new way of killing someone, that's legal until they plug up that loophole.</sarcasm>

Gaining access to voice mail you're not supposed to have access to is illegal no matter how you do it, on top of any crimes you mig

Legal - where?

[flyingfsck]

Maybe legal in the USA where there are no privacy laws. As for the rest of the world, you should probably not try it.

Obviously Illegal - check the CFAA

[randalotto]

This is quite obviously illegal under the Computer Fraud and Abuse Act.

Title 18, Part 1, Chapter 47, Section 1030(a)(2).

It's a crime if someone:

"intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains ... information from any protected computer."

Given the scale of their activities, it's almost certainly a felony too.

This reminds me...

[Tsukou]

Of the numb3rs episode Convergence where the thieves were able to piggyback onto the system to figure out the location of specific people using their cellphones. Seems as tho reality has caught up to tv.

Can't you get the same information

[tlambert]

Can't you get the same information by purchasing it from the cell providers? There's already precedent on this.

-- Terry