Ask Slashdot: How To Stay Ahead of Phone Tracking ? 259
An anonymous reader writes "In the last few years there has been a significant upsurge in subverting the cellular network for law enforcement purposes. Besides old school tapping, phones are have become the ideal informant: they can report a fairly accurate location and can be remotely turned into covert listening devices. This is often done without a warrant. How can I default the RF transmitter to off, be notified when the network is paging my IMSI and manually re-enable it (or not) if I opt to acknowledge the incoming call or SMS? How do I prevent GPS data from ever being gathered or sent ?"
Use sombody else's phone (Score:3, Interesting)
Re:here's a thought (Score:4, Interesting)
The correct answer is live in a third world country Smart phones are about the only thing that will work reliably. After the electricity supply, security forces and tracking technology are the things least likely to work reliably
Re:Don't carry one (Score:2, Interesting)
i have taken apart a "donated" huawei ascend2 earlier this year and found small watch type batteries hard wired (soldered) on to the circuit board
they were very small , 2 in quantity and were 3 volts each i dont know what they are used for other than to power the device even with the battery out
its amazing how few chips were in this devithe whole board had like three or four chips a couple of speakers and a couple of mikes and the sdcards
when i opened it i expected it to be jam packed full of components but the manufacturer really has done wonders with the SoC tehnology
TL/DR even without the battery inserted that phone has some functions that i was unable to determine what they are
Phone tracking is just part of a wide grid (Score:4, Interesting)
Think of an early Cyber Intelligence Sharing and Protection Act (CISPA) hardwired into every generation of phone by default.
Then came GPS, web 2.0, maps and cloud
Stop using your phone other than for family to say hi and ask for help/shopping.
Meet your people/tribe/business associates without a phone and talk face to face or in some other hi tech/no tech way.
Soon a working phone with CCTV (camera pod), facial recognition, 24/7 city wide look down drones, covert LEO in-car cameras will be filling in even more details.
Dont forget the private sector is also doing its part to link all their cameras in too
No warrants are needed. Deep extended boarder search, gang area 'random' searches, drink driving tests will all have rows of plate reading cameras, passenger face capture, driver logging, train station federal task forces, anti war mil protest watching... all add up to very deep efforts if you make a list.
All the tech used in 1950's Soviet watching, Vietnam, Iraq is now so cheap, tiny and sold to even the smallest, struggling police forces as federal 'gifts' to help with 'drugs', 'terror' or just as free 'surplus' with never ending private maintenance contracts.
The next big thing will be state level voice print records- no longer the play thing of GCHQ, NSA - expect a fake cell towers in a region of interest to do more than just log calls, numbers and record flagged people - your voice will soon be all that local law enforcement needs on any network.
Swap the phone sim all you want, better stay off the voice too.
Re:Don't carry one (Score:5, Interesting)
Well, we have known for quite some time that is is not just possible to use your dumb phone as a roving bug while it is turned off, but that it has actually been done.
http://news.cnet.com/2100-1029-6140191.html [cnet.com]
So even though you sound a bit (albeit justifiably) paranoid, you might not be paranoid enough.
Re:Don't carry one (Score:3, Interesting)
the article describes a technique in which the phone is NOT turned off but instead is hacked to _place a call_. that sounds suspect technique, actually, even if some razrs have hackable firmwares. you could keep it next to a radio to notice that something is up - and this would be an undertaking to essentially rewrite the entire firmware of the phone better than what motorola could - while retaining all the stock functionality. it sounds very, very james bond spy shit - bordering on being plausable as just FUD(don't even try to find the bugs!).
another part of the article describes another technique, "prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware.". that phrase sounds actually like actually placing a bug on the phone which is definitely not a new technique nor a surprising technique at all - instead it's a cold war era technique. But this would work while the phone is turned off - However it would be just a bug attached to the phone in essence.
Re:Don't carry one (Score:5, Interesting)
That switch that you use to turn your phone off is nothing but a sensor switch. Its not a physical on/off switch disconnecting the battery from the phone circuits. When you press it, the OS on the phone is programmed to start shutting down certain circuits within the phone. It keeps other circuits powered up so that it can sense that same switch to bring the phone back up to its normal powered state.
That being said, someone can reprogram the phone to 'look like' its powered off. It can still be recording audio/video to the local memory, or whatever it wants to, and even use the transmitter periodically without being noticed by the owner.
The phone can be reprogrammed fairly easily by someone who gains control of the device. How easy is that? I've seen a demonstration by an expert that took all but 15 seconds to have root on a popular phone. All that was needed was an IP address of the data connection for the handset. In an instant they had the equivalent of ftp and could have done anything on that phone, including staging a boot loader/update waiting for the next time you cycled the phone's OS.
For someone who has the power of the courts behind them, they can easily have the phone company push an update out to the phone to do the same thing. Nobody needs to hack your phone, and they can then completely control the outward appearance of the devise without you knowing anything about it.
Other than having an RF monitor next to the phone you likely won't be able to detect it. A small RF monitor can be purchased and hacked to add a audible warning if the phone becomes active, if you are the tin foil hat type. Otherwise, if the phone is active and uses the network the battery will get slightly warm, even when turned off, so you might be able to tell that way. A cheap way to tell is a liquid crystal temperature strip adhered to the outside case where the battery compartment is. This is also a help if your phone has a battery drainage problem with certain apps, because it will tell you when the battery is being drained, and how quickly, for whatever reason.
Re:Don't carry one (Score:4, Interesting)
They did something like that with hotspots in the UK - the Digital Economy Act means that businesses can be liable for the infringements of people using their connection, which is a serious concern for all those places that used to provide customers with free wifi.
In practice, some businesses have continued to recklessly provide the service, while many more have instead contracted with specialist companies who run the access point and authentication infrastructure on their behalf. Typicially it uses the mobile phone network as a way to validate identity: User connects, gets a captive portal, enters their phone number, the service provider sends them an SMS with the unlock code, user enters the code. It's somewhat cumbersome, and some people are understandably reluctant to give out their phone number, but it's the only way to provide customers with a convenience service (And thus lure them in, usually to buy food) without potentially getting sued for millions after someone goes on a torrenting spree.
The only thing about the arrangement that surprised me is that the MPs were so open about the change in the law being about copyright. I'd have expected them to instead use child porn as an excuse, but they didn't: The Digital Economy Act is an entirely open effort to strengthen copyright law.