Slashdot Mirror
Feds Can Locate Cell Phones Without Telcos
schwit1 sends along an Ars Technica report covering the release of documents obtained under the FOIA suggesting that the Justice Department may have been evading privacy laws in their use of "triggerfish" technology. Triggerfish are cell-tower spoofing devices that induce cell phones to give up their location and other identifying information, without recourse to any cell carrier. "Courts in recent years have been raising the evidentiary bar law enforcement agents must meet in order to obtain historical cell phone records that reveal information about a target's location. But documents obtained by civil liberties groups under a Freedom of Information Act request suggest that 'triggerfish' technology can be used to pinpoint cell phones without involving cell phone providers at all. The Justice Department's electronic surveillance manual explicitly suggests that triggerfish may be used to avoid restrictions in statutes like CALEA that bar the use of pen register or trap-and-trace devices..." The article does mention that the Patriot Act contains language that should require a court order to deploy triggerfish, whereas prior to 2001 "the statutory language governing pen register or trap-and-trace orders did not appear to cover location tracking technology."
any time, I just flushed it down the toilet. Trigger this fish tracking...
Dude, your septic tank is only 50 feet from the house.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
>step 1, remove batteries.*
*Does not apply to iphone owners
For your Faraday cage to be effective, it has to be very conductive. The higher the resistance, the worse it works.
A thin layer of metallised Mylar is not going to attenuate the signal very much. Certainly not enough to prevent my receiving a call just now. I even tried sealing the end with aluminium tape (which, btw, is much better than duct tape for almost everything, especially ducts).
If you want to make sure some piece of electronics isn't transmitting/in a position to be heard, there are only a few tools that are up to the task. If you're in a hurry: hammer. If you want to be sure: nuke from orbit.
Can you be Even More Awesome?!
The article must be in error. Bush passed the patriot act to allow this to happen without warrants, not to impose the need for warrants, right?
Support my political activism on Patreon.
The thing is, you don't have control over the GSM/CDMA radio - it's controlled by a completely separate processor, and get access to the microphone, speakers, and a serial link to the main processor, so that the processor powering the phone's OS doesn't cause spurious radio transmissions.
Some data goes back and forth, yes, but you probably won't be able to tell when it's doing this versus a legit cell tower connection...
Privacy is not explicitly spelled out, though. I mean, there are the ninth and tenth amendments, but they're exactly the kind of thing you'd expect politicians to ignore due to their unambiguous, but unspecific language (and ironically, one of the more prominent "pro-privacy" rulings pretty much ignored the tenth amendment). Whittling at the weapons first, that's what's unexpected.
Can you be Even More Awesome?!
Sure, what is the problem with gradually eroding civil liberties and ever increasing surveillance of the populace. Why don't we just throw the Constitution right in the garbage while we're at it?
All in all, its almost as much a problem as this "If you've got nothing to hide, what are you worried about?" attitude that we're seeing more and more.
I wouldn't be surprised if most aluminum foil were more than sufficient.
And to think people laughed at me when I put a pocket in my tinfoil hat!
What are we going to do tonight Brain?
You have no idea as to what I'm hoping, Comrade.
-- Tigger warning: This post may contain tiggers! --
Do elaborate, please. RFID does, in fact, require power. It's just that that power is provided by the reader when in proximity to the tag. Are you suggesting there are RFID tags embedded into "modern cell phones"? Or something else? If you're suggesting that cell towers have the ability to blanket a region with an electric field capable of getting all of the cell phones to respond (loudly enough) to a "ping" for their location, I'm afraid I'm going to have to call BS. So what is this "functionality" that you claim allows cell phones to be identified and located without a battery?
This isn't like going through the trash at all. Besides, where are your manners? This is Slashdot, and the decision to opt for a trash analogy instead of a car analogy is just plain rude.
This is like you're driving down the highway, listening to tunes and shit, and some dude on the side of the highway is using x-ray vision, man, X-RAY VISION, to look at the driver's license in your wallet to see who you are...
Except he's got a bunch of machines to do it for him, and get this -- with three machines, he can not only see who you are, but he can also see exactly *WHERE* you are, dude. He's all violating Heisenberger's Uncertainty Principle or something... and the worst part is, he can ALSO tell if you're alive or dead *before* he gets a warrant, so he's violating the fundamental laws of physics not once, but twice.
Put that in your trashcan.
Besides... The Wire? As a source of tech knowledge by a Slashdot reader? What is the world coming to?
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
> Why are cell phones designed to be so insecure?
For the same reason bank accounts, Web sites, etc. are. Not more than one user in a million cares.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Just as RFID tags do not require batteries to give disclose their location and unique identifiers, modern cell phones also have similar functionality batteries or not...
I am a cell phone designer, and a phone reporting *anything*, even just a handshake, to a tower thousands of meters away takes significant power.
It is possible that the little coin cell battery in most phones could handle the receiving of a signal, and then wake the phone up and have it reply with the main battery, (though to the best of my knowledge we don't let phones do that [and yes, I design power systems]), but if the main battery isn't there, that's a no-go.
Passive RFID is a completely different batch of apples than active cellular communications. Passive RFID has a maximum range of around 10 meters (phased array antennas notwithstanding, but seriously...). You would need a specially designed phone to use some sort of active RFID when the battery is removed, and we don't make those.
Now, this isn't to say that I'm not pissed at the Feds for doing something like this--perhaps even more so than the average user. I can see how they are taking advantage of perfectly innocuous and functional code and systems designed by my co-workers to agreed standards, and then using those standards to make our customers lose their privacy.
*sheesh*
>> Standing on head makes smile of frown, but rest of face also upside down.
Some cell phones work INSIDE a closed elevator box. Creating a good shielded enclosure is not a casual thing to do.
The only way to be sure, besides nuking from orbit, would be to seal up the phone, then call it. If it doesn't answer, you have *probably* got it right. But no guarantees.
Behold, this dreamer cometh. Come now, and let us slay him... and we shall see what will become of his dreams.
rural != modern
Well, you're comparing traits on multiple axis, but to your point, individualistic remote living requires a higher level of technology than living in cities does. We probably went hunter/gatherer-tribes -> cities -> 'modern' agriculture -> rural individuals, though there's debate about which came first, cities or agriculture. n.b. sanitary sewers are rather new in the history of cities.
More concretely, you'd have a hard time arguing with the farmer running giant gps-guided irrigation robots or my friend who has linux boxes with webcams as shepherds, that rural != modern, but really any rural home is going to be packed full of technology to make life more enjoyable.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
http://www2.rohde-schwarz.com/en/products/radiomonitoring/product_categories/signal_intelligence/overview/
Click on the GC128 datasheet. They have a firmware for that device that turns it into an IMSI Catcher. There is
also a portable suitcase version of the device.
IMSI Catchers basically work by impersonating the cell tower of the network the subscriber is on, forcing his
handset to it by protocol and higher signal strength and then (this is important) flipping whatever calls are
made into non-encrypted mode. Some phones have a debug mode that will show you whether encryption is activated
or not so if you're making a call and encryption is suddenly off - you know what to do at least I hope.
Basically an IMSI catcher is a still a device that is used on the levels of industrial espionage or espionage
by foreign services that don't have access to the normal national monitoring - which incidentally _all_ (cell)
phone networks are hooked into. The claim US intelligence services are not plugged into their telcos and have to
go outside for surveillance by using a device like this is what it is: Disinfo.