Ask Slashdot: How To Stay Ahead of Phone Tracking ?

An anonymous reader writes "In the last few years there has been a significant upsurge in subverting the cellular network for law enforcement purposes. Besides old school tapping, phones are have become the ideal informant: they can report a fairly accurate location and can be remotely turned into covert listening devices. This is often done without a warrant. How can I default the RF transmitter to off, be notified when the network is paging my IMSI and manually re-enable it (or not) if I opt to acknowledge the incoming call or SMS? How do I prevent GPS data from ever being gathered or sent ?"

Don't carry one

[siddesu]

As you know, they can track you even when the device is off, unless you've taken the battery out.

Re:Don't carry one

It's called a real-time clock. Your computer has one. A builtin battery too.

Re:Don't carry one

[DKlineburg]

maybe not so? See article about your habits being unique and identifiable here on /.

Re:Don't carry one

[Electricity+Likes+Me]

If you really want to track someone, it's usually way easier to steal and modify their phone, or modify a replica phone and download their phone to that one.

There are a lot of high-tech surveillance techniques, but they're just really kind of hard to do compared to the simple stuff.

Re:Don't carry one

[number11]

Flash memory has a limited number of writes, and won't power an on-board clock in any event.

The minimum number of write cycles seems to be around 10K, and could be 1M or more (depending on type of memory). If you have the least durable flash, and turn your phone off once a day, that's 27 years. (Most people don't seem to ever turn their phone off.) What do you suppose the service lifetime of the average phone is? 3 years?

Transmitter off won't work.

[rew]

If you want to receive calls or SMSes, you need to leave the phone on and transmitting:

When a call for your number comes in, the incoming call is NOT transmitted nationally. Only in the GSM-cell that you are actually in is the signal transmitted. So, the system has to know in which cell you are to be able to "call" your phone. If you properly turn it off, the phone will tell the GSM network it is going off. So when a call comes in, it will go to voicemail immediately. If you yank the battery, the system will assume you are still in that cell where you last had the phone on, but it will probably time you out if it doesn't hear from your phone for a while. (which happens naturally if for example you drive out of range).

Re:Transmitter off won't work.

[KiwiSurfer]

When a call for your number comes in, the incoming call is NOT transmitted nationally. Only in the GSM-cell that you are actually in is the signal transmitted. So, the system has to know in which cell you are to be able to "call" your phone.

Not quite, a GSM switch will keep track of which Location Area (LA) a mobile device is in. A LA can contain a few or upwards to several hundred cells. Using Vodafone's GSM network in New Zealand as a point of reference, their largest LA covers all of Auckland's (our biggest city with 1.5m population) CBD with around 150-200 sites while in rural areas a LA generally only has around 50 sites.

When a phone is being called, all the cells in the LA will send out a broadcast request to all mobile devices in the LA and the mobile device will respond by contacting the nearest cell. This is quite useful as it reduces the need for the mobile device to check in frequently — the mobile device only needs to check in with the network when it moves into a new LA.

I'm not too familiar with how UMTS or LTE works but I presume the same principles applies but I may stand corrected.

Futile

You can't.

Those are functions performed by the baseband software stack, which cannot be modified by the end user. Also you can't be simultaneously connected and not connected to the network anyway. If you don't want to be tracked by the network, don't use a cellphone.

Airplane mode and OsmocomBB

[asnelt]

I would say a good start is to just use the airplane mode of your phone. That should disable your RF transmitter. But of course you wont be notified when the network is paging your IMSI. The save option is to use a phone with OsmocomBB, a free software implementation of the GSM stack: http://bb.osmocom.org/trac/ It has limited functionality (no GPRS working at the moment) but at least you know exactly would your phone is doing. With that, you can even run CatcherCatcher, which is able to detect IMSI catchers: http://opensource.srlabs.de/projects/catcher The supported phones are a bit outdated, mostly old Motorola phones. But there is one supported smartphone: the Openmoko Freerunner. It is pretty usable these days and is fully supported by Debian. I love it, but you will need to tinker - a lot.

Re:Airplane mode and OsmocomBB

[asnelt]

What I forgot to mention: using OsmocomBB it should even be possible to fake your location. It is explained in this presentation at 05:20: http://www.youtube.com/watch?v=M0NjS6aUXYw

Re:GPS is not the issue.

[DontScotty]

If you are only using one tower - sure...

--------
  The tower can also measure how long it takes to get a response from your phone, and use that to estimate how far away you are. That puts you on the edge of a circle that distance from the tower.

Usually your phone can be heard by multiple cell towers. If two can hear you, then you're on the edge of each of 2 circles, and two circles can only meet at 2 points, so you must be at one of those 2 points.

If a third tower can hear you, its circle can only meet the others at one point, so there you are.

Emergency services (like 911) can get this information from the cell towers. The information exists whenever your phone is on and in range of a tower, whether you're making a call or not. The information is not meant to be publicly accessible.