Ask Slashdot: How To Stay Ahead of Phone Tracking ?

An anonymous reader writes "In the last few years there has been a significant upsurge in subverting the cellular network for law enforcement purposes. Besides old school tapping, phones are have become the ideal informant: they can report a fairly accurate location and can be remotely turned into covert listening devices. This is often done without a warrant. How can I default the RF transmitter to off, be notified when the network is paging my IMSI and manually re-enable it (or not) if I opt to acknowledge the incoming call or SMS? How do I prevent GPS data from ever being gathered or sent ?"

Use sombody else's phone

[qaz123]

- Buy it using a fake id. - Ask a homeless or drug addict to buy you a prepaid phone/sim and use it. - Buy it in another country.

Re:here's a thought

[Anne+Thwacks]

this thread is probably a response to Google reporting they could identify the owner of a phone by where it went - so no cigar today,

The correct answer is live in a third world country Smart phones are about the only thing that will work reliably. After the electricity supply, security forces and tracking technology are the things least likely to work reliably

Phone tracking is just part of a wide grid

[AHuxley]

Phone tracking was a result of the troubles in Ireland and the NATO/US need for Red trouble makers in 1980's Europe.
Think of an early Cyber Intelligence Sharing and Protection Act (CISPA) hardwired into every generation of phone by default.
Then came GPS, web 2.0, maps and cloud ... your phone is sucking up details about your life as you walk around with/use it.
Stop using your phone other than for family to say hi and ask for help/shopping.
Meet your people/tribe/business associates without a phone and talk face to face or in some other hi tech/no tech way.
Soon a working phone with CCTV (camera pod), facial recognition, 24/7 city wide look down drones, covert LEO in-car cameras will be filling in even more details.
Dont forget the private sector is also doing its part to link all their cameras in too :)
No warrants are needed. Deep extended boarder search, gang area 'random' searches, drink driving tests will all have rows of plate reading cameras, passenger face capture, driver logging, train station federal task forces, anti war mil protest watching... all add up to very deep efforts if you make a list.
All the tech used in 1950's Soviet watching, Vietnam, Iraq is now so cheap, tiny and sold to even the smallest, struggling police forces as federal 'gifts' to help with 'drugs', 'terror' or just as free 'surplus' with never ending private maintenance contracts.
The next big thing will be state level voice print records- no longer the play thing of GCHQ, NSA - expect a fake cell towers in a region of interest to do more than just log calls, numbers and record flagged people - your voice will soon be all that local law enforcement needs on any network.
Swap the phone sim all you want, better stay off the voice too.

Re:Don't carry one

[FrkyD]

Well, we have known for quite some time that is is not just possible to use your dumb phone as a roving bug while it is turned off, but that it has actually been done.

http://news.cnet.com/2100-1029-6140191.html

So even though you sound a bit (albeit justifiably) paranoid, you might not be paranoid enough.

Re:Don't carry one

[hAckz0r]

I think my Galaxy S3 is off when I turn it off.

That switch that you use to turn your phone off is nothing but a sensor switch. Its not a physical on/off switch disconnecting the battery from the phone circuits. When you press it, the OS on the phone is programmed to start shutting down certain circuits within the phone. It keeps other circuits powered up so that it can sense that same switch to bring the phone back up to its normal powered state.

That being said, someone can reprogram the phone to 'look like' its powered off. It can still be recording audio/video to the local memory, or whatever it wants to, and even use the transmitter periodically without being noticed by the owner.

The phone can be reprogrammed fairly easily by someone who gains control of the device. How easy is that? I've seen a demonstration by an expert that took all but 15 seconds to have root on a popular phone. All that was needed was an IP address of the data connection for the handset. In an instant they had the equivalent of ftp and could have done anything on that phone, including staging a boot loader/update waiting for the next time you cycled the phone's OS.

For someone who has the power of the courts behind them, they can easily have the phone company push an update out to the phone to do the same thing. Nobody needs to hack your phone, and they can then completely control the outward appearance of the devise without you knowing anything about it.

Other than having an RF monitor next to the phone you likely won't be able to detect it. A small RF monitor can be purchased and hacked to add a audible warning if the phone becomes active, if you are the tin foil hat type. Otherwise, if the phone is active and uses the network the battery will get slightly warm, even when turned off, so you might be able to tell that way. A cheap way to tell is a liquid crystal temperature strip adhered to the outside case where the battery compartment is. This is also a help if your phone has a battery drainage problem with certain apps, because it will tell you when the battery is being drained, and how quickly, for whatever reason.

Re:Don't carry one

[SuricouRaven]

They did something like that with hotspots in the UK - the Digital Economy Act means that businesses can be liable for the infringements of people using their connection, which is a serious concern for all those places that used to provide customers with free wifi.

In practice, some businesses have continued to recklessly provide the service, while many more have instead contracted with specialist companies who run the access point and authentication infrastructure on their behalf. Typicially it uses the mobile phone network as a way to validate identity: User connects, gets a captive portal, enters their phone number, the service provider sends them an SMS with the unlock code, user enters the code. It's somewhat cumbersome, and some people are understandably reluctant to give out their phone number, but it's the only way to provide customers with a convenience service (And thus lure them in, usually to buy food) without potentially getting sued for millions after someone goes on a torrenting spree.

The only thing about the arrangement that surprised me is that the MPs were so open about the change in the law being about copyright. I'd have expected them to instead use child porn as an excuse, but they didn't: The Digital Economy Act is an entirely open effort to strengthen copyright law.