Ask Slashdot: How To Stay Ahead of Phone Tracking ?

An anonymous reader writes "In the last few years there has been a significant upsurge in subverting the cellular network for law enforcement purposes. Besides old school tapping, phones are have become the ideal informant: they can report a fairly accurate location and can be remotely turned into covert listening devices. This is often done without a warrant. How can I default the RF transmitter to off, be notified when the network is paging my IMSI and manually re-enable it (or not) if I opt to acknowledge the incoming call or SMS? How do I prevent GPS data from ever being gathered or sent ?"

Don't carry one

[siddesu]

As you know, they can track you even when the device is off, unless you've taken the battery out.

Re:Don't carry one

[gomiam]

Not to raise your paranoia, but your "dumb" phone isn't as dumb as you think it is. While it is acting as cell phone it needs to keep the towers appraised of its location so you can receive calls and it can roam from one cell to the next.

Re:Don't carry one

It's called a real-time clock. Your computer has one. A builtin battery too.

Re:Don't carry one

[vux984]

As you know, they can track you even when the device is off, unless you've taken the battery out.

I don't dispute it's possible that the phone while 'off' is simply in standby and pops on now and again to ping the network.

But.. if so, why does my Galaxy S3 take 10+ seconds to 'boot up' after it's been turned off, and then another 5-10 seconds before it has service?

There might be some phone out there that is 'always on'... but is there actually one? More than one? Is it actually common?

This seems more 'urban ledgend' / paranoia then real -- the sort of paranoia where you think the NSA has installed a rootkit to simulate your phone shutdown sequence when you turn it off while it remains transmitting. Possible, theoretically? Sure.

But then what makes you think taking the battery out will work? The NSA inserted a secondary battery with enough juice to keep tracking you for days even when the battery is out. Better put the phone into your pocket faraday cage...

And take a shower and change your clothes to rinse off the micro RFID they hid in the dirt on your shoe and are tracking with a satellite equipped with some sort of super pringles antenna...

I think my Galaxy S3 is off when I turn it off. I'm prepared to be educated that it really isn't, but I need more than some handwaving or links to rumors on some guys dubious blog.

Re:Don't carry one

[DKlineburg]

maybe not so? See article about your habits being unique and identifiable here on /.

Re:Don't carry one

[FrkyD]

Well, we have known for quite some time that is is not just possible to use your dumb phone as a roving bug while it is turned off, but that it has actually been done.

http://news.cnet.com/2100-1029-6140191.html

So even though you sound a bit (albeit justifiably) paranoid, you might not be paranoid enough.

Re:Don't carry one

[hAckz0r]

I think my Galaxy S3 is off when I turn it off.

That switch that you use to turn your phone off is nothing but a sensor switch. Its not a physical on/off switch disconnecting the battery from the phone circuits. When you press it, the OS on the phone is programmed to start shutting down certain circuits within the phone. It keeps other circuits powered up so that it can sense that same switch to bring the phone back up to its normal powered state.

That being said, someone can reprogram the phone to 'look like' its powered off. It can still be recording audio/video to the local memory, or whatever it wants to, and even use the transmitter periodically without being noticed by the owner.

The phone can be reprogrammed fairly easily by someone who gains control of the device. How easy is that? I've seen a demonstration by an expert that took all but 15 seconds to have root on a popular phone. All that was needed was an IP address of the data connection for the handset. In an instant they had the equivalent of ftp and could have done anything on that phone, including staging a boot loader/update waiting for the next time you cycled the phone's OS.

For someone who has the power of the courts behind them, they can easily have the phone company push an update out to the phone to do the same thing. Nobody needs to hack your phone, and they can then completely control the outward appearance of the devise without you knowing anything about it.

Other than having an RF monitor next to the phone you likely won't be able to detect it. A small RF monitor can be purchased and hacked to add a audible warning if the phone becomes active, if you are the tin foil hat type. Otherwise, if the phone is active and uses the network the battery will get slightly warm, even when turned off, so you might be able to tell that way. A cheap way to tell is a liquid crystal temperature strip adhered to the outside case where the battery compartment is. This is also a help if your phone has a battery drainage problem with certain apps, because it will tell you when the battery is being drained, and how quickly, for whatever reason.

Re:Don't carry one

[Electricity+Likes+Me]

If you really want to track someone, it's usually way easier to steal and modify their phone, or modify a replica phone and download their phone to that one.

There are a lot of high-tech surveillance techniques, but they're just really kind of hard to do compared to the simple stuff.

Re:Don't carry one

[SuricouRaven]

They did something like that with hotspots in the UK - the Digital Economy Act means that businesses can be liable for the infringements of people using their connection, which is a serious concern for all those places that used to provide customers with free wifi.

In practice, some businesses have continued to recklessly provide the service, while many more have instead contracted with specialist companies who run the access point and authentication infrastructure on their behalf. Typicially it uses the mobile phone network as a way to validate identity: User connects, gets a captive portal, enters their phone number, the service provider sends them an SMS with the unlock code, user enters the code. It's somewhat cumbersome, and some people are understandably reluctant to give out their phone number, but it's the only way to provide customers with a convenience service (And thus lure them in, usually to buy food) without potentially getting sued for millions after someone goes on a torrenting spree.

The only thing about the arrangement that surprised me is that the MPs were so open about the change in the law being about copyright. I'd have expected them to instead use child porn as an excuse, but they didn't: The Digital Economy Act is an entirely open effort to strengthen copyright law.

Re:Don't carry one

[number11]

Flash memory has a limited number of writes, and won't power an on-board clock in any event.

The minimum number of write cycles seems to be around 10K, and could be 1M or more (depending on type of memory). If you have the least durable flash, and turn your phone off once a day, that's 27 years. (Most people don't seem to ever turn their phone off.) What do you suppose the service lifetime of the average phone is? 3 years?

turn it off

[thephydes]

Turn your phone off when you aren't using it. Do you really have to be contactable 24/7? I suspect not for most people and if your phone is off then you cannot be tracked.

Transmitter off won't work.

[rew]

If you want to receive calls or SMSes, you need to leave the phone on and transmitting:

When a call for your number comes in, the incoming call is NOT transmitted nationally. Only in the GSM-cell that you are actually in is the signal transmitted. So, the system has to know in which cell you are to be able to "call" your phone. If you properly turn it off, the phone will tell the GSM network it is going off. So when a call comes in, it will go to voicemail immediately. If you yank the battery, the system will assume you are still in that cell where you last had the phone on, but it will probably time you out if it doesn't hear from your phone for a while. (which happens naturally if for example you drive out of range).

Re:Transmitter off won't work.

[KiwiSurfer]

When a call for your number comes in, the incoming call is NOT transmitted nationally. Only in the GSM-cell that you are actually in is the signal transmitted. So, the system has to know in which cell you are to be able to "call" your phone.

Not quite, a GSM switch will keep track of which Location Area (LA) a mobile device is in. A LA can contain a few or upwards to several hundred cells. Using Vodafone's GSM network in New Zealand as a point of reference, their largest LA covers all of Auckland's (our biggest city with 1.5m population) CBD with around 150-200 sites while in rural areas a LA generally only has around 50 sites.

When a phone is being called, all the cells in the LA will send out a broadcast request to all mobile devices in the LA and the mobile device will respond by contacting the nearest cell. This is quite useful as it reduces the need for the mobile device to check in frequently — the mobile device only needs to check in with the network when it moves into a new LA.

I'm not too familiar with how UMTS or LTE works but I presume the same principles applies but I may stand corrected.

Futile

You can't.

Those are functions performed by the baseband software stack, which cannot be modified by the end user. Also you can't be simultaneously connected and not connected to the network anyway. If you don't want to be tracked by the network, don't use a cellphone.

Re:HAM radio?

[Gordonjcp]

Great idea! Then not only are you giving away your location but you're transmitting your message in the clear, for anyone to eavesdrop on!

I can't help but think you've missed the point a little...

Airplane mode and OsmocomBB

[asnelt]

I would say a good start is to just use the airplane mode of your phone. That should disable your RF transmitter. But of course you wont be notified when the network is paging your IMSI. The save option is to use a phone with OsmocomBB, a free software implementation of the GSM stack: http://bb.osmocom.org/trac/ It has limited functionality (no GPRS working at the moment) but at least you know exactly would your phone is doing. With that, you can even run CatcherCatcher, which is able to detect IMSI catchers: http://opensource.srlabs.de/projects/catcher The supported phones are a bit outdated, mostly old Motorola phones. But there is one supported smartphone: the Openmoko Freerunner. It is pretty usable these days and is fully supported by Debian. I love it, but you will need to tinker - a lot.

Re:Airplane mode and OsmocomBB

[asnelt]

What I forgot to mention: using OsmocomBB it should even be possible to fake your location. It is explained in this presentation at 05:20: http://www.youtube.com/watch?v=M0NjS6aUXYw

Re:Only one way

[thephydes]

Thanks Apple, please tell your users how to remove the batteries!

Re:SOLUTION: DON'T BE A CRIMINAL !!

[AvderTheTerrible]

The issue is that the government does not wait until they think you *are* a criminal to do this stuff, they start doing it when they think you *might* be a criminal, or worse yet, when someone *wants* you to be a criminal. It's not the stuff that would actually manage to fetch a warrant that a lot of people are worried about, it's the fishing expeditions that lazy crime fighting agencies and power abusing bureaucrats engage in if they don't like some of your associations. Just look to what happened during the McCarthy era to see what can happen when persons in power don't like the idea of you exercising your right to free association with people they don't like, regardless of if any rules are being broken.

Use sombody else's phone

[qaz123]

- Buy it using a fake id. - Ask a homeless or drug addict to buy you a prepaid phone/sim and use it. - Buy it in another country.

Re:Use sombody else's phone

[pla]

Buy it using a fake id. - Ask a homeless or drug addict to buy you a prepaid phone/sim and use it. - Buy it in another country.

Actually one of the most realistic answers so far, except, you don't need an ID or a straw buyer... Just pick up a tracphone at Target and activate it at the in-store Starbucks' hotspot. Done and untraceable-to-you, unless "they" want you enough to manually hunt down security footage from one of those two stores.

That said, who do you plan to call with it? I consider it a sad commentary on our times that who (on the whole) you associate with matters far, far more than your own identity - Though the two end up largely interchangeable, unless a lot of people in your immediate circle of friends call to chat with your folks once a week. And of course, you probably use it at home - Lot of people living there? Keep in mind, even pre-GPS requirement, the cell providers could still get a decent lock on a phone just from the towers that can see it; and going back to the original FP question, you can't use the phone if no towers can see it.

Re:Use sombody else's phone

[Fnord666]

The problem with using someone else to buy it is that there is still a person that may be able to identify you if forced to

Don't leave any loose ends then.

Re:here's a thought

[Anne+Thwacks]

this thread is probably a response to Google reporting they could identify the owner of a phone by where it went - so no cigar today,

The correct answer is live in a third world country Smart phones are about the only thing that will work reliably. After the electricity supply, security forces and tracking technology are the things least likely to work reliably

Phone tracking is just part of a wide grid

[AHuxley]

Phone tracking was a result of the troubles in Ireland and the NATO/US need for Red trouble makers in 1980's Europe.
Think of an early Cyber Intelligence Sharing and Protection Act (CISPA) hardwired into every generation of phone by default.
Then came GPS, web 2.0, maps and cloud ... your phone is sucking up details about your life as you walk around with/use it.
Stop using your phone other than for family to say hi and ask for help/shopping.
Meet your people/tribe/business associates without a phone and talk face to face or in some other hi tech/no tech way.
Soon a working phone with CCTV (camera pod), facial recognition, 24/7 city wide look down drones, covert LEO in-car cameras will be filling in even more details.
Dont forget the private sector is also doing its part to link all their cameras in too :)
No warrants are needed. Deep extended boarder search, gang area 'random' searches, drink driving tests will all have rows of plate reading cameras, passenger face capture, driver logging, train station federal task forces, anti war mil protest watching... all add up to very deep efforts if you make a list.
All the tech used in 1950's Soviet watching, Vietnam, Iraq is now so cheap, tiny and sold to even the smallest, struggling police forces as federal 'gifts' to help with 'drugs', 'terror' or just as free 'surplus' with never ending private maintenance contracts.
The next big thing will be state level voice print records- no longer the play thing of GCHQ, NSA - expect a fake cell towers in a region of interest to do more than just log calls, numbers and record flagged people - your voice will soon be all that local law enforcement needs on any network.
Swap the phone sim all you want, better stay off the voice too.

Re:HAM radio?

[DKlineburg]

I had a ham radio, but we ate it at Easter lunch. I don't know why my grandma insisted in carving the ham to look like a radio; but it was her house.

I have it.

[BrokenHalo]

I am in a position to offer a perfect solution. Just move to rural Australia and move your phone contract to Telstra. They are so fucking incompetent, nobody will ever succeed in tracking you.

The only downside is that you won't be able to make phone calls either. :-/

Re:I have it.

[Sentrion]

Trying to make yourself untraceable while still using modern technology is not an easy task. People have thought that they could avoid being tracked by buying an item with cash, but there are numerous cases of store security cameras recording purchases at the checkout counter and these images used to identify the culprets of a variety of alleged offenses. Combined with facial recognition software and the increasing cross-linkage of databases, such as photos from your driver's license or passport; combined with the fact that your face is probably online somewhere, such as your own Facebook page, or your friend's Facebook page if you avoid using facebook, or Flickr, or one of hundreds of image intensive online depositories, it is only a matter of time and effort to track you down. Even using a laptop you bought a garage sale and public wifi can't guarantee anonymity since surveilance cameras can show you within the vicinity of the wifi hotspot at the time of a particular event - such has already been used to identify "cyber-crooks" on more than one occasion.

Best defense is security by obscurity - don't do anything that will make you a target. If for sure you are going to be a target, then I'm not sure what will help you. If you try to live in some remote area with no technology at all, chances are people will be talking about you for miles around where you set up camp. "Ya, he's the guy living in the middle of that forest with nothing but a cabin and messenger pigeons."

Re:GPS is not the issue.

[DontScotty]

If you are only using one tower - sure...

--------
  The tower can also measure how long it takes to get a response from your phone, and use that to estimate how far away you are. That puts you on the edge of a circle that distance from the tower.

Usually your phone can be heard by multiple cell towers. If two can hear you, then you're on the edge of each of 2 circles, and two circles can only meet at 2 points, so you must be at one of those 2 points.

If a third tower can hear you, its circle can only meet the others at one point, so there you are.

Emergency services (like 911) can get this information from the cell towers. The information exists whenever your phone is on and in range of a tower, whether you're making a call or not. The information is not meant to be publicly accessible.

Bullshit - mind control circuit

[Overzeetop]

That's what that battery is for - the mind control circuit. It's the only way they're keeping the people in line.

What most people don't know is that *that* is why there's a battery in your computer too! It has nothing to do with the stupid clock. The clock doesn't need the battery! You've seen the ones that work with a potato - that's proof enough that a clock doesn't need a battery. No, they have the computers programmed to reset your clock and bios after a short timeout to make you THINK you need that for the clock. And all you weak-minded losers fell for it, and the mind control circuit just keeps you believing that you need that battery.