So it is reported ad nauseum every few years that this ability to track cell phones that are powered off and even with battery removed is not only possibe, but it is being actively used for the last 20 years.
I find this all very hard to understand. Citing a person who wants to sell you a metal bag to keep your phone in when you get up to no good certainly isn't helping.
If power is required, presumably the phone baseband has to wakes up and do something. A researcher could easily detect this by monitoring the power consumption or the local RF environment. Also baseband engineers and phone electronics manufacturers all have to have basically their entire design and engineering staff looped in to provide for this functionality. Where is this data?
If power is not required, nobody has yet presented any satisfactory explanation of how such passive tracking could even be possible over a wide area without being in very very close proximity to the device or having an unbelievably dense active sensor network. (NFC, silicon junction detection/fingerprinting, etc.) If this type of passive tracking is possible, then it certainly would not require that the device being tracked is even a phone.
I agree with your logic. It's just that the "researchers" thing just doesn't smell right for me. You hear constantly about researchers finding malware/spyware related to Chinese hackers, to Russian hackers, to North Korean hackers. No researcher has ever found anything related to American hackers, European hackers or Israeli hackers. Either western state hackers are so good that researchers never find out what they do, or researchers get a visit from two guys in a black suit when they find something relevant and decide not to publish anything.
Are you just going to ignore the massive amount of research done by Citizen Labs in exposing the use of Israeli spyware to surveil journalists and activists?
Squint enough and you'll see a cellphone consists of two primary chipsets: a main SOC/stack that runs the operating system, and a modem/software stack that pushes cell packets. Power the phone down and you (may) fully shut down the OS/processor; you likely aren't powering down the modem.
I don’t have an ee/hardware background but given two things I can naïvely assume this is possible.
1) Nowadays, we can send text messages directly through satellites in space. So the satellites are obviously sensitive enough to pick up whatever is being admitted from the phones.
2) I forget what they’re called, But for more than a few decades, now the way the bug detectors work is by relying on some physical properties of transistors when exposed to some EMF maybe, even when off.
So yeah, with like advanced modern sensors and AI power signal processing maybe it is possible.
Someone with an EE background can sign in and tell me why maybe 2 is not possible from space
So the man that sells Faraday pouches to put your phone in. Says the NSA can track your phone if you don't use his product. With no further technical information?
If I were putting a back door in cell modem silicon to track the device when it's totally powered off, I'd do something like a passive RF bug. Surely you could get something like an RFID circuit to hang off one of the many antenna in a phone. Then you just give it a path to a unique id, maybe derived from the MAC or something.
Julia Stiles "Nicky Parsons" in the Bourne trilogy removes her battery when being chased by an assassin from the coffee shop, Jason finds it smashed on the pathway and you would think that in a spy film the bad guys would still be able track her.
It is inappropriate to assert that a capability from 2003, used against what were almost certainly Nokia x100-series GSM phones, will still work against devices in 2025.
By September 2004, a new NSA technique enabled the agency to find cellphones even when they were turned off. JSOC troops called this "The Find," and it gave them thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq, according to members of the unit.
Sounds more like a radar metal detector sort of thing than phone hacking.
It was not common for the low-end phones of the type used by Iraqi insurgents in 2003 to be equipped with Bluetooth.
Remember the "NSA can track phones when turned off" was from 2003.
Try to remember 2003, then adjust your memories to match the reality for an impoverished Iraqi.
My guess is that because they controlled the cellular network they pushed out an OTA firmware that made it so the phones didn't actually turn off but went into one of the ARM7TDMI's low power modes where it would wake up periodically and ping a tower before going back to sleep without turning on the screen. Those modes used so little power you wouldn't notice a difference in overall battery life.
This would be trivially detectable by any party with a $10 SDR dongle in 2025.
Or it could be a radar that resonate with common GSM filter circuitries or Nokia BL-4C or something like that. Quoted problem definition is "find cellphones even when they were turned off", not "locate" or "track" "a phone" or "user turns off".
It's also supposedly something US JSOC is involved with, which is more like IRL Call of Duty group of people than black suited 007 or drone trailer people, so my intuition is that the system is more likely to look like a hearbeat sensor attachment than a cloud based offering.
brute forcing AES256 would require computing power that, as far as we know, the NSA doesn't have. That's a very different situation than the NSA being able to force the hand of the extremely small number of US companies who are legally able to produce the baseband chipsets found in every single cell phone. All the NSA has to do is hand a single national security letter to Qualcomm and they'd be able to backdoor half of the entire market. That's just the hardware. To backdoor the software they only need to knock on the doors of two corporations.
So it is reported ad nauseum every few years that this ability to track cell phones that are powered off and even with battery removed is not only possibe, but it is being actively used for the last 20 years.
I find this all very hard to understand. Citing a person who wants to sell you a metal bag to keep your phone in when you get up to no good certainly isn't helping.
If power is required, presumably the phone baseband has to wakes up and do something. A researcher could easily detect this by monitoring the power consumption or the local RF environment. Also baseband engineers and phone electronics manufacturers all have to have basically their entire design and engineering staff looped in to provide for this functionality. Where is this data?
If power is not required, nobody has yet presented any satisfactory explanation of how such passive tracking could even be possible over a wide area without being in very very close proximity to the device or having an unbelievably dense active sensor network. (NFC, silicon junction detection/fingerprinting, etc.) If this type of passive tracking is possible, then it certainly would not require that the device being tracked is even a phone.
I agree with your logic. It's just that the "researchers" thing just doesn't smell right for me. You hear constantly about researchers finding malware/spyware related to Chinese hackers, to Russian hackers, to North Korean hackers. No researcher has ever found anything related to American hackers, European hackers or Israeli hackers. Either western state hackers are so good that researchers never find out what they do, or researchers get a visit from two guys in a black suit when they find something relevant and decide not to publish anything.
Are you just going to ignore the massive amount of research done by Citizen Labs in exposing the use of Israeli spyware to surveil journalists and activists?
[dead]
How does that even work? Does the phone just never truly power down? Can they track it even if they battery is dead?
Squint enough and you'll see a cellphone consists of two primary chipsets: a main SOC/stack that runs the operating system, and a modem/software stack that pushes cell packets. Power the phone down and you (may) fully shut down the OS/processor; you likely aren't powering down the modem.
Some phones when turned off would power on every ~10-15 minutes or so to check for text messages, which effectively pings cell phone towers.
I doubt they can if it's it dead, but as long as it has some charge the chips in your phone can use it without any indication to you.
OK, but to most folks reading this, the ads on that site probably invaded their privacy to a more substantial level than the NSA will.
I don’t have an ee/hardware background but given two things I can naïvely assume this is possible.
1) Nowadays, we can send text messages directly through satellites in space. So the satellites are obviously sensitive enough to pick up whatever is being admitted from the phones.
2) I forget what they’re called, But for more than a few decades, now the way the bug detectors work is by relying on some physical properties of transistors when exposed to some EMF maybe, even when off.
So yeah, with like advanced modern sensors and AI power signal processing maybe it is possible.
Someone with an EE background can sign in and tell me why maybe 2 is not possible from space
So the man that sells Faraday pouches to put your phone in. Says the NSA can track your phone if you don't use his product. With no further technical information?
Wild speculation based on poor RF understanding:
If I were putting a back door in cell modem silicon to track the device when it's totally powered off, I'd do something like a passive RF bug. Surely you could get something like an RFID circuit to hang off one of the many antenna in a phone. Then you just give it a path to a unique id, maybe derived from the MAC or something.
That cant be right
Julia Stiles "Nicky Parsons" in the Bourne trilogy removes her battery when being chased by an assassin from the coffee shop, Jason finds it smashed on the pathway and you would think that in a spy film the bad guys would still be able track her.
When was the last popular cellphone that you could remove the battery from? Off isn't off anymore.
Boingboing has an anti adblock paywall
https://archive.is/zMDAG
It is inappropriate to assert that a capability from 2003, used against what were almost certainly Nokia x100-series GSM phones, will still work against devices in 2025.
My guess is that they used bluetooth beacons.
Google decided to get into the action themselves with Android 15, but that's just counting what's built into the OS, not the chipsets themselves.
https://techbriefly.com/2024/03/15/android-15-powered-off-fi...
It was not common for the low-end phones of the type used by Iraqi insurgents in 2003 to be equipped with Bluetooth.
Remember the "NSA can track phones when turned off" was from 2003.
Try to remember 2003, then adjust your memories to match the reality for an impoverished Iraqi.
My guess is that because they controlled the cellular network they pushed out an OTA firmware that made it so the phones didn't actually turn off but went into one of the ARM7TDMI's low power modes where it would wake up periodically and ping a tower before going back to sleep without turning on the screen. Those modes used so little power you wouldn't notice a difference in overall battery life.
This would be trivially detectable by any party with a $10 SDR dongle in 2025.
Or it could be a radar that resonate with common GSM filter circuitries or Nokia BL-4C or something like that. Quoted problem definition is "find cellphones even when they were turned off", not "locate" or "track" "a phone" or "user turns off".
It's also supposedly something US JSOC is involved with, which is more like IRL Call of Duty group of people than black suited 007 or drone trailer people, so my intuition is that the system is more likely to look like a hearbeat sensor attachment than a cloud based offering.
That's another option.
Plausible, even. The range would be very limited.
But we both know what everyone thinks is happening.
[dead]
Why should anyone think that if the NSA was backdooring phones in 2003 they wouldn't be doing the same thing in 2025?
Why should anyone think that if the NSA was brute forcing DES in 2003 they wouldn't be doing the same thing to AES256 in 2025?
brute forcing AES256 would require computing power that, as far as we know, the NSA doesn't have. That's a very different situation than the NSA being able to force the hand of the extremely small number of US companies who are legally able to produce the baseband chipsets found in every single cell phone. All the NSA has to do is hand a single national security letter to Qualcomm and they'd be able to backdoor half of the entire market. That's just the hardware. To backdoor the software they only need to knock on the doors of two corporations.