
Any cellphone can be traced by its digital fingerprint - antr
http://www.newscientist.com/article/dn23973-any-cellphone-can-be-traced-by-its-digital-fingerprint.html#.UfpzeGRgblN
======
taylorbuley
> Their research, funded by the EU and the German government, was performed on
> 2G phones. But "defects are present in every radio device, so it should also
> be possible to do this with 3G and 4G phones," Hasse says

Stuck researching on 2G handsets? Let's get this guy some more grant money,
please.

------
abritishguy
Being able to tell the difference between 13 different handsets and being able
to 'trace any cellphone' are two very different things.

Pick 13 random people from the planet and you can tell the difference between
them if you know their birthday (just day and month) that doesn't mean you can
trace anyone if that's the only information you know.

Good research, dumb article.

------
Oculus
If my understanding is correct, they're using the tiny variations in phones'
signals to identify them. Could such evidence be used in court? Couldn't they
just argue that it was merely a coincidence that the signal fingerprint is the
same, since it's just based on randomness in the phone?

~~~
ape4
I suppose real fingerprint differences (on your fingers) are tiny variations
that are merely a coincidence.

------
Swannie
I assume, as it is unstated, that this requires quite accurate information
about the radio signals of the device - probably at a level only accessible at
the radio of the mast. It's possible that these irregularities are encoded in
the raw bit stream from the base station (e.g. to the Radio Network
Controller), but they'd be lost here...

So to put this in place, you'd probably need to add some additional
hardware/processing capacity into the RNC or the base station (though, that's
not too far fetched, seeing as most existing base stations are now over-
spec'ed on space and power).

------
mafribe
Related is work by T. Kohno, A. Broido, and K. Claffy [2] where, too, small
deviations in device hardware is exploited for device identification, in this
case clock skew.

[1]
[http://homes.cs.washington.edu/~yoshi/papers/PDF](http://homes.cs.washington.edu/~yoshi/papers/PDF)

~~~
weland
This is very interesting. It makes me wonder how it could be countered.

If I understood the points of the article correctly (but, to my shame, I
haven't read it very thoroughly -- I'm posting this more under the excitement
of the moment), one could get _some_ basic success by inserting small, random
jitter into the timestamp it sticks on the packets. However, this isn't
exactly stellar because, if the attacker can collect enough data, averaging
out the random jitter to isolate a constant (or constantly-changing, which is
a good approximation for most hardware clocks over the period of time we're
considering) skew.

So perhaps a better option would be to add a _biased_ jitter that gets changed
at some more or less random, but short enough interval?

------
pakitan
Article also mentions about identifying the camera by analyzing the produced
image:

 _From underlying imperfections in the lens, which are detectable in the
image, the source camera can be identified_

Is this really possible or he was just giving an example to explain how the
phone tracking method works?

~~~
jevinskie
Perhaps. It is certainly possible to identify the camera model (and possibly
the individual camera) using noise and demosaicing artifacts!

[http://isis.poly.edu/memon/pdf/2008_classification.pdf](http://isis.poly.edu/memon/pdf/2008_classification.pdf)

------
dmix
Police tracked down the Boston Bombers SUV they stole almost immediately by
using the drivers cell phone.

I'm curious why is this never used in property theft retrieval for phones and
only for cases police deem necessary?

~~~
Zikes
IIRC, police don't have a direct line to that sort of information. They have
to submit requests to the cell carriers, which are rate-limited and capped
such that the police have to be very discerning about which cases they would
like to use the resource for.

------
rdl
I always wondered how well you could fingerprint individual wifi devices. I.e.
how effective is changing your MAC and various IP and above stuff.

------
ryanmcbride
Would this work with a burnerphone?
[https://www.burnerphone.us/](https://www.burnerphone.us/)

~~~
groby_b
Excellent. I can order a "burner phone" with a credit card. And have it
shipped to me.

And the selling point is "because the NSA records everything", followed by a
starry-eyed "don't worry, we'll delete your info after we processed your
order".

I think some people need to take paranoia lessons there :)

------
FedRegister
Why wouldn't it just be easier to track IMEI values? That doesn't change when
you change the SIM card.

~~~
noselasd
Because (first sentence in article): "Tech-savvy criminals try to evade being
tracked by changing their cellphone's built-in ID code and by regularly
dumping SIM cards."

~~~
gbl08ma
I own a phone powered by a Mediatek SoC, where the IMEI is easily changed on
the "engineer mode" \- and from what I remember, you don't even need to have
root rights to do it, only access to a hidden Android activity.

Not entirely related but I also have worked with WiFi equipment (including
that phone) that allows for changing the MAC address, which is something more
common I think.

------
coin
This was done during the late 90's to combat cellphone cloning

------
ivanca
Yeah! And then you just go and interrogate the theft that stole the
cellphone... in Haiti.

