>“Every phone has two operating systems,” explains Gary S. Miliefsky, CEO of SnoopWall, “One that connects to cellular networks, and one that interfaces with the consumer. Airplane mode may only disable features in the consumer facing operating system, such as Android or iOS, but not in the OS used between the phone and the carrier network. A phone may be giving out a ‘ping’ and you’d never know it.”
Surely that defeats the whole idea behind airplane mode. i.e. stop the phone from sending crap that (supposedly) messes with airplanes?
It's not just airplanes that could be susceptable to cell phone emissions, but back in GSM days, the number of handoffs while in flight would effectively jam the cellular network in a 200mi radius. Nowadays cell phones are much smarter and don't do that, and the EMC risk in aircraft is extremely low.
I think you meant "on"? If airplane mode was on, RF emissions were a strict test case executed in the lab Faraday cages where we ran new terminals through their paces prior to launch rollouts.
Who knows if there are secret commands that can be sent to it to override airplane mode settings, or instructions to do other nefarious things and broadcast once out of air plane.
We weren't testing the presence of the LO, but instead characterizing the phone's radiated and conducted emissions from it's non-phone radio functions like its processors, displays, BMS, etc. There were discrete frequencies which were certainly from oscillators, but we didn't determine whether or not that was the receiver(s') LO(s) when airplane mode was on. There's probably a dozen other oscillators within phones for memory, CPU, displays, etc. So, you might be right, but this can be tested in the right lab.
However, that might be complicated with software defined receivers that don't have a typical receiver architecture, very low level signals, and very tiny PCB traces.
As to the practicalities, it wouldn't need to use the carrier network, just put it in a plane. Like the plane they have circling D.C. right now, or a drone. And your location is often known approximately.
Someone should point a good signal analyser at these.
Iphones now do this too, privacy violation by relay to nearby iPhones, over Bluetooth and possibly with the new mm wave RADAR too.
The solution was obvious: airplane mode! You know what? It didn't help. They kept charging me 4 euros a day. Then I replaced the APN in the network settings with a fake one and suddenly the daily charges were gone.
Airplane mode didn't help, some byte was still passing through.
The phone was an android phone. The carrier refunded me right after fixing the problem (which took them a month and half).
Or do what VW did and detect the testing station, I am sure the locations of the FCC test facilities are widely known.
That would still be catastrophic for people trying to avoid tracking in demonstrations for example.
Or what am I missing?
Plenty of VM evasion stuff has been caught in the wild so it would up the game regardless, which is all you can really hope for against hackers and malicious parties. They almost always go for the easy targets who don't think of this stuff anyway.
Good point none-the-less.
It is unlikely that they would be able to remotely update the baseband firmware though, especially on an iPhone. Also, an increasing number of baseband systems use highly verified kernels, such as sel4.
As to phones in flight mode routinely pinging, this is incorrect. It would easily be detected by standard tools and counter-surveillance equipment.
It isn't plausible that a modern phone would interfere with a modern jet IMO, but I still turn it to flight mode. Doesn't mean a passenger couldn't cause problems if they wanted too though -- turn on a GPS jammer and ADS-B/mode-S spoofer while onboard and watch everything go kooky.
A more realistic security problem is that of phones listening to wifi when turned off for geolocation purposes. Just the listening is exposing the stack to some degree.
Intel and AMD effectively incorporate a back door into every processor, one that they refuse to document or give the keys for (but which likely some government agencies have, whether provided willingly or not). Why is it implausible that basebands incorporate something similar?
In contrast, Qualcomm/Intel clients like Apple are very concerned to not have magic backdoors (Apple bought Intel's bandband IP and team recently, supposedly to make their own 5G chip). In any case, there are plenty of garden variety vulnerabilities in bandband chips, no need for NSA voodoo.
That does not explain the complete lack of documentation, access keys, and the inability to turn it off under any circumstances.
It is possible that this is not and has not been used as a back door. But why is that so implausible?
For baseband chips, I haven't heard of Qualcomm having these types of interfaces at all. Fleet management happens via MDM at the iOS/Android level. I don't think NSA would be able to coerce Qualcomm to introduce a huge feature like ME in secret, and besides that isn't their MO, there would be a standards process etc. I really don't think something like that could be kept completely under wraps, and then as soon as you used it once it would be burnt.
Chinese chipsets not so sure. So far Huawei has so many bugs in everything they have implausible deniability. Like dozens of level 10, full RCE exploits. That's a good reason to ban them.
The default is:
adb settings put global airplane_mode_radios cell,bluetooth,wifi,nfc,wimax
I have mine set to:
adb settings put global airplane_mode_radios cell,wifi,wimax
In what sense could it ever be "practicable unnoticeable", much less "for any equipment"?
Conceivably it would use a different waveform with lower energy when transmitting clandestinely, but that would be insanely expensive to achieve, probably need to add a separate chip, and it wouldn't work for people who change phones regularly.
I'm reminded that a while back the Shin Bet modified a phone to have a chunk of plastic explosive, used to kill a Hamas bomb maker. It was detonated remotely with a non-phone protocol (as the phone channel was in use by the target).
I suspect various alphabet agencies are perfectly aware of this, and that they're actively avoiding such measures unless they're considered strictly neccesary. After all, imagine the media shit-storm if some North-Korean hacker group managed to start mining bitcoin with 2 billion Android devices and it turns out that NSA put in the back door that allowed it.
The technical problem was always that planes cross cells at speeds for which the gsm handover protocol was not designed. The business problem was phones would eat into the juicy onboard services turnover.
edit: Quickest thing I could find was a Tucker Carlson piece, so grain of salt https://www.youtube.com/watch?v=0s8ZG6HuLrU
It is possible for a handset to attach to a network without a SIM card for the purposes of making an emergency call. Please don't think removing or swapping your SIM card stops tracking.
I've yet to see 2G or 3G phones try and talk to a local network in aeroplane mode (though you shouldn't believe me). I did see some oddness years ago when testing an early and proprietary LTE handset, but I'm not sure I'd believe that either.
There was a great talk about some of this from black hat; how the CIA renditioned Abu Omar out of Italy and how they were found out: https://youtu.be/BwGsr3SzCZc
The second is the international mobile subscriber identifier, IMSI. This is the identifier the SIM sends to ask the network for functionality.
Even without a sim installed, the phone may transmit and will transmit its IMEI when doing so. This is so that cell towers can talk back to the device (a bit like ssids in WiFi networks). As mentioned in other replies to you you can often dial emergency numbers and your calls are routed. To do that you need to know which device is calling.
So yes you can track individual phones. You can also tell when a phone has changed SIM or a SIM has changed phone and so on. No idea if networks do this, but the data is there.
If a phone is reported stolen in the UK and reported, it's IMEI can be added to this list and the device becomes useless in participating countries, say for example, Spain, or Germany or the US.
My point is, it's a globally unique identifier; tempering with, modifying or cloning them is illegal in some countries.
The SIM itself is almost irrelevant, but, with the information mobile providers hold, it's trivial to link a SIM account, a device identifier and a person (particular given some countries require ID by law to obtain a SIM).
everywhere? I found this in 1 minute.
That attitude reflects the dead ends I've experienced when looking around for how to change IMEIs for various phone models I was interested in. Also note all the disclaimers in the thread you linked.
Maybe recent phones are still so straightforward with QPST that any time the question is actually asked it's bound to get flooded with crap? It certainly doesn't feel that way. Eventually I'll get around to setting up another Windows VM and seeing what modern QPST can actually do.
I don't think that's workable.
Remember, the phone is not a walkie-talkie - it's a node on a cellular network and has to participate on that network to be addressable and receive messages.
This means it is answering status requests, sending ACKs, etc. In order to receive a text, the phone has to be sending TX outward.
Is it possible that there could be a phone network built to send RX only transmissions to network nodes (handsets) that were otherwise silent ? Sure - but I don't believe any of the GSM/3G/LTE specs define any such behavior.
In short, if your phone is truly in an RX mode, I don't think it can receive a SMS - or participate on the cellular network in any way.
Me, and a colleague, where actually the first to get a paging through from network to a UE in LTE. Sure, it was a test UE the size of a small refrigerator, and the network was a simulated network. But still. All layers involved.
The paging, at the time, was the only way for the network to silently contact the UE, and that message didn’t contain any information. It was basically just a: “Hello IMEI X, are you here?”
The article is largely fear mongering, though. The way the system is designed means that the location of every connected device is known at least at cell level. If that wasn't the case you could not be called!
Edit: by law they have have to keep location data, though I'm not sure to what extent.
The author of this article does not seem to know the topic but makes sweeping, borderline conspiratist, claims...
Apparently Apple phones will silently phone home an SMS as an iMessage heartbeat when you turned off data.
I bought a SIM card in France, loaded 10 EUR for a 9,95 plan. But my balance declined to 9,85 despite having data turned off and not making any calls/SMSs.
There was no record in Messages, but my provider showed me sending a text.
Ugh. Another 5 EUR added just to buy the 9,95 plan.
I recently traveled abroad and bought a local SIM card, and when I first activated it I got a dialog asking if I approved of it sending the iMessage activation SMS. It wasn't silent.
I don't know how new this behavior is
Drove me bonkers when my carrier claimed I sent an SMS but my phone showed I had not.
Edit: others reported that there’s a message that said “Your Carrier May charge for SMS messages used to activate iMessage” that would still send even if you hit “Cancel”.
Seems like a lot of providers don’t charge for this SMS, but for those that do, it can be a costly int’l SMS.
We cannot trust software to actually disconnect as advertised. It is not in the network operator's interest. Unfortunately, it is also not in the phone manufacturer's interest to have you disconnect. Wake up, this is only a dream.
Just because there is a physical control presented to the user doesn't mean there won't be any hidden connections inside the phone still.
I think using a solid cage is the best bet.
1. If a phone is off e.g. iOS’s General->Shut Down, then can it still receive and transmit signals?
2. What is the best kind of cheap case / enclosure for a cellphone that would prevent signals from being transmitted or received? Can I just wrap a cellphone in aluminum foil and place said wrapped cellphone in a Tupperware / plastic sandwich container?
3. What is an effective way for an RF layperson like myself to detect whether or not my phone is transmitting or receiving signals while it appears to be off e.g. RF tool or measurement device?
I just want a way to know and be completely certain that “off” means “off”.
1a) You don't know (because your phone can pretend to be off). You need to remove the battery (and also remove hidden batteries)
1b) some phones support NFC, which can theoretically be used when the phone is off.
2) I suggest being familiar with: https://en.wikipedia.org/wiki/Faraday_cage and your cellphone before making a decision
3) I don't know, but this would help with #2
Similar steps would have to be taken for monitoring the device to ensure the hardware switch does what it's told, same goes for the software.
Then turn off the speaker when you want to use the mic.
Or do what Snowden does and de-solder the microphone and rely on manually plugging in a mic in the headphone jack.
Is easy to stablish a probable connection between this sudden need to watch all phones in relation to the disturbs in Catalonia coordinated by sms messages and apps.
Would be trivial to connect the pool of "people that went to the place X at the day Y", and the part of the city or neighborhoods where they mainly go to sleep after the disturbs. Many other sensible things can be disclosed from that, like how many people came from Euskadi to join the disturbs for example, and if they joined to eat before in a special place).
Nobody signed to accept to participate in this, and there is not a way that allow you to be excluded.
Is totally "1984" level, is outrageous, breaks many red lines all "in your face european parlament", and somebody should pay for that.
There are 1130 results:
The last wave from the Centre d'Studis d'Opinió from the Generalitat (Local Government), measures support for independence at 44% vs 48% who wish to remain part of Spain.
So from far away, I would question the neutrality of the Centre d'Studis d'Opinió.
Also, if the numbers are right, then why on earth does the spanish government escalate and not just let them have a referendum which fails and have peace afterwards?
They are the "Department of Statistics" of Catalonia, and they are controlled by the local government (pro-independence), so i am not sure why would they be biased to report lower support than the actual one.
Our Constitution does not consider secession of part of a territory. To hold a referendum, they will have to change the constitution first, which is unlikely to happen in the short term.
Also, I am not sure that a referèndum is the best way to settle this conflict. I think that other options that can gather the support of more than 50% of the population would offer a better solution. (i.e., how do you build a new country when half of the population feels strongly about it?)
this is exactly the current situation with spain! About half of catalans feel very strongly against the spanish state. This is obviously not sustainable. But the spaniards prefer to bully the catalans, to earn votes elsewhere, than to solve the problem once and for all by holding a binding independence referendum.
I for one couldn't care less anymore about the spanish position. I do not consider spain a legitimate state, and we will have to free ourselves from it by any means necessary.
Brexit would like a word with you.
Support for independence and voting share of parties supporting Catalan independence are two different things. Heavily correlated, sure, but not equivalent.
Spanish Constitution does not allow regions (Autonomous Communities in Spain's legal jargon) to make referendums. What's the issue here?
there is no way you can present holding a controversial referendum as worthy of a jail sentence at all, let alone 15 years.
"broke the law"... i mean, crossing the street when the light is red is "breaking the law". buying weed is "breaking the law".
it is a provocative heavy-handed foolish move by the Spanish Supreme Court, that will only serve to inflame tensions, as it now provides an air of martyrdom.
it's all thoroughly unnecessary and gratuitous.
it would be enough to say "well that referendum result doesn't count, sorry. nope." and you'd have a bit of protest and another "illegal" referendum every few years, but you wouldn't be feeding the popularity of the Catalonian independence movement.
it was a stupid move.
hubris appears unattractive to the global lens.
mind you, I couldn't have given 2 hoots about any of this, just reporting on how it appears on the world stage.
So yes: it actually was a case of stealing millions.
In other words, laws are not necessarily holy, just because they are laws.
To achieve it though they will have to convince the whole world that it is true and more important then anyone's relationship with Spain
I'm sure there are more; these are just three I'm familiar with.
About Flakland Islands I don't know, so I don't have an opinion.
> Do you think that USA would allow Texas or Lakota Nation to secede?
I think Symbiote was using Scotland as an example to prove that this wasn’t out of the question.
a lot depends on the outcome. you can bet that the british empire didn't "let" the colonies secede, but they did anyway, persevered, and eventually the british "let them" by way of not pursuing the war.
and so, here we are. the same could happen with spain, or a state in the US, or w/e. winners tend to write the history books, as well as perspective on past events.
No matter how many times this was repeated it feels still relevant to explain it; cows do not fly and 1,6 millions is neither the 90% of 46,7 millions, nor the 43% of 46,7 millions.
It certainly raises some doubts
Organized themselves to create non-stop disturbes, block repeatedly several main roads, attack systematically police (to the point of almost killing a policeman and hurting thousands), burn cars and bikes, and creating damages only to the street furniture in Barcelona valued in 3,5 Million euro. The aditional damage to the economy and tourism has been estimated in more than three hundreds millions euro lost.
I would love to hear your definion of terrorism. Must be a very interesting one.
This does not change the fact that the massive surveillance that the government is announcing, has never happened before, sets a very dark precedent, has surpassed all reasonable limits and is an error. The secret services must be running wild and at full power without nobody trying to stop them
Peaceful demonstrations were also organized, and there’s no ex ante way with this system to target the violations to perpetrators (or to set up any judicial safety check, although in Spain I’m told that would not make much of a difference).
Spain keeps crossing all of the red lines we have set as europeans, and yet our governments will do nothing because they want to avoid troubling the euro even more. This is a recipe for disaster if I ever saw one.
If you are told that, is simple. You are being lied (and pretty gullible).
Lied by the same people that keep repeating "Spain is baaad!, baaad!, baaah!, baaah!, baaah!".
Okay, Lets talk about judicial safety procedures. The entire trial was public, transparent, broadcasted in direct on TV, and can be watched in internet if you want to freely make your own opinion (and die of boredom). The sentence was justified in 493 pages that you can also read in this link, because... surprise! we, the PIGS, had the same ancient laws than in the rest of the stupendous Europe. We adopted this laws earlier in fact and Roman law is still studied and relevant for lawyers.
Please read it, watch it, explore the truth by yourself and don't hesitate to tell me if you find that there was something pigilesque and "uneuropean" here and in what part this people did not enjoyed the right of defense and a fair trial.
> Peaceful demonstrations were also organized
Oh, then is all fine. Lets continue this Anschluss and burn the city
Maybe I’m being lied, and maybe I’m too gullible, but it’s a hard sell to say that everything is fine and dandy on Spain.
Just this year you had quite a scandal with the supreme court changing a decision about mortgage taxes by quite a margin. Not forget that your current foreign affairs minister got caught red handed trading with inside information, something that warrants jail in all other western countries.
There is discussion but let us keep it honest.
In Spain it is legal to want independence, it is legal to create political parties that go for it, legally, BUT it is not legal to go against the law.
Creating a referendum is not legal because in Spain the sovereignty is in the general Spanish population, not in the local population.
This is not Scotland, Catalonia has never been a sovereign state that decided to join a union preserving its sovereignty. Spain was created as the union(by marriage) of the reigns of Castilla and Aragón, that included Catalonia.
The secesionist organized a referendum and they themselves counted the votes, like Stalin said it is not important who votes but who counted the votes. They added a million to the real number.
The local population holds over 50% of secessionist votes.
BTW the joke of gobertment that Spain has given the Catalan local Government(managed by secessionist!!) the management of prisons there. So they will be released soon after the elections, because the president is there thanks to the support of secessionists.
That's not what happened with Scotland.
I had all kinds of older phones, and in older times 20-25 years ago there were tons of places with zero signal (villages, islands, places out of the city, national parks, and so on) and the phones survived just fine.
That's as zero as in a faraday cage, as far as the phone is concerned -- no tower to talk to at all, 0 bars for hours or days on end.
I'm reminded of Raj Chetty who publishes papers based on exclusive access to IRS tax return data. (https://www.sciencemag.org/news/2014/05/how-two-economists-g...) Not real science unless you can have access to that data, too. You can't.
No, it does not mean that it's stored de-anonymized. It means that it can be de-anonymized if required by a court order.
EDIT because all the downvotes, this is not nitpicking. The deanonymizing data is ELSEWHERE, not on the servers. It takes a court order to obtain it, employees cannot use it. It's an important point.
"Anonymizing" this kind of data is really just saying "for some of these users, it'll be somewhat expensive to unmask them. for others it will be trivial."
Also New Zealand did it first, using exactly the same model.
The stats department don't get unit record.
What would you say if a SaaS told you that they store your password hashed, but that they can reverse it and get it out in plain text, if someone with authority asks?
Edit: stop with the downvotes please. Whether you agree or not, anonymizing something does not always mean it cannot be de-anonymized. And who can do it (and under what circumstances) is important.
These techniques have a long track record in the private sector and with public entities such as the US Census, with a lot of formal research to back it up.
Bound to an individual, but not actionable via the collecting agency without outside input.
>The only way to make sure is to remove the SIM card and battery from the phone.
You only have to remove the battery, not the battery and the SIM. You aren't being tracked if your phone has no battery.
GDPR explicitly states that no permission is required if the data is anonymised. The data shared with the INE will be movement of batches of at least 5000 people. The movements will be between 3500 zones. There are more than 60.000 cell phone towers in Spain, so they could have made the movements much more precise if they wanted (at the cost of anonymity of course). If less than 5000 people cross from a zone to another it will not be shared. No IMEI/IMSI/MSISDN will be shared.
I understand that there might be concerns of de-anonymisation, but it makes no sense. If the Spanish government wanted to track someone they already can, with a court order. Spanish phone providers are required by law to store this data for 6 months minimum up to 2 years maximum. (https://www.boe.es/buscar/doc.php?id=BOE-A-2007-18243). The government is going to receive data from 4 working days, 1 weekend day, a holiday and two days in Summer. Tying this with Tsunami Democratic is a bit strange. There is an ongoing investigation, so they can already track people tied with the movement as long as they have some form of personal information (IMEI, IMSI, MSISDN). Honestly, a massive protest one of those days might throw off the statistics in Catalunya.
And by the way, this data is already being sold to third parties for profit:
Sometimes, unfortunately, it's being sold without anonymisation too and leaks have happened. Just one example in the USA:
Bingo! Is there a court order here?
Better build your own device.
So yes, looks extremely convenient these days.
Regarding the politicians, may these traitors rot in jail. They betrayed their people and surrendered themselves when everybody was on the streets ready to fight.
As long as data is not de-aggregated and de-anonymized there is no issue here.
I see no relationship with the GPDR as this law applies to personal data and the agreement explicitly stated that data must be aggregated.
As long as it is used to know people flow or for statistical purposes, I see no wrong here.
The other political statements and comparisons he makes, well are unrelated and sincerely looks like political propaganda to me.
I currently work for an spanish ISP, and I can tell you that this test will put a lot of stress in the ISPs network. Querying, for example, cellid for so many phones simultianeously is going to be a problem. Other data like IMSI and so on is not a problem because it's stored in a database.
For people who is scared of this, ditch your phones because extracting your location, subscriber id and other info is, honestly, trivial. It is not to do at scale, but if someone wanted to spy on you and had access to the ISP network, be it via hacking into it (very difficult in the one I work for, but may be possible), or using a law, they can know where are you with very little effort.
Awfully hopeful there.
"The other political statements and comparisons he makes, well are unrelated and sincerely looks like political propaganda to me."
I would say the same about your assertions of innocence and presumption that the data can not be de-anonymized. If the "propaganda" is supporting user privacy I'd say you're on the wrong side of this discussion.