NSA Tracking of powered down cellphones and other wireless devices

Talk about anything else here.
Post Reply
JTC
Posts: 5
Joined: Sun Jan 21, 2018 7:17 am

NSA Tracking of powered down cellphones and other wireless devices

Post by JTC » Sun Jan 21, 2018 7:39 am

Hello all. I'm relatively new to the SDR world and this is my first post.

I recently read an interesting article about the NSA having the ability to track powered down mobile devices and many were commenting on that story, "How could this be possible?" I found myself asking the same thing and thought I'd raise the question here, and contribute my theory on the subject.

First the question: We all have heard that the best way to prevent your device from being tracked is to remove the battery (for those devices that have batteries that can be removed), but what about simply turning your device off. Most mobile devices run IOS or Android so how can they function if the OS is not booted and running?

My theory: RF signals are for all intents and purposes a form of wireless energy propagating throughout the atmosphere and any conductor having any difference in electrical potential verses this RF energy will have a current induced in it, therefore is it not reasonable to conclude that a mobile device could be inadvertently capturing, processing with it's de-energized internal circuitry and then re-broadcasting a modulated signal that could be uniquely identified? Granted any such induced currents and resulting modulations would be exceedingly weak and likely easily lost in an ocean of static but assume that an organization such as the NSA might have some advanced technological capability to recognize and capture these signals.

I am anxious to hear your thoughts and theories.

rtlsdrblog
Site Admin
Posts: 2060
Joined: Mon Nov 19, 2012 11:54 pm

Re: NSA Tracking of powered down cellphones and other wireless devices

Post by rtlsdrblog » Sun Jan 21, 2018 11:57 pm

Have a look at back scatter, here's a simple example with RTL-SDRs https://www.rtl-sdr.com/rtl-sdr-based-w ... r-network/. Could be possible that each phone would have a unique backscatter.

I think more likely is that if the battery isn't removed then the phone probably isn't fully powered down, and is still transmitting something. Probably via NSA malware.

Aussie Susan
Posts: 34
Joined: Sun Jul 31, 2016 1:55 am

Re: NSA Tracking of powered down cellphones and other wireless devices

Post by Aussie Susan » Mon Jan 22, 2018 1:48 am

Also check out how RFID systems work where the device is "powered" by the reader.
Also there are a number of new devices coming on to the market with 'wireless charging'.
I know this is not what you are talking about as both of those examples have the 'other end' device designed to respond to the remote power/signal and also require the two devices to be fairly close together.
Susan

parabolix
Posts: 2
Joined: Mon Jul 31, 2017 6:24 am

Re: NSA Tracking of powered down cellphones and other wireless devices

Post by parabolix » Mon Jan 22, 2018 6:32 pm

See Theremin's "the thing".

You already know your phone can be remotely managed. If you are a person of interest, they probably just drop some software on it that intercepts the power button. You guys are at rtl-sdr.com. you know you can test for this, right?

JTC
Posts: 5
Joined: Sun Jan 21, 2018 7:17 am

Re: NSA Tracking of powered down cellphones and other wireless devices

Post by JTC » Wed Jan 24, 2018 11:16 pm

Thank you all for your responses. Very interesting thoughts. Once I have the right equipment I'd like to do some experimenting along these lines.

I had another thought regarding detection of re-broadcast RF from otherwise dead devices, every circuit has a resonant frequency. Knowing that frequency or having access to the appropriate technical data about the circuit, could it be possible to generate a brief, high powered RF pulse at a specific frequency designed to interact with the resonant frequency of the powered down circuit leading to a stronger modulated signal from that circuit, perhaps strong enough to defeat background static and be detectable at a short range? I wonder if the NSA or military has such a capability already. We all know of Tempest and what they can do with regards to that, we know they are experimenting with RF electronics jamming and EMP. This would seem like a natural evolution of those technologies.

I also wonder if any attempts by myself or other individuals to conduct experiments into this sort of thing might run afoul of United States FCC regulations. I am curious from a scientific standpoint, but I have no wish to break any law, cause unwanted interference with anyone else's equipment or compromise anyone's privacy.

Aussie Susan
Posts: 34
Joined: Sun Jul 31, 2016 1:55 am

Re: NSA Tracking of powered down cellphones and other wireless devices

Post by Aussie Susan » Thu Jan 25, 2018 5:27 am

What you are describing (bounding a strong enough signal off a 'dead' device) is basically what I was mentioning above about the RFID chips. The trick is to know the appropriate frequency before hand.
For the RFID chips that is easy as they are designed to respond to a given frequency. For other devices (especially those that are not designed specifically for that purpose) then finding the frequency would be rather hard. Also the signals will almost certainly run foul of the country regulators (anywhere) as there are very few frequency ranges that do not require licensed transmitters or only very low power (garage door openers etc.).
I know that radar reflects of general objects but again that is working with a known and strong source signal and looking for the reflection within a very narrow frequency range (especially for doppler radars).
Susan

JTC
Posts: 5
Joined: Sun Jan 21, 2018 7:17 am

Re: NSA Tracking of powered down cellphones and other wireless devices

Post by JTC » Tue Feb 06, 2018 3:28 am

Susan, forgive the lateness of my reply, I sometimes don't get as much time as I would like to dedicate to my SDR hobby. I very much appreciate your response. My aim is in determining the feasibility of detecting completely dead non-RFID devices. It occurs to me that such technology may be useful in search & rescue operations. For example generating a strong, localized, wide band RF pulse and listening for an echo from an dead electronic device carried by a missing hiker in a forest. Such an echo might be useful in direction-finding the hikers location.

My resources are somewhat limited, but I would like to construct a "test device" consisting perhaps of some LC circuit designed to resonate at a frequency that would not fall into a restricted band or otherwise interfere with anything nearby and construct perhaps using an SDR Transceiver a signal generator to supply the pulse and listen for an echo.

W1ABA
Posts: 21
Joined: Fri Jul 06, 2018 5:05 pm

Re: NSA Tracking of powered down cellphones and other wireless devices

Post by W1ABA » Sat Jul 07, 2018 3:18 am

Keep in mind that the NSA mandates that OEM's include backdoors in most devices, whether they be hardware or software.

Snoden is your friend, check out some of his releases::>

Linux is managed and distributed outside US jurisdiction, which makes inclusion of software in the operating system more difficult to compromise.

Aloha

1ABA

Post Reply