Cell-Tracking Paranoia

Evidently I’m not the only one interested in preserving privacy by giving smartphones concrete shoes and sending them to swim with the fishies — or at least pulling batteries from regular dumb phones.

Just before Slashdot switched over to April Fools’ Day everything-in-ROT13-mode, they posted a very apropos piece soliciting cell privacy tips.

The comments revealed a few tidbits of information worth thinking about:
1) It’s dead easy and VERY common for n’er-do-wells to remotely bug cell phones by issuing over-the-air firmware updates… these updates record ambient audio even while the phone “pretends” to be turned off. Unless the phone has a built-in free-energy cold-fusion reactor, the power consumption involved means pulling the battery ought to be a solid defense against this.

2) Black-market cell-phone tracking software or websites are (probably) available to just about anyone in the know, telling world+dog where your cell phone is (within the limits of cell site triangulation).

There’s been at least one hacker conference talk on doing this yourself (by getting the right sort of account with an obscure cellular services provider?) but all I’ve been able to find right now gets you to city-level resolution (https://events.ccc.de/congress/2008/Fahrplan/events/2997.en.html).

3) At least certain models of cell phones contain 3V memory-backup type cells, which work even when the battery’s gone. These might be enough for intentional, very intermittent (once every 6 hours?) cell tower pings. If that’s in your threat model (and it should be, if a malicious over-the-air firmware update is) then the only solution is a Faraday cage bag or pocket of some sort.

http://yro.slashdot.org/comments.pl?sid=3601263&cid=43329201 http://yro.slashdot.org/comments.pl?sid=3601263&cid=43330103 http://news.cnet.com/2100-1029-6140191.html

%d bloggers like this: