A radio is inherently a locator beacon. Radio direction finding has been a cornerstone of signals intelligence for over a century. A cell phone sending encrypted messages over Signal or WhatsApp is way less suspicious than a radio mysteriously appearing on a hill. Just get a patsy to buy a normal sim card - not an "anonymous sim card" - I'm sure cartels are easily able to do this.
Shouldn't these things be easily detectable? If you can use your GPS and radio in your phone to get a list of nearby towers and one mytseriously shows up, it seems likely this would be one of these devices.
If your phone is transmitting radio signals it is identifiable and trackable. A smart phones' primary feature and defining feature is transmitting radio signals. I don't think anyone is surprised at these "anonymous" bluetooth functions being deanonymized. But at least bluetooth beacons aren't going to go very far.
Multi-lateration of cell phone radio transmission via precise shared clocks at the base stations gives telcos a ~100m (these days) position that is updated very frequently. In the USA this stored by telcos for 2-5 years and is often sold to both private and government purchasers.
And anyone moderately skilled in SDR with a few thousand dollars can do the same for a small area (much larger than a bluetooth area though).
These are operating off of Chinese cell towers near the border, so the Nork authorities have no access to cellular system records. They have to use plain old RF direction finding techniques to pinpoint the location of a signal, and then catch a person with an illegal cell phone in their possession.
I think cell antennas have unique identifiers. If true, can you detect when you connect to a tower that isn't your usual tower in your usual geographic location (assuming you're being targeted at home, for example).
And if there is indeed a unique id, can the fake cell take the id of a real cell and still work with the cellphone company, or would it need the cooperation of the cellphone company? (for example, the cell company would look at hops?)
I guess it's too much to hope that the cellphone companies would try to protect our privacy.
Maybe someday we'll have police running things similar to license scanners but for cellphone conversations. They'll drive around the city recording conversations to detect keywords for illegal activity (herb, drug, murder of crows, etc)
EDIT: actually, I don't think they need to hijack cellphone connections. They can just listen in - at least they used to be able to. We determined the identities of the bombers of our embassies in Africa in the late-90s through cellphone conversations through RC-135s flying along the Africa coast from Diego Garcia, and an intelligence gathering satellite that drags an antenna behind it.
This also detects when the GPS is used. If the phone has GPS and cell radio (for reception and transmission) disabled, it's a lot harder for any malware to figure out its location (not impossible -- there is some research about identifying locations in a metro network using an accelerometer alone).
While it's easy to prevent the phone from recording your conversation (just place it somewhere out of earshot, maybe next to a noise source for the duration of the conversation alone), it's much harder to prevent it from learning where you're going (if you're taking it with you).
That geo-locates you to a cell phone tower. There is probably a bunch more stuff that anonymity-keen (tin-foil-hatters) people will mention; CCTV from the corner shop when you buy the phone and the sim, whatever you use to buy the phone and sim etc etc.
Sure but one is inherently more difficult (radio direction finding) than the other (having your phone constantly beacon to a dense network of towers).
What I was alluding to is when you have full access to the cellular network, there are other indicators that can be used to task tracking other than just the SIM card. You don't need to know that phone X is person Y, you just need to know that phone X fits the criteria of how a drug mule operates.
What I really do not understand is why the secrecy over methods at all. A cellphone is giving out an identifiable radio signal. Any half decent electronic engineering degree student should be able to cook up something that could track cellphones.
I dont think they need to xmit beyond the baitphone making standard connections.
Also there are apps for scanning and tracking celltower stength and mass-logging GPS data. I think that data could be the input to their detector... don't need a trunk full of HW.
Even without GPS, the cell phone position can often be triangulated by the tower itself.
That even has a compelling public safety justification (911 calls) so it wouldn't surprise me if phone companies were already doing that as a matter of course.
For a reason I can't reply to you brk but I used the same ideas.
My last question was about communicating openly or not about it.
- Openly would make robber aware and probably come up with attacks
or blocking means, but that would surely render their activities
a lot more complicated. Could be mass-produced.
- Secretly a few people would have it and use it as bait, and
authorities being aware of the scheme would casually catch robbers
later. No mass-production
Oh one more thing, I was thinking about using a cellular module with custom firmware to reply to text messages with gps position but I'm not sure it's feasible.
Are there any projects or methods on how to locate fake base stations? I know that the blackphone is able to do that, but is there more on the technical side of e.g. triangulating the location and track them down?
Well even a completely trustable cell radio is tracked with tower triangulation. The only way I see to fix this is to completely rearchitect the mobile network by getting rid of subscriber IDs, using anonymous payments for tower access, and then a mix network for transit privacy. That is to say, location data is a wash for the foreseeable future..
Surreptitious microphones and other sensors are indeed still a problem, but they seem easy to audit/remove in the short term, and if this model catches on and they become a real threat, the physical audits just have to go deeper.
What you do gain is a processor that can be trusted by the user (in the same way we all trust Intel CPUs), with the Mifi only seeing encrypted communications. Also we've moved the demarc point solidly between two separate physical devices - upgrade your pocket computer without involving your cell provider, and replace your communications ability without affecting your user environment.
Law enforcement can triangulate location from a mobile phone signal via your celluar network provider with or without Google's help, and has been able to do so since the very beginning.
I don't understand how those work but they seem different from what I am suggesting. I am saying to use the strength of the cell tower signal received by many phones in order to detect where authentic cell towers are.
The caveat being that these things are only doing cell tower triangulation, and not even a good job of it. So all it will be able to tell you is that your car is somewhere on the east side of the city or so. Although you will be able to listen in on the conversations of the car thieves and might pick up a clue from that.
Realistically, these are 100% for stalking/espionage.
reply