Risk
7/24/2013
10:54 AM
50%
50%

Can The NSA Really Track Turned-Off Cellphones?

It depends on semantics, security experts say. What's clear is that surveillance is becoming much more sophisticated.

Surveillance alert: For almost a decade, the National Security Agency has had the ability to track cell phones, even when they're turned off.

But it all depends on what's meant by "track," "phone" and "off."

This tracking ability was revealed on July 20 by The Washington Post, in an article chronicling the evolution of the NSA's signals intelligence work in the wake of the Sept. 11 attacks, when intelligence agencies, the military and the FBI created an "insatiable demand for its work product." That demand was driven in no small part by CIA and paramilitary units and clandestine Joint Special Operations Command (JSOC) teams who wanted to use cellphones as real-time beacons to track (and eventually capture or kill) al-Qaeda leaders.

One of the "products" supposedly on offer from September 2004 was "a new NSA technique that enabled the agency to find cellphones even when they were turned off," reported the Post. "JSOC troops called this 'The Find,' and it gave them thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq, according to members of the unit."

That news was reported verbatim by numerous media outlets, including Russia Today, which noted that "12 years after the Sept. 11 attack -- and more than three since al-Qaeda leader Osama bin Laden was executed thanks to tactics employed by the NSA, CIA and others -- these operations have not been scaled back." In other words, adding to the list of programs that are collecting data on Americans, now we have to worry about our location being tracked by cellphones even when they're turned off.

But security experts chimed in that cellphones really can't be tracked when they're turned off. "This isn't true -- at least, it's not what you think," said Robert David Graham, CEO of Errata Security, in a blog post. "If you turn your iPhone/Android off, the NSA cannot track you by your phone number" or any other identifying information broadcast by the phone, he said.

Now come the caveats. For one thing, phones that are turned off may not actually be turned off. "If the NSA elects to modify your phone's firmware, removing the battery is the only way to ensure it's actually 'off,'" tweeted Marsh Ray, who works on Windows Azure active authentication at Microsoft.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
7/25/2013 | 1:38:18 PM
re: Can The NSA Really Track Turned-Off Cellphones?
The difference between retailers accessing my smartphone -- and only providing warning -- and the government accessing my phone is that I can choose whether or not to enter Nordstrom and be subjected to it. While I am certain that I am not doing anything that would set off alarms at the NSA, CIA, or any governmental agencies, the fact that the government can still have access to my phone without my having a say is unsettling.
Rick_in_WV2day
50%
50%
Rick_in_WV2day,
User Rank: Apprentice
7/25/2013 | 2:05:45 PM
re: Can The NSA Really Track Turned-Off Cellphones?
Even if your cell phone is turned of its still emitting a signal. So are your rfid chips in credit cards. 1984 just came a little too late but it's here to stay...
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
7/25/2013 | 4:50:13 PM
re: Can The NSA Really Track Turned-Off Cellphones?
From the point of view of dropping added chips in a cell phone, sealed phones like the iPhone certainly make doing so much more time consuming. They also make removing the battery (ensuring off means off) logically impossible. Next DLP step to avoid corporate espionage, check your iPhones at the door before entering company strategy meetings. Wouldn't it be nice to have a meeting once again with everyone focused rather than distracted by texting, catching the latest news on their phone or forgetting to turn on the mute features?
Alex Kane Rudansky
50%
50%
Alex Kane Rudansky,
User Rank: Apprentice
7/25/2013 | 5:02:01 PM
re: Can The NSA Really Track Turned-Off Cellphones?
Cara, I agree. The element of choice is significant. While most Americans have nothing to hide, the idea that we have no control over what the government can access is concerning. Nordstrom's tracking is still concerning, but at least consumers can opt out.
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
7/25/2013 | 6:29:38 PM
re: Can The NSA Really Track Turned-Off Cellphones?
This could have come in handy when I lost my cellphone last week.

Jim Donahue
Managing Editor
InformationWeek
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
7/27/2013 | 10:34:49 AM
re: Can The NSA Really Track Turned-Off Cellphones?
There is still the option to take a hammer. Any iPhone will be off for sure after that.
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
7/27/2013 | 10:36:38 AM
re: Can The NSA Really Track Turned-Off Cellphones?
Your interpretation of "doing something wrong" may fall inline with the popular definition, but governments consider things "wrong" for quite many reasons. I leave it up to you to spin that thought further on.
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
7/28/2013 | 2:56:43 PM
re: Can The NSA Really Track Turned-Off Cellphones?
Exactly why their access -- or the potential they have to access it -- is worrisome.
justanotherengineer
50%
50%
justanotherengineer,
User Rank: Apprentice
8/1/2013 | 6:30:18 PM
re: Can The NSA Really Track Turned-Off Cellphones?
Combine this with the recent 'apps' that use the accelerometer to determine when to take some pictures, and record some sounds (aka PlaceRaider) . . . and you have the ultimate in surveillance. People who voluntarily bug themselves.
Councillor CarlC174
50%
50%
Councillor CarlC174,
User Rank: Apprentice
12/11/2014 | 3:20:36 AM
re: Can The NSA Really Track Turned-Off Cellphones?
There is a seperate battery which runs the GPS system on most phones, with the technology now days it is easy to find a phone that is turned off even with the battery out as GPS battery much harder to remove.

My advice leave your phone at home.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.