Risk
7/24/2013
10:54 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Can The NSA Really Track Turned-Off Cellphones?

It depends on semantics, security experts say. What's clear is that surveillance is becoming much more sophisticated.

Surveillance alert: For almost a decade, the National Security Agency has had the ability to track cell phones, even when they're turned off.

But it all depends on what's meant by "track," "phone" and "off."

This tracking ability was revealed on July 20 by The Washington Post, in an article chronicling the evolution of the NSA's signals intelligence work in the wake of the Sept. 11 attacks, when intelligence agencies, the military and the FBI created an "insatiable demand for its work product." That demand was driven in no small part by CIA and paramilitary units and clandestine Joint Special Operations Command (JSOC) teams who wanted to use cellphones as real-time beacons to track (and eventually capture or kill) al-Qaeda leaders.

One of the "products" supposedly on offer from September 2004 was "a new NSA technique that enabled the agency to find cellphones even when they were turned off," reported the Post. "JSOC troops called this 'The Find,' and it gave them thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq, according to members of the unit."

That news was reported verbatim by numerous media outlets, including Russia Today, which noted that "12 years after the Sept. 11 attack -- and more than three since al-Qaeda leader Osama bin Laden was executed thanks to tactics employed by the NSA, CIA and others -- these operations have not been scaled back." In other words, adding to the list of programs that are collecting data on Americans, now we have to worry about our location being tracked by cellphones even when they're turned off.

But security experts chimed in that cellphones really can't be tracked when they're turned off. "This isn't true -- at least, it's not what you think," said Robert David Graham, CEO of Errata Security, in a blog post. "If you turn your iPhone/Android off, the NSA cannot track you by your phone number" or any other identifying information broadcast by the phone, he said.

Now come the caveats. For one thing, phones that are turned off may not actually be turned off. "If the NSA elects to modify your phone's firmware, removing the battery is the only way to ensure it's actually 'off,'" tweeted Marsh Ray, who works on Windows Azure active authentication at Microsoft.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
justanotherengineer
50%
50%
justanotherengineer,
User Rank: Apprentice
8/1/2013 | 6:30:18 PM
re: Can The NSA Really Track Turned-Off Cellphones?
Combine this with the recent 'apps' that use the accelerometer to determine when to take some pictures, and record some sounds (aka PlaceRaider) . . . and you have the ultimate in surveillance. People who voluntarily bug themselves.
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
7/28/2013 | 2:56:43 PM
re: Can The NSA Really Track Turned-Off Cellphones?
Exactly why their access -- or the potential they have to access it -- is worrisome.
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
7/27/2013 | 10:36:38 AM
re: Can The NSA Really Track Turned-Off Cellphones?
Your interpretation of "doing something wrong" may fall inline with the popular definition, but governments consider things "wrong" for quite many reasons. I leave it up to you to spin that thought further on.
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
7/27/2013 | 10:34:49 AM
re: Can The NSA Really Track Turned-Off Cellphones?
There is still the option to take a hammer. Any iPhone will be off for sure after that.
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
7/25/2013 | 6:29:38 PM
re: Can The NSA Really Track Turned-Off Cellphones?
This could have come in handy when I lost my cellphone last week.

Jim Donahue
Managing Editor
InformationWeek
Alex Kane Rudansky
50%
50%
Alex Kane Rudansky,
User Rank: Apprentice
7/25/2013 | 5:02:01 PM
re: Can The NSA Really Track Turned-Off Cellphones?
Cara, I agree. The element of choice is significant. While most Americans have nothing to hide, the idea that we have no control over what the government can access is concerning. Nordstrom's tracking is still concerning, but at least consumers can opt out.
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
7/25/2013 | 4:50:13 PM
re: Can The NSA Really Track Turned-Off Cellphones?
From the point of view of dropping added chips in a cell phone, sealed phones like the iPhone certainly make doing so much more time consuming. They also make removing the battery (ensuring off means off) logically impossible. Next DLP step to avoid corporate espionage, check your iPhones at the door before entering company strategy meetings. Wouldn't it be nice to have a meeting once again with everyone focused rather than distracted by texting, catching the latest news on their phone or forgetting to turn on the mute features?
Rick_in_WV2day
50%
50%
Rick_in_WV2day,
User Rank: Apprentice
7/25/2013 | 2:05:45 PM
re: Can The NSA Really Track Turned-Off Cellphones?
Even if your cell phone is turned of its still emitting a signal. So are your rfid chips in credit cards. 1984 just came a little too late but it's here to stay...
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
7/25/2013 | 1:38:18 PM
re: Can The NSA Really Track Turned-Off Cellphones?
The difference between retailers accessing my smartphone -- and only providing warning -- and the government accessing my phone is that I can choose whether or not to enter Nordstrom and be subjected to it. While I am certain that I am not doing anything that would set off alarms at the NSA, CIA, or any governmental agencies, the fact that the government can still have access to my phone without my having a say is unsettling.
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6212
Published: 2014-04-19
Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2013-6215
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.

CVE-2013-6218
Published: 2014-04-19
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

Best of the Web