Risk
7/24/2013
10:54 AM
Connect Directly
RSS
E-Mail
50%
50%

Can The NSA Really Track Turned-Off Cellphones?

It depends on semantics, security experts say. What's clear is that surveillance is becoming much more sophisticated.

Surveillance alert: For almost a decade, the National Security Agency has had the ability to track cell phones, even when they're turned off.

But it all depends on what's meant by "track," "phone" and "off."

This tracking ability was revealed on July 20 by The Washington Post, in an article chronicling the evolution of the NSA's signals intelligence work in the wake of the Sept. 11 attacks, when intelligence agencies, the military and the FBI created an "insatiable demand for its work product." That demand was driven in no small part by CIA and paramilitary units and clandestine Joint Special Operations Command (JSOC) teams who wanted to use cellphones as real-time beacons to track (and eventually capture or kill) al-Qaeda leaders.

One of the "products" supposedly on offer from September 2004 was "a new NSA technique that enabled the agency to find cellphones even when they were turned off," reported the Post. "JSOC troops called this 'The Find,' and it gave them thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq, according to members of the unit."

That news was reported verbatim by numerous media outlets, including Russia Today, which noted that "12 years after the Sept. 11 attack -- and more than three since al-Qaeda leader Osama bin Laden was executed thanks to tactics employed by the NSA, CIA and others -- these operations have not been scaled back." In other words, adding to the list of programs that are collecting data on Americans, now we have to worry about our location being tracked by cellphones even when they're turned off.

But security experts chimed in that cellphones really can't be tracked when they're turned off. "This isn't true -- at least, it's not what you think," said Robert David Graham, CEO of Errata Security, in a blog post. "If you turn your iPhone/Android off, the NSA cannot track you by your phone number" or any other identifying information broadcast by the phone, he said.

Now come the caveats. For one thing, phones that are turned off may not actually be turned off. "If the NSA elects to modify your phone's firmware, removing the battery is the only way to ensure it's actually 'off,'" tweeted Marsh Ray, who works on Windows Azure active authentication at Microsoft.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
justanotherengineer
50%
50%
justanotherengineer,
User Rank: Apprentice
8/1/2013 | 6:30:18 PM
re: Can The NSA Really Track Turned-Off Cellphones?
Combine this with the recent 'apps' that use the accelerometer to determine when to take some pictures, and record some sounds (aka PlaceRaider) . . . and you have the ultimate in surveillance. People who voluntarily bug themselves.
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
7/28/2013 | 2:56:43 PM
re: Can The NSA Really Track Turned-Off Cellphones?
Exactly why their access -- or the potential they have to access it -- is worrisome.
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
7/27/2013 | 10:36:38 AM
re: Can The NSA Really Track Turned-Off Cellphones?
Your interpretation of "doing something wrong" may fall inline with the popular definition, but governments consider things "wrong" for quite many reasons. I leave it up to you to spin that thought further on.
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
7/27/2013 | 10:34:49 AM
re: Can The NSA Really Track Turned-Off Cellphones?
There is still the option to take a hammer. Any iPhone will be off for sure after that.
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
7/25/2013 | 6:29:38 PM
re: Can The NSA Really Track Turned-Off Cellphones?
This could have come in handy when I lost my cellphone last week.

Jim Donahue
Managing Editor
InformationWeek
Alex Kane Rudansky
50%
50%
Alex Kane Rudansky,
User Rank: Apprentice
7/25/2013 | 5:02:01 PM
re: Can The NSA Really Track Turned-Off Cellphones?
Cara, I agree. The element of choice is significant. While most Americans have nothing to hide, the idea that we have no control over what the government can access is concerning. Nordstrom's tracking is still concerning, but at least consumers can opt out.
MyW0r1d
50%
50%
MyW0r1d,
User Rank: Apprentice
7/25/2013 | 4:50:13 PM
re: Can The NSA Really Track Turned-Off Cellphones?
From the point of view of dropping added chips in a cell phone, sealed phones like the iPhone certainly make doing so much more time consuming. They also make removing the battery (ensuring off means off) logically impossible. Next DLP step to avoid corporate espionage, check your iPhones at the door before entering company strategy meetings. Wouldn't it be nice to have a meeting once again with everyone focused rather than distracted by texting, catching the latest news on their phone or forgetting to turn on the mute features?
Rick_in_WV2day
50%
50%
Rick_in_WV2day,
User Rank: Apprentice
7/25/2013 | 2:05:45 PM
re: Can The NSA Really Track Turned-Off Cellphones?
Even if your cell phone is turned of its still emitting a signal. So are your rfid chips in credit cards. 1984 just came a little too late but it's here to stay...
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
7/25/2013 | 1:38:18 PM
re: Can The NSA Really Track Turned-Off Cellphones?
The difference between retailers accessing my smartphone -- and only providing warning -- and the government accessing my phone is that I can choose whether or not to enter Nordstrom and be subjected to it. While I am certain that I am not doing anything that would set off alarms at the NSA, CIA, or any governmental agencies, the fact that the government can still have access to my phone without my having a say is unsettling.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0914
Published: 2014-07-30
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 through 6.2.8 for Tivoli IT Asset Management f...

CVE-2014-0915
Published: 2014-07-30
Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; and Maximo Asset Management 6.2 through 6.2.8...

CVE-2014-0947
Published: 2014-07-30
Unspecified vulnerability in the server in IBM Rational Software Architect Design Manager 4.0.6 allows remote authenticated users to execute arbitrary code via a crafted update site.

CVE-2014-0948
Published: 2014-07-30
Unspecified vulnerability in IBM Rational Software Architect Design Manager and Rational Rhapsody Design Manager 3.x and 4.x before 4.0.7 allows remote authenticated users to execute arbitrary code via a crafted ZIP archive.

CVE-2014-2356
Published: 2014-07-30
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.

Best of the Web
Dark Reading Radio