Can police monitor cellphones even when their shut off?
August 23, 2005 8:09 AM   Subscribe

Cell phone surveillance... just heard what must be an urban myth: that police have the capability to use your cellphone as a listening device and that even if the power is off, that the device can be powered up remotely. The person who passed this information takes out his battery to ensure that his conversations are not monitored. I have heard of aliens monitoring brainwaves through metal fillings, but this seems over the top. Any truth?
posted by swamperro to Technology (40 answers total) 2 users marked this as a favorite
 
This guy is nuts. End of story.
posted by mikeh at 8:20 AM on August 23, 2005


If it were true they'd still need a warrant to monitor your communications, meaning they'd listen in using traditional bugs if you took your battery out.

There exists no mechanism for turning on phones and putting them in listening mode, or activating phones remotely. I don't know about all carriers but I have been to many cellular companies "super secret" cubicle farms and have seen cool new gadgets, but nothing like this. It would probably technically feasible if there were some sort of cooperation between the cell phone maker and provider, but it doesn't happen.

I thought 9/11 pretty much proved the government has no ability to monitor even important things, let alone your friends conversations.
posted by geoff. at 8:21 AM on August 23, 2005


This ranks up there with the "undercover cops have to say yes when asked if they're a cop" story.
posted by trey at 8:21 AM on August 23, 2005


Your friend is needlessly paranoid. If the phone is off there is no way to be used as a listening device. For the phone to be used the manner suggested, there would have to be a auxillary power setting. If the phone was off, there is no way for it to get a signal to begin recording.

So, yeah, this is just another urban legend. For this to occur, the police/FBI/NSA/whomever would need to have made clandestine arrangements with ALL the phone manufacturers. Then none of those engineers responsible for creating the system, who are typically a privacy-oriented group, mention it. Then it doesn't get mentioned in any court cases that you have ever heard of. And the whole thing could be foiled by the criminal merely seeing if their battery is running low prematurely from serving as a dictaphone whenever police think there MIGHT be criminal activity happening near their phone.
posted by herting at 8:22 AM on August 23, 2005


Well...That's just what they'd *want* you to believe, isn't it?
posted by Jofus at 8:23 AM on August 23, 2005


Wow, that's about the nuttiest thing I've ever heard. I don't even know what to say; that's just nutty. Think it through: this person's theory depends on (a) your phone (and all cellphones) having the ability to listen for signals even when turned off, and respond to a specific signal by turning on; (b) the police being able to turn on your phone and your phone alone; (c) the police being able to know which phone is yours; (d) your phone being able to initiate a cell phone call to some surveillance line purely via remote control. Does this even pass the laugh test?
posted by delfuego at 8:24 AM on August 23, 2005


If you really want to drive this guy nuts, tell him that there's a secret second internal battery that cannot be removed from the phone.
posted by zsazsa at 8:25 AM on August 23, 2005


It's just so much easier to monitor conversations the old fashioned way -- with a laser mike and a nearby hard surface.

...and on preview, zsazsa wins!
posted by aramaic at 8:27 AM on August 23, 2005


Delfeugo:
(a) is doable, and possibly even without running the battery down too much or emitting telltale transmissions, if all the phone did was turn its receiver on for a moment once a minute and check for the police's signal. Once you've got that far, (b), and by extension (c) and (d), are no harder than receiving an ordinary phone call.

Of course, if activity (a) did exist, someone would have discovered or leaked it by now. But it's not impossible.
posted by cillit bang at 8:33 AM on August 23, 2005


I haven't been able to track down a copy of the articles in question, however instapundit recently linked to something supporting this story from a Financial Times article, which also was apparently noticed by discourse.net. This made it sound like the police were tracking actual calls though, and since the FT article seems to be the root of these recent rumors I figured the journalist must have made a mistake.

That said, since newer phones are so dependent on software it didn't strike me as impossible, especially if the "patch" is pushed down by the operators after a police request, which the police probably couldn't make without a warrant (in the US at least... not sure about UK or Italy). But this is a lot of guessing and not many concrete facts. Does anyone have a FT subscription to have a look at the article?
posted by jwells at 8:51 AM on August 23, 2005


Supposedly, OnStar phones in GM cars can be turned on for remote listening, such as for emergencies. I don't know whether the police have used that capability, yet.
posted by caddis at 8:54 AM on August 23, 2005


Meanwhile, I would not doubt at all that the police/government can listen to cell phone calls that you make. A few years ago they weren't even scrambled - privacy was provided by outlawing the sale of police/fire scanners that could tune to those frequencies, but you could still listen on older scanners that had those freqs.
posted by TheOnlyCoolTim at 8:56 AM on August 23, 2005


I'm thinking that someone (not necessarily your friend) found out that cellphones can be used to locate you even when you're not operating the phone (obvious, since a cellular network can't connect a call if it doesn't know which cell area you're in), and the person extrapolated that into the idea that cellphones can be used to bug you even when switched off.

I second zsazsa - tell him there is a second back-up battery (there must be, since your settings and preference are still there when you put the battery back in), and that the back-up battery is recharged by the main battery, so you have to leave the main battery out of it for 2-4 days for the backup battery to go flat enough to ensure privacy :-)
posted by -harlequin- at 8:59 AM on August 23, 2005


This is/was possible with landlines. According to the phreaks, and spy supply stores.
posted by craniac at 9:03 AM on August 23, 2005


Seems like I've heard a lot of cellphone gossip lately, like this e-mail I received:


EVERYONE!

This is AMAZING! Dale and I just tried it and it WORKS!!! Check
it out!!!!! THIS REALLY, REALLY WORKS!!!!!!!!!!!!!!!!

Deborah :O)

Locked your keys in your car????

If you lock your keys in the car and the spare keys are at home, call someone on your cell phone.

Hold your cell phone about a foot from your car door and have the other person at your home press the unlock button of your key fob (clicker), holding it near the phone on their end. Your car doors will unlock. Saves someone from having to drive your keys to you.

Distance is no object you could be hundreds of miles away, and if you can reach someone who has the other "remote" for your car, you can unlock the doors (or the trunk!).

Pass this one on to your friends...

posted by odinsdream at 9:06 AM on August 23, 2005


Hah, that's a good one, odinsdream. Even if remote fobs worked using sound (which they don't) it would probably be ultrasonic and out of the range of frequencies transmitted by phones. This is on par with the myth about blowing a whistle into a phone to deafen a harassing caller, as though the phone system is capable of transmitting unlimited sound volume.
posted by kindall at 9:20 AM on August 23, 2005


My favorite part of the e-mail is: (or the trunk!). As if, you know, it needed to be explained that, could it open the doors, it could ALSO OPEN THE TRUNK!!!!

That, and the fact that I can't even get my phone to transmit my voice properly, much less a band of electromagnetic interference it's not even designed to receive.
posted by odinsdream at 9:30 AM on August 23, 2005


Your friend is perhaps combining two real truths about cell surveillance:

a) The Man can use your cell phone to locate you any time it's powered on. Modern cells are small, and you can actually get signals from mulltiple cells to locate the phone down to a 10-meter radius or so.

b) Onstar and similar in-car systems can be remotely activated and listen in on you. There are two modes: a normal one where the occupant is notified that an operator is listening, and a "vehicle recovery mode" designed to snoop on car thieves where the occupant is not notified. This has been used by the FBI to listen in on suspects.

Those are both assuredly true. I would conjecture that powered-on cell phones can probably be triggered to go off-hook remotely - it's nothing but software, you know... I doubt that powered-off phones can be remotely powered-on, however.
posted by jellicle at 9:35 AM on August 23, 2005


I'm not a scientist, but I still think it would be relatively easy to tell if a turned off cellphone was sending/receiving data, encrypted or not.

Here's an off the shelf cellphone detector to help do the job. Of course any sane tinfoil hat wearing human would build one from scratch, using hand crafted parts from known sources.
posted by furtive at 9:52 AM on August 23, 2005


I work for the engineering offices of a cell phone company and I assure you, there is no way this is possible. And what jellicle says is true.
posted by Specklet at 10:15 AM on August 23, 2005


I'm very skeptical, but I wonder if he got the idea from Coppola's film The Conversation (a very paranoid film indeed, but a good one).
posted by Tuwa at 10:18 AM on August 23, 2005


See also this AskMe question -- it doesn't necessarily take specialized hardware to tell when your cell phone is talking to a cell tower.

In my experience, speakers only "chunk" when my phone is turned on.
posted by event at 10:19 AM on August 23, 2005


id be more worried about onstar and the potential it has to track you down.
posted by chuckforthought.com at 10:31 AM on August 23, 2005


They had this in the science fiction book White Devils.
But that was only because it took place in a country with a telecom monopoly that was controlled by the government/corporation that made everyone lease their phones from them.
posted by Iax at 12:19 PM on August 23, 2005


A guy who picked me up hitchhiking once had an elaborate theory about how all electronic devices had outgoing transmission capabilities--to the extent that televisions could transmit pictures of the room it was in (& any illegal/untoward activities going on within it) to the CIA.

He also "couldn't remember" whether he'd studied Russian in college, and wondered whether I knew any Buddhist nuns who wanted to come live with him. Bonus: he was wearing a custom-embroidered hat that said "TV CAN CU." Your friend's haberdasher would've been proud.
posted by soviet sleepover at 12:22 PM on August 23, 2005


This is an urban myth which combines the paranoia about the backdoor capabilities of the clipper chip and the ability of the government (via the emergency broadcast network) to turn on televisions, radios, and who knows what else.
posted by Mack Twain at 12:32 PM on August 23, 2005


Actually...

A company does produce a phone which can be used as a remote listening device. It looks like a regular mobile phone, but when it is dialled in super secret spy mode it doesn't ring and starts transmitting whatever it picks up through the mic. The idea is that you either replace someone's cellphone with an identical "spy version" or leave it hidden where you need audio surveillence.

Of course, this doesn't work with a standard off the shelf phone. It's a $2400 device that would have to be planted on or near the victim.
posted by Monk at 1:06 PM on August 23, 2005


The above link mentions ready made 400 and 700 euro Nokia models. The $2400 version is a custom version based on any specific phone model.
posted by Monk at 1:09 PM on August 23, 2005


Well, for whatever it's worth, this from DOD (sorry it's so long - came to me as a .pdf attachment to an email):

Be Aware! Your cellular telephone has three major vulnerabilities

1. Vulnerability to monitoring of your conversations while using the phone.
2. Vulnerability of your phone being turned into a microphone to monitor conversations in the vicinity of your phone while the phone is inactive.
3. Vulnerability to "cloning," or the use of your phone number by others to make calls that are charged to your account.

Before discussing the vulnerabilities, a brief tutorial is provided on how cellular phones function.

• They send radio frequency transmissions through the air on two distinct channels, one for voice communications and the other for control signals. When a cellular telephone
is first turned on, it emits a control signal that identifies itself to a cell site by broadcasting its mobile identification number (MIN) and electronic serial number(ESN), commonly known as the "pair."

• When the cell site receives the pair signal, it determines if the requester is a legitimate registered user by comparing the requestor's pair to a cellular subscriber list. Once the cellular telephone's pair has been recognized, the cell site emits a control signal to permit the subscriber to place calls at will. This process, known as anonymous
registration, is carried out each time the telephone is turned on or picked up by a new cell site.


VULNERABILITY TO MONITORING:

All cellular telephones are basically radio transceivers. Your voice is transmitted through the air on radio waves. Radio waves are not directional -- they disperse in all directions
so that anyone with the right kind of radio receiver can listen in. Although the law provides penalties for the interception of cellular telephone calls, it is easily
accomplished and impossible to detect. Radio hobbyists have web sites where they exchange cell phone numbers of "interesting" targets. Opportunistic hobbyists sometimes
sell their best "finds." Criminal syndicates in several major U.S. metropolitan areas maintain extensive cell phone monitoring operations.

If the cellular system uses analog technology, one can program a phone number, or a watch list of phone numbers, into a cell-monitoring device that automatically turns on a voice-activated tape recorder whenever one of the watch listed numbers is in use.

Computer assisted, automatic monitoring allows monitoring a specific phone 24 hours a day, as the target moves from cell to cell, without any human assistance. If the cellular system uses newer digital technology, it is possible, for a price affordable by most radio hobbyists, to buy a digital data interpreter that connects between a scanner radio and a personal computer. The digital data interpreter reads all the digital data transmitted
between the cellular site and the cellular phone and feeds this information into the computer.

It is easy for an eavesdropper to determine a target's cellular phone number, because transmissions are going back and forth to the cellular site whenever the cell phone has battery power and is able to receive a call. For a car phone, this generally happens as soon as the ignition is turned on. Therefore, the eavesdropper simply waits for the target to leave his or her home or office and start the car. The initial transmission to the cellular site to register the active system is picked up immediately by the scanner, and the number can be entered automatically into a file of numbers for continuous monitoring.

One of the most highly publicized cases of cellular phone monitoring concerned former Speaker of the House of Representatives Newt Gingrich. A conference call between
Gingrich and other Republican leaders was "accidentally" overheard and then taped. The conversation concerned Republican strategy for responding to Speaker Gingrich's
pending admission of ethics violations being investigated by the House Ethics Committee. The intercepted conversation was reported in the New York Times and other newspapers.

Pagers have similar vulnerabilities. In 1997, police arrested officials of a small New Jersey company, Breaking News Network, that was monitoring pager messages to New
York City leaders, police, fire, and court officials, including messages considered too sensitive to send over the police radio. They were selling the information to newspaper
and television reporters. The offenses carry a penalty of up to five years in prison and fines of $250,000 for each offense.


VULNERABILITY TO BEING USED AS A MICROPHONE:

A cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone. This is done by transmitting to the
cell phone a maintenance command on the control channel. This command places the cellular telephone in the "diagnostic mode." When this is done, conversations in the immediate area of the telephone can be monitored over the voice channel. The user doesn't know the telephone is in the diagnostic mode and transmitting all nearby sounds until he or she tries to place a call. Then, before the cellular telephone can be used to place calls, the unit has to be cycled off and then back on again. This threat is the reason why cellular telephones are often prohibited in areas where classified or sensitive
discussions are held.


VULNERABILITY TO CLONING:

Cellular telephone thieves don't steal cellular telephones in the usual sense of breaking into a car and taking the telephone hardware. Instead, they monitor the radio frequency spectrum and steal the cell phone pair as it is being anonymously registered with a cell site.

Cloning is the process whereby a thief intercepts the electronic serial number (ESN) and mobile identification number (MIN) and programs those numbers into another telephone to make it identical to yours. Once cloned, the thief can place calls on the reprogrammed telephone as though he were the legitimate subscriber.

Cloning resulted in approximately $650 million dollars worth of fraudulent phone calls in 1996. Police made 800 arrests that year for this offense. Each day more unsuspecting people are being victimized by cellular telephone thieves. In one case, more than 1,500 telephone calls were placed in a single day by cellular phone thieves using the number of a single unsuspecting owner.

The ESN and MIN can be obtained easily by an ESN reader, which is like a cellular telephone receiver designed to monitor the control channel. The ESN reader captures the pair as it is being broadcast from a cellular telephone to a cell site and stores the information into its memory. What
makes this possible is the fact that each time your cellular telephone is turned on or used, it transmits the pair to the local cellular site and establishes a talk channel. It also
transmits the pair when it is relocated from one cell site to another.

Cloning occurs most frequently in areas of high cell phone usage -- valet parking lots, airports, shopping malls, concert halls, sports stadiums, and high-congestion traffic areas in metropolitan cities. No one is immune to cloning, but you can take steps to reduce the likelihood of being the next victim.


CELLULAR PHONE SECURITY MEASURES:

The best defense against these three major vulnerabilities of cell phones is very simple:

Do not use a cell phone.

If you must use a cell phone, you can reduce the risk by following these guidelines:

Because a cellular phone can be turned into a microphone
without your knowledge, do not carry a cellular phone into any classified area or other area where sensitive discussions are held.

Turn your cellular telephone on only when you need to place a call. Turn it off after placing the call.

Ask your friends and associates to page you if they need to talk with you. You can then return the page by using your cellular telephone.

Do not discuss sensitive information on a cellular phone. When you call someone from your cell phone, consider advising them you are calling from a cell phone that is
vulnerable to monitoring, and that you will be speaking generally and not get into sensitive matters.

Do not leave your cellular telephone unattended. If your cell phone is vehicle-mounted, turn it off before permitting valet parking attendants to park the car, even if the telephone automatically locks when the car's ignition is turned off.

Avoid using your cellular telephone within several miles of the airport, stadium, mall, or other heavy traffic locations. These are areas where radio hobbyists use scanners for
random monitoring. If they come across an interesting conversation, your number may be marked for regular selective monitoring.

If your cellular service company offers personal identification numbers (PIN), consider using one. Although cellular PIN services are cumbersome and require that you input your PIN for every call, they are an effective means of thwarting cloning.


Article compiled from various references.
posted by Pressed Rat at 2:06 PM on August 23, 2005 [1 favorite]


Specifically, from:

DEFENSE SECURITY SERVICE
INDUSTRIAL SECURITY FIELD OFFICE (S41PA)
283 S. LAKE AVENUE, SUITE 202
PASADENA, CA 91101-3105
posted by Pressed Rat at 2:07 PM on August 23, 2005


This is why asking stupid questions is a good thing.
posted by weapons-grade pandemonium at 4:22 PM on August 23, 2005


I wouldn't trust that article very much. Since it was written (ca. 1997?) the transition from analog to digital happened, bringing encryption and more complex authentication, making the activities described considerably harder.

(That and the "diagnostic mode" part just seems made up, or at least thirdhand and misunderstood from something that does exist)
posted by cillit bang at 4:38 PM on August 23, 2005


The entire DOD document that Pressed Rat quotes extensively from is available in hypertext form here. The quoted part is the cell-phone section of a comprehensive organizational security guide.

There are references, by the way, and most of them are to popular newsfotainment media, so I tend to take this with a grain of salt, but I am not sure that it is not true.
posted by ikkyu2 at 8:13 PM on August 23, 2005


UPDATE: Zsazsa's comments are right on... in a follow-up conversation the person I refer to as the source of information (and without any prompting on my part!), he state's that the power source that keeps the internal clock going is enough for law enforcement to use for surveillance. He cites the Aussies as the originators of this surveillance technique and that since then non-law enforcement have learned how use this backdoor to turn a cellphone's OS on and use it as a microphone.

Surely this can't be the case?
posted by swamperro at 9:27 PM on August 23, 2005


swamperro; there is no battery for an internal clock. Modern phones get their time from the network when they connect. There might be a battery for some kind of memory for phone contacts, but this would be a stupid design, since NVRAM is cheap, and works much better.
posted by odinsdream at 10:51 AM on August 24, 2005


Whether or not there's a "diagnostic mode" that can be initiated from the outside network isn't relevant to the question, is it? Wasn't the question whether or not this can be done while the phone is off? The answer to that is clearly "no, it can't."

I firmly believe at least some phones can be activated and put on-hook remotely, but only if it has power. I can't find the article at the moment, but Cisco VoIP land-line phones have a telnet server in each one which can easily be hacked and accepts a variety of commands, such as going off-hook without ringing. Sure, this is a land-line phone, but it's a good example of capabilities most people wouldn't even consider.
posted by odinsdream at 10:55 AM on August 24, 2005


Modern phones get their time from the network when they connect

Some do, some don't. Mine asks you to reset the clock when you switch it on if the battery has been disconnected for more than a few minutes. I've never spotted anything in any of the phones I've taken apart that resembles a backup battery, but I'm certain some kind of power source exists, even if it's only a capacitor.
posted by cillit bang at 2:36 PM on August 24, 2005


but I'm certain some kind of power source exists, even if it's only a capacitor.

Certain is a strong word. I will agree with you. There is definitely some power, even if it's induction from other electromagnetic interference in a single wire. What's the point of debating that, though? The point I was trying to make is that there isn't some phantom "hidden power source" that the phone can use to boot into some kind of diagnostic mode... and I think you'll find this is true.

Also, your phone asking you to reset the clock is an indication that there... is no backup battery.
posted by odinsdream at 3:42 PM on August 24, 2005


My point about my phone is that the clock does keep running for maybe 10 minutes without the main battery. But yes, I agree that there's unlikely to be enough power to operate the radio with the battery removed. There's nothing of any significant size in there.
posted by cillit bang at 4:13 PM on August 24, 2005


A recent story in the Guardian makes a claim which isn't quite as paranoid, but is still disquieting: it's possible to listen to you if your cellphone is powered on, even if you're not on a call. Via comp.risks.

The main means of tracking terrorist suspects down has been the monitoring of mobile phone conversations. Not only can operators pinpoint users to within yards of their location by "triangulating" the signals from three base stations, but - according to a report in the Financial Times - the operators (under instructions from the authorities) can remotely install software onto a handset to activate the microphone even when the user is not making a call.
posted by russilwvong at 2:57 PM on August 31, 2005


« Older I'm in need of a tried and tes...   |  Calendaring Software?... Newer »
This thread is closed to new comments.