Cellphone surveillance explained

Cellphone surveillance (also known as cellphone spying) may involve tracking, bugging, monitoring, eavesdropping, and recording conversations and text messages on mobile phones. It also encompasses the monitoring of people's movements, which can be tracked using mobile phone signals when phones are turned on.[1]

Mass cellphone surveillance

Stingray devices

StingRay devices are a technology that mimics a cellphone tower, causing nearby cellphones to connect and pass data through them instead of legitimate towers.[2] This process is invisible to the end-user and allows the device operator full access to any communicated data. They are also capable of capturing information from phones of bystanders.[3] This technology is a form of man-in-the-middle attack.[4]

StingRays are used by law enforcement agencies to track people's movements, and intercept and record conversations, names, phone numbers and text messages from mobile phones. Their use entails the monitoring and collection of data from all mobile phones within a target area.[5] Law enforcement agencies in Northern California that have purchased StingRay devices include the Oakland Police Department, San Francisco Police Department, Sacramento County Sheriff's Department, San Jose Police Department and Fremont Police Department. The Fremont Police Department's use of a StingRay device is in a partnership with the Oakland Police Department and Alameda County District Attorney's Office.

End-to-end encryption such as Signal protects traffic against StingRay devices via cryptographic strategies.[6]

Dirtbox (DRT box)

Dirtbox (cell phone) is a technology similar to Stingrays that are usually mounted on aerial vehicles that can mimic cell sites and also jam signals. The device uses an IMSI-catcher and is claimed to be able to bypass cryptographic encryption by getting IMSI numbers and ESNs (electronic serial numbers).

Tower dumps

A tower dump is the sharing of identifying information by a cell tower operator, which can be used to identify where a given individual was at a certain time.[7] As mobile phone users move, their devices will connect to nearby cell towers in order to maintain a strong signal even while the phone is not actively in use.[8] These towers record identifying information about cellphones connected to them which then can be used to track individuals.

In most of the United States, police can get many kinds of cellphone data without obtaining a warrant. Law-enforcement records show police can use initial data from a tower dump to ask for another court order for more information, including addresses, billing records and logs of calls, texts and locations.[9]

Targeted surveillance

Software vulnerabilities

Cellphone bugs can be created by disabling the ringing feature on a mobile phone, allowing a caller to call a phone to access its microphone and listening. One example of this was the group FaceTime bug. This bug enables people to eavesdrop on conversations without calls being answered by the recipient.

In the United States, the FBI has used "roving bugs", which entails the activation of microphones on mobile phones to the monitoring of conversations.[10]

Cellphone spying software

Cellphone spying software[11] is a type of cellphone bugging, tracking, and monitoring software that is surreptitiously installed on mobile phones. This software can enable conversations to be heard and recorded from phones upon which it is installed.[12] Cellphone spying software can be downloaded onto cellphones.[13] Cellphone spying software enables the monitoring or stalking of a target cellphone from a remote location with some of the following techniques:[14]

Cellphone spying software can enable microphones on mobile phones when phones are not being used, and can be installed by mobile providers.[10]

Bugging

Intentionally hiding a cell phone in a location is a bugging technique. Some hidden cellphone bugs rely on Wi-Fi hotspots, rather than cellular data, where the tracker rootkit software periodically "wakes up" and signs into a public Wi-Fi hotspot to upload tracker data onto a public internet server.

Lawful interception

Governments may sometimes legally monitor mobile phone communications - a procedure known as lawful interception.[15]

In the United States, the government pays phone companies directly to record and collect cellular communications from specified individuals. U.S. law enforcement agencies can also legally track the movements of people from their mobile phone signals upon obtaining a court order to do so.

These invasive legal surveillance can cause a change in public behaviors directing our ways of communication away from technology based devices.

Real-time location data

In 2018, United States cellphone carriers that sell customers' real-time location data - AT&T, Verizon, T-Mobile, and Sprint- publicly stated they would cease those data sales because the FCC found the companies had been negligent in protecting the personal privacy of their customers' data. Location aggregators, bounty hunters, and others including law enforcement agencies that did not obtain search warrants used that information. FCC Chairman Ajit Pai concluded that carriers had apparently violated federal law. However, in 2019, the carriers were continuing to sell real-time location data. In late February 2020, the FCC was seeking fines on the carriers in the case.[16]

Occurrences

In 2005, the prime minister of Greece was advised that his, over 100 dignitaries', and the mayor of Athens' mobile phones were bugged.[12] Kostas Tsalikidis, a Vodafone-Panafon employee, was implicated in the matter as using his position as head of the company's network planning to assist in the bugging.[12] Tsalikidis was found hanged in his apartment the day before the leaders were notified about the bugging, which was reported as "an apparent suicide."[17] [18] [19] [20]

Security holes within Signalling System No. 7 (SS7), called Common Channel Signalling System 7 (CCSS7) in the US and Common Channel Interoffice Signaling 7 (CCIS7) in the UK, were demonstrated at Chaos Communication Congress, Hamburg in 2014.[21] [22]

During the coronavirus pandemic Israel authorized its internal security service, Shin Bet, to use its access to historic cellphone metadata[23] to engage in location tracking of COVID-19 carriers.[24]

Detection

Some indications of possible cellphone surveillance occurring may include a mobile phone waking up unexpectedly, using a lot of battery power when on idle or when not in use, hearing clicking or beeping sounds when conversations are occurring and the circuit board of the phone being warm despite the phone not being used. However, sophisticated surveillance methods can be completely invisible to the user and may be able to evade detection techniques currently employed by security researchers and ecosystem providers.[25]

Prevention

Preventive measures against cellphone surveillance include not losing or allowing strangers to use a mobile phone and the utilization of an access password.[13] Another technique would be turning off the phone and then also removing the battery when not in use.[13] Jamming devices or a Faraday cage may also work, the latter obviating removal of the battery [26]

Another solution is a cellphone with a physical (electric) switch or isolated electronic switch that disconnects the microphone and the camera without bypass, meaning the switch can be operated by the user only - no software can connect it back.

See also

References

https://mfggang.com/read-messages/how-to-read-texts-from-another-phone/

Notes and References

  1. News: Live Tracking of Mobile Phones Prompts Court Fights on Privacy . . December 10, 2005 . 26 March 2014 . Richtel, Matt.
  2. News: 'Stingray' Phone Tracker Fuels Constitutional Clash. Valentino-DeVries. Jennifer. 2011-09-22. The Wall Street Journal. 2019-11-07. en-US. 0099-9660.
  3. Web site: New Records Detail How the FBI Pressures Police to Keep Use of Shady Phone Surveillance Technology a Secret . 2024-05-03 . American Civil Liberties Union . en-US.
  4. News: 5G Is Here—and Still Vulnerable to Stingray Surveillance. Wired. 2019-11-07. en. 1059-1028.
  5. Web site: 9 Calif. law enforcement agencies connected to cellphone spying technology . ABC News, News10 . March 6, 2014 . 26 March 2014 . Bott, Michael . Jensen, Thom . https://web.archive.org/web/20140324044838/http://www.news10.net/story/news/investigations/watchdog/2014/03/06/5-california-law-enforcement-agencies-connected-to-stingrays/6147381/ . 24 March 2014 . dead .
  6. Web site: WikiLeaks Says the CIA Can "Bypass" Secure Messaging Apps Like Signal. What Does That Mean?. Grauer. Yael. 2017-03-08. Slate. en. 2019-11-07.
  7. Web site: Verizon reports spike in government requests for cell 'tower dumps'. Williams. Katie Bo. 2017-08-24. The Hill. en. 2019-11-07.
  8. Web site: Giz Explains: How Cell Towers Work. Gizmodo. 21 March 2009 . en-us. 2019-11-07.
  9. News: Cellphone data spying: It's not just the NSA. USA Today. John Kelly. 13 June 2014.
  10. Web site: FBI taps cell phone mic as eavesdropping tool . . December 1, 2006 . 26 March 2014 . McCullagh, Declan . Broache, Anne .
  11. Web site: Cell Phone Spying Software. Cell Phone Spying.
  12. The Athens Affair. 44. 7. V., Prevelakis. D., Spinellis. July 2007. IEEE Spectrum. 26–33. 10.1109/MSPEC.2007.376605. 14732055.
  13. Web site: Tapping your cell phone. Segall, Bob. June 29, 2009. WTHR13 News (NBC). 26 March 2014.
  14. https://www.youtube.com/watch?v=elgj2ZFMZDE News report
  15. Web site: The price of surveillance: US gov't pays to snoop. AP News. 10 July 2013 . 2019-11-11.
  16. News: 4 cellphone carriers may face $200M in fines for selling location data . . 2020-02-27 . 2020-02-28.
  17. Web site: Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?. James BamfordJames. Bamford2015-09-29T02:01:02+00:00. The Intercept. 29 September 2015 . 7 June 2017.
  18. Web site: Story of the Greek Wiretapping Scandal - Schneier on Security. www.schneier.com. 7 June 2017.
  19. Web site: Software engineer?s body exhumed, results in a month - Kathimerini. ekathimerini.com. 7 June 2017.
  20. Web site: Ericsson's Greek branch fined over wire-tapping scandal. 6 September 2007. thelocal.se. 7 June 2017.
  21. News: SS7 hack explained: what can you do about it?. Samuel. Gibbs. 19 April 2016. 7 June 2017. The Guardian.
  22. The Critical Hole at the Heart of Our Cell Phone Networks. Kim. Zetter. Wired. 7 June 2017.
  23. Cahane. Amir. 2021-01-19. The (Missed) Israeli Snowden Moment?. International Journal of Intelligence and CounterIntelligence. 34. 4. 694–717. 10.1080/08850607.2020.1838902. 0885-0607. free.
  24. Cahane. Amir. 2020-11-30. Israel's SIGINT Oversight Ecosystem: COVID-19 Secret Service Location Tracking as a Test Case. University of New Hampshire Law Review. en. Rochester, NY. 3748401.
  25. Book: Kröger. Jacob Leon. Raschke. Philip. Data and Applications Security and Privacy XXXIII. Is My Phone Listening in? On the Feasibility and Detectability of Mobile Eavesdropping. Lecture Notes in Computer Science. 11559. 2019. 102–120. 0302-9743. 10.1007/978-3-030-22479-0_6. 978-3-030-22478-3. free.
  26. Web site: Steven . Davis . 2024-02-17 . Notifications and Alerts? . 2024-05-17 . JammerX . en-US.