Jump to content

Samsung, Nokia say they don’t know how to track a powered-down phone


shamu726

Recommended Posts

Privacy International still awaits answers from Apple, BlackBerry, and others.

samsung-gs4-2-640x426.jpg

Gloves do not faze the Galaxy S 4.

Back in July 2013, The Washington Post reported that nearly a decade ago, the National Security Agency developed a new technique that allowed spooks to “find cellphones even when they were turned off. JSOC troops called this ‘The Find,’ and it gave them thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq, according to members of the unit.”

Many security researchers scratched their heads trying to figure out how this could be so. The British watchdog group Privacy International took it upon itself to ask eight major mobile phone manufacturers if and how this was possible in August 2013. On Monday, the group published replies from the four firms that have responded thus far: Ericsson, Google, Nokia, and Samsung. (Apple, HTC, Microsoft, and BlackBerry have not yet sent in a response.)

A research officer at the organization, Richard Tynan, wrote that “two themes stood out among the companies that replied: hardware manufacturers claim that they strive to switch off almost all their components while the phone is powered down, and if tracking occurs it is likely due to the installation of malware onto the phone.” Here are a few of the responses:

According to Tynan, Google responded:

When a mobile device running the Android Operating System is powered off, there is no part of the Operating System that remains on or emits a signal. Google has no way to turn on a device remotely.

Samsung Vice President Hyunjoon Kim noted that “without the power source it is not possible to transmit any signal, due to the components being inactive. Thus the powered off devices are not able to be tracked or monitored by any third party.” Meanwhile, Nokia’s Vice President and Chief Ethics and Compliance Officer Chad Fentress said:

Our devices are designed so that when they are switched off, the radio transceivers within the devices should be powered off. We are not aware of any way they could be re-activated until the user switches the device on again. We believe that this means that the device could not be tracked in the manner suggested in the article you referenced.

Tynan himself wrote to Ars on Monday evening, noting: "We also think that Nokia’s wording is very nuanced. The word “should" is very conspicuous as they don’t say that transceivers 'are' switched off: 'the radio transceivers within the devices should be powered off.'"

By contrast, Ericsson, which no longer manufactures handsets, explicitly acknowledged the possibility via malware.

“In general we can say that when a mobile phone is turned off, it does not transmit any signals or identify itself,” Elaine Weidman Grunewald, an Ericsson vice president, responded. “The only electronics normally remaining in operation are the crystal that keeps track of time and some functionality sensing on-button and charger connection. The modem (the cellular communication part) cannot turn on by itself. It is not powered in off-state. Power and clock distribution to the modem is controlled by the application processor in the mobile phone. The application processor only turns on if the user pushes the on-switch. There could, however, be potential risks that once the phone runs there could be means to construct malicious applications that can exploit the phone. But again, we would encourage you to contact the mobile device manufactures for further information.”

Samsung's letter also referred to "spyware which mimics the status of the battery being fully drained."

So of the companies Tynan heard from, all current phone manufacturers refuted the idea of tracking a powered-down phone. The Washington Post's track record on the NSA discoveries has been solid so far, so the jury is still out on this possible exploit. If you have some informed insight, get in touch—we’d still love to hear more from anyone who can demonstrate that this vulnerability is possible.

Source: Ars Technica

Link to comment
Share on other sites


  • Views 793
  • Created
  • Last Reply

Top Posters In This Topic

  • shamu726

    1

Popular Days

Top Posters In This Topic

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...