[guardian-dev] detecting mobile phone location

Nathan of Guardian nathan at guardianproject.info
Tue Feb 11 12:21:58 EST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 02/11/2014 10:59 AM, Lee Azzarello wrote:
> On 2/11/14, 9:20 AM, Matej Kovacic wrote:
>>> Hi,
>>> 
>>> I have a contact with one of the human rights activists in
>>> Sudan. The person told me a story, that some Somalian
>>> indigenous people, who are opressed by the Sudanian regime did
>>> the test with mobile phones.
>>> 
>>> They turned the mobile phone on, put it on some corner and
>>> went several hundert meters away. In an hour airplane came and
>>> bombed the house.

This sounds very similar to the case in Syria where a journalist was
using a fixed satellite uplink to communicate via Skype, and it was
eventually targeted by mortar fire. Whether the targeting was through
radio signal tracking or a more crude means, the fact that it was
fixed made it more easy to locate and destroy.

>>> I am quite curious how is that possible if there is no mobile 
>>> signal there. Of course, I don't know the details, it is
>>> possible, that mobile signal is there. As far as I know, it is
>>> possible to connect to a base station from up to 30 km away,
>>> but I am not sure how triangulation works if there is only one
>>> base station nearby.

This is definitely part of the story that sounds questionable. If
there was malware on the phone that tapped into the GPS (was it a
smartphone?), then the precise coordinates of a house are possible to
locate. If it is just a feature phone and the location occured via
cellular base station triangulation, there would need to be a good
density of towers in the area for the phone to connect to.
Alternately, there could have been a drone or aerial tracking of some
sort, which is apparently what the US is capable of.

Any sort of digital surveillance of this sort, was also likely paired
with human, on the ground intelligence, such that it was known the
person of interest might be coming to a certain house, and the cell
signal being roughly in the area only confirmed that. Again, based on
recent reports, it often seems that simply knowing a phone is on in a
rough area is enough reason to target a bombing or drone strike.

>>> Now they have a question: how to protect from this? They came
>>> with an idea that they will simply remove SIM card and
>>> communicate via wi-fi. System would create with meshing network
>>> where each mobile phone would be a relay node.

There are a variety of technical wifi mesh system that are possible
for short range sharing - Samsung phones even have a whole bunch of
built in apps that make this possible via wifi direct. However, a
persistent large mesh system takes time to put in place, and given the
state of Syria, would not really be possible with the current
restriction on import of technology, imho.

>>> 
>>> There is an application from Swiss mountain rescue service
>>> called Uepaa (http://www.uepaa.ch), which is doing similar
>>> thing.
>>> 
>>> There is also interestin slovenian project doing this with
>>> home wi-fi routers: https://wlan-si.net/en/ and 
>>> https://nodes.wlan-si.net/.
>>> 

For one project that we contributed Android code to, see
http://commotionwireless.net/

A 10 node system was recently deployed in Tunisia, with the help of a
qualified team. The Android app does work, but it mostly requires a
rooted device (Cyanogen even better), running the right type of wifi
driver.

Even with mesh however, you are emitting a radio signal, that is
trackable via your MAC hardware address, and so on. Location tracking
of wifi signals via MAC is now a fairly common skill that even ad
marketers are using, so I wouldn't put it beyond a government.

Most mesh systems are built for humanitarian purposes and not
adversarial situations, and so the state of their security and
anti-surveillance features is quite minimal.

>>> Any idea how to privide safe communications in such a case? 
>>> Because encryption is not a solution, problem is location
>>> privacy.
> Radio Direction Finding (RDF) has a rich history that predates
> mobile phones. A solution to provide safe communications when a
> radio is an active target for an air strike is not to use a radio
> to communicate.

I would agree. If you are being actively targeted for bombing, I would
avoid using radio emitting systems at all. Netbooks or cheap laptops
with wifi off, or in a strech an Android device without SIM and wifi
off, combined with physical couriers of encrypted (TrueCrypt or encFS)
USB flash drives or SD cards, are probably the best way to go, in that
case. It seems a bit archaic perhaps, but at least you won't be
broadcasting a radio signal, while still providing a means for secure
digital exchange of information between remote groups.

> At the very least use the radio only for some kind of store and 
> forward system whereby the user may transmit a message and
> immediately power down the radio after transmission.

Yes, a store and forward system where people travel to a central area
to send/exchange messages also makes a great deal of sense.

In the end, places like Syria and Sudan are active war zones for all
intensive purposes, and need to be approached in that way. The export
of digital surveillance tools to anyone with the funds to by them is a
reality, and so any plausible capability should be seriously considered.

+n





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJS+lw2AAoJEKgBGD5ps3qpKyYQAJJG2OFyuvPUToEMX1VkyaCv
VMRbriSJVfZQpZ6uYuIzGzefOiDVE/3cUp6Npq1bLrxx63XL2WfotMWz5MMazv/7
+3H4SCdgbg6spUkp/Pj8KccciEwmkFpaAR8QpCLqzF6lA5kP/FBUZR9UAJzDjYHc
mcbNl0FfgX7i/E7cgB5dKqJ+QlIJnsCSMtA1mvPRt8zSGFfhUzT51VtXHSfsdOTe
HCSjxym7SO2dbHYz6LWXdhNG+w2IQUCIi3st3tpox60D9kxhiXF6fYbjQPxT9jck
0YlbJDnh/kQx66qLE528j29rwPv8lSGiolrLMYnpKgb47zFPa/MqQkRH77QmdwWz
6aUo64yAqaiX5REWrA7k8aitE7se22K0E3iz/mCiNLokH1jwzCgTMuxJrYlT1G5B
Hlg+aAkLsY4t4WwzOZ25CFlkIgHp+Voj83dojgfzSRiNDJO30RjTlPd6jIeyuiNj
llR0DHBiIIMhA5nK+ZDPp4qFgpNYnDO6CfrdoWmu7NsYnHh4kEOl8BVmKuOj71x5
SKU2+jtPGDFnwEnY0OFwpl5NnsXDlSJXwEek1y0YQDEczP6e/cYuFwP2WXOiTvv9
YOxD+Qtqcf5Vqf5RlRwj6A5T6Kuh/oiqFrP18JP3iaWqyXTKlTXxWkAvAMhtwDSn
Xuz4ORXNYCXTrYdUQ1ZN
=6OMw
-----END PGP SIGNATURE-----


More information about the Guardian-dev mailing list