TyperTech
Regular Member
- Joined
- Feb 26, 2024
- Posts
- 44
- Reaction score
- 0
- Status
- Offline
- Last Seen
Sometimes LE has a person of interest, sometimes they have a phone, a SIM, a MAC address, a physical location, an account on an app or website or any combination them. How do they get from that to tracking your every move and reading every message?
You, John Doe, you are a suspect.
1. You have a phone plan with a mobile carrier in your name. They will read all your SMS, listen to all your phone calls and watch your every move going back years and into the future. There are no tricks.
2. Your regular phone is clean but you have a burner. You have a history of using the burner phone with a burner SIM at your home. That is your phone because of location data history. If that data is not logged in your country then during an investigation any phone used at your home or work will be treated as possibly yours.
3. You do not use your burner at home but you use it while sitting at a cafe or while traveling in a car while your main phone is with you and turned on. That is your phone.
4. Your burner is 6 years old and you got it from your brother or it was actually your phone. The IMEI is the same and they are tied to your account at the carrier or a carrier you used to use. Maybe there is location history for that phone too. That is your phone.
5. You swap out the SIM, good as new right? IMEI is the same, still your phone.
They have an account.
1. You have a reddit account that you like to use. You like the karma and awards you have collected and can't stop using it. Reddit -> ISP-> your phone that is identified by IMEI and IMSI(SIM). That is your phone. Now they know all the other apps and websites you use too. They can see that you access wickr servers and they can go and ask wickr "This IP at this time, what account?".
MAC address
The MAC address usually does not go past the first hop in the network. With a phone the first hop will be the cell tower of your carrier but it is redundant since IMEI is sent as well. Some cities have free wifi that you sometimes authenticate with a phone number and some require no authentication. They get your MAC. Many ISP have access to the routers of their clients because of default passwords or they do not allow their clients to even access the router and manage it themselves. A MAC address is an issue on monitored networks or if logs are kept.
Physical location of an event
Maybe a package of drugs was dropped off 10 days ago or a handover just happened. Maybe you sold drugs at a club and you were seen leaving at a certain time. Perhaps you killed your drinking buddy in a drunken stupor 2-3 weeks ago. LE can ask Google or the ISP for a geofence warrant that gives them all phones at the location during a certain time period.
Intrusion
Intrusion is the hacking of your phone and that happens after they have identified the device they want to target. It can be done from across the world with no cooperation or authorization from local authorities or you might need to get close (meters with no special gear or a few hundred meters with special gear).
If they have a SIM card in mind then they can initiate the attack from across the world. If they want to compromise your cellular modem and get access that way then they might need the cooperation (voluntary or not) of your ISP to send custom packets that they otherwise couldn't send you.
Can a cellular modem with no SIM be attacked? A no SIM phone should not be visible to the network, it should not send out signals unless calling an emergency service. Could there be a flaw that would allow you to blast out a signal that would be processed by the phone and get you access? If a no SIM modem can authenticate with a network then why can't the network initiate the authentication? It is an active antenna that can and does send out signals, is it listening too? Are some of them listening?
You can be sent a link in an SMS that can compromise your phone. Maybe your SMS app has a flaw that would allow a malformed MMS to compromise it with no user action?
Any app where you can accept messages, voice or video calls or receive files could lead to compromise. App or system updates can be used to gain access.
Bluetooth and wifi are points of intrusion. Vulnerabilities have been found in NFC implementations.
You do not control your phone. Apple and Google do and to some extent any app maker that has apps that you can not uninstall, those will be your carrier, Facebook and phone manufacturer. If you turn off wifi then is it really off? ANOM phones had GPS disabled only visually. Apple nakedsecurity.sophos.com/2017/10/09/iphones-new-off-switch-that-leaves-bluetooth-and-wi-fi-turned-on/
You can mess around with rooting and custom ROMs but some issues remain. It is not easy to make your phone secure and you will probably not go as far as removing the camera, microphones, GPS and all of the wireless hardware except wifi. What you would be left with is an insecure computer that fits in your hand.
You, John Doe, you are a suspect.
1. You have a phone plan with a mobile carrier in your name. They will read all your SMS, listen to all your phone calls and watch your every move going back years and into the future. There are no tricks.
2. Your regular phone is clean but you have a burner. You have a history of using the burner phone with a burner SIM at your home. That is your phone because of location data history. If that data is not logged in your country then during an investigation any phone used at your home or work will be treated as possibly yours.
3. You do not use your burner at home but you use it while sitting at a cafe or while traveling in a car while your main phone is with you and turned on. That is your phone.
4. Your burner is 6 years old and you got it from your brother or it was actually your phone. The IMEI is the same and they are tied to your account at the carrier or a carrier you used to use. Maybe there is location history for that phone too. That is your phone.
5. You swap out the SIM, good as new right? IMEI is the same, still your phone.
They have an account.
1. You have a reddit account that you like to use. You like the karma and awards you have collected and can't stop using it. Reddit -> ISP-> your phone that is identified by IMEI and IMSI(SIM). That is your phone. Now they know all the other apps and websites you use too. They can see that you access wickr servers and they can go and ask wickr "This IP at this time, what account?".
MAC address
The MAC address usually does not go past the first hop in the network. With a phone the first hop will be the cell tower of your carrier but it is redundant since IMEI is sent as well. Some cities have free wifi that you sometimes authenticate with a phone number and some require no authentication. They get your MAC. Many ISP have access to the routers of their clients because of default passwords or they do not allow their clients to even access the router and manage it themselves. A MAC address is an issue on monitored networks or if logs are kept.
Physical location of an event
Maybe a package of drugs was dropped off 10 days ago or a handover just happened. Maybe you sold drugs at a club and you were seen leaving at a certain time. Perhaps you killed your drinking buddy in a drunken stupor 2-3 weeks ago. LE can ask Google or the ISP for a geofence warrant that gives them all phones at the location during a certain time period.
Intrusion
Intrusion is the hacking of your phone and that happens after they have identified the device they want to target. It can be done from across the world with no cooperation or authorization from local authorities or you might need to get close (meters with no special gear or a few hundred meters with special gear).
If they have a SIM card in mind then they can initiate the attack from across the world. If they want to compromise your cellular modem and get access that way then they might need the cooperation (voluntary or not) of your ISP to send custom packets that they otherwise couldn't send you.
Can a cellular modem with no SIM be attacked? A no SIM phone should not be visible to the network, it should not send out signals unless calling an emergency service. Could there be a flaw that would allow you to blast out a signal that would be processed by the phone and get you access? If a no SIM modem can authenticate with a network then why can't the network initiate the authentication? It is an active antenna that can and does send out signals, is it listening too? Are some of them listening?
You can be sent a link in an SMS that can compromise your phone. Maybe your SMS app has a flaw that would allow a malformed MMS to compromise it with no user action?
Any app where you can accept messages, voice or video calls or receive files could lead to compromise. App or system updates can be used to gain access.
Bluetooth and wifi are points of intrusion. Vulnerabilities have been found in NFC implementations.
You do not control your phone. Apple and Google do and to some extent any app maker that has apps that you can not uninstall, those will be your carrier, Facebook and phone manufacturer. If you turn off wifi then is it really off? ANOM phones had GPS disabled only visually. Apple nakedsecurity.sophos.com/2017/10/09/iphones-new-off-switch-that-leaves-bluetooth-and-wi-fi-turned-on/
You can mess around with rooting and custom ROMs but some issues remain. It is not easy to make your phone secure and you will probably not go as far as removing the camera, microphones, GPS and all of the wireless hardware except wifi. What you would be left with is an insecure computer that fits in your hand.