Comment by h4ck_th3_pl4n3t

Comment by h4ck_th3_pl4n3t 4 days ago

19 replies

View on Hacker News

While I like the sentiment of the article, I think most people are not aware of how hostile baseband firmwares are implemented on most SoCs that phones come with. Usually the cell tower handshakes that make you trackable can't be put off, meaning the modem will run in sleep mode even when you are in airplane mode (which is kinda funny considering the dangers of air travel, right? Right?).

Are there actually smartphones without an IMEI and with a Wi-Fi card only, preferrably not a Broadcom one?

userbinator 14 minutes ago

meaning the modem will run in sleep mode even when you are in airplane mode

AFAIK this is not true at least for the Mediatek 65xx and early 67xx platforms; I've analysed the firmware and hardware on those. They actually power off the modem and rest of the RF system when in airplane mode. The modem only boots up and starts searching for a signal when you take it out of airplane mode, which is why it takes a noticeable time (10-30 seconds, depending on how many bands are enabled) to get a signal. If your phone goes from airplane mode to having a signal and immediately capable of calling, then I suspect it's one where the modem is not truly turned off.

I haven't inspected Broadcom, Qualcomm, or Spreadtrum in any detail to say whether they do things differently.

Are there actually smartphones without an IMEI

Look for a "tablet" or anything else without the word "phone" in it if you just want a touchscreen portable computer. An IMEI is obligatory to connect to cellular networks, in much the same way as a MAC address is to Ethernet and WiFi.

Reply View 0 replies
arendtio an hour ago

As far as I remember, the whole 'turn off your phone on a plane' was just a precautionary measure and is not a real technical problem nowadays.

The risk was that mobile networks could not handle moving many devices from one cell to another at high speeds (during takeoff and landing).

Reply View 3 replies
  • SahAssar 25 minutes ago

    How would that be different for trains? Trains would have similar numbers or more devices, moving at a similar speed (for high speed trains compared to planes at take-off/landing).

    Reply View 1 reply
    • kelnos 18 minutes ago

      I think part of the issue is that cell tower antennas are designed for talking to devices on the ground or at very low altitudes (like those you'd experience in a tall building). So a cell tower's capacity for talking to lots of somethings directly above it, thousands of feet up, is much lower than talking to lots of somethings below it or adjacent to it.

      Reply View 0 replies
  • reaperducer 10 minutes ago

    As far as I remember, the whole 'turn off your phone on a plane' was just a precautionary measure and is not a real technical problem nowadays.

    My memory is that it was necessary at the time when lots of people started taking phones on airplanes because the wiring/navigation wasn't shielded against a transmitter that might be actually inside the aircraft.

    Since then, plane electronics are better insulated making it less of a problem.

    Reply View 0 replies
reaperducer 9 minutes ago

Are there actually smartphones without an IMEI and with a Wi-Fi card only, preferrably not a Broadcom one?

Maybe an old iPod Touch that can still run a VOIP program?

Reply View 0 replies
KeybInterrupt 3 days ago

You might be looking for an android based Media player device.

But they are likely not ideal for the use case...

Reply View 0 replies
madethemcry 3 days ago

Can you please give any sources? While it sounds plausible and interesting it's nothing more than a wild conspiracy theory without some background information.

Reply View 11 replies
  • h4ck_th3_pl4n3t 3 days ago

    Buy a broadcom smartphone. Turn bluetooth off, and set it to airplane mode. Then Bluepwn your device, with bluetooth turned off.

    Funny how airplane mode didn't work.

    That's just one of the quirks. Baseband and what qualcomm is tracking is way worse.

    I recommend buying an old Motorola Calypso device and fiddling with osmocomBB, you can DIY an IMSI catcher pretty easily. And you'll be mind blown how many class0 SMS you'll receive per day, just for tracking you. Back in the days you could track people's phones remotely but the popularity of HushSMS and other tools made cell providers block class0 SMS not sent by themselves.

    This wiki article is a nice overview: https://github.com/CellularPrivacy/Android-IMSI-Catcher-Dete...

    Reply View 2 replies
    • kelnos 16 minutes ago

      Saying more words and then linking to a page from an IMSI catcher's wiki (where it doesn't talk about radio on/off states) isn't exactly "providing sources".

      Reply View 0 replies
    • mjg59 14 minutes ago

      You made the assertion that basebands remain in contact with towers even in airplane mode, and so can be tracked. Someone asked for supporting evidence for that claim. You've responded with examples and links to different issues. It's a fairly extraordinary claim (it's not one I'd heard before - it's clear that other radios may remain alive for various purposes even when airplane mode is switched on, given that you can use wifi and bluetooth on planes, but you're the first person I've heard make this claim about the cellular radio), and you haven't provided any evidence to back it up at all.

      Reply View 0 replies
  • aja12 3 days ago

    Baseband SoC running their own OS independent from Android/iOS and staying asleep (while still listening for incoming signals) is very much no longer in conspiracy theory territory and more an established fact now. I don't have the source at hand but it's in one of the standards. And the purpose is very clear: LEA like Interpol must be able to locate any IMEI at any point if in tower range, regardless of the power state of the "main" OS

    Reply View 7 replies
    • dahart 2 minutes ago

      I don’t doubt SoCs have their own micro-OS, but I too would love to see a reliable source showing phones connect to towers when powered off. Wouldn’t this, at a minimum, violate FAA/EASA rules? Google tells me the cellular radio in an iPhone has no power when in airplane mode or when off.

      Reply View 0 replies
    • escaine 2 hours ago

      Surely this is really easy to prove by putting a phone into an anechoic chamber and using a spectrum analyser to show that it's still TXing?

      Reply View 1 reply
      • joha4270 25 minutes ago

        The phone isn't going to connect to a tower it cannot see.

        It can't just scream out into the void and hope a tower picks it up, it needs a few pieces of timing information & cell configuration beforehand.

        Reply View 0 replies
    • pdesi 3 days ago

      Even in airplane mode?

      Reply View 3 replies
      • h4ck_th3_pl4n3t 3 days ago

        I dare you to do the following:

        Charge phone to full 100%. Turn it off.

        Put it into a faraday cage, e.g. a steel box, for 7 days.

        Take it out again and wonder why the battery is empty.

        (The faraday cage has the effect of making the modem have to switch bands constantly, which costs more electricity than sleep mode in LTE)

        Reply View 1 reply
        • kelnos 14 minutes ago

          It would still be simpler for you to link to a credible source. A bit strange that you seem uninterested in doing so, and prefer to tell people to do their own experiments, in this case one that requires an extra phone and a week of time.

          Reply View 0 replies
      • [removed] 3 days ago
        [deleted]
        Reply View 0 replies