Privacy is tough

Very interesting stuff:

The signals produced by smartphones turn out to be so identifiable that it may never be possible to use one anonymously. Even basic privacy may be difficult to achieve.

Despite all the standardization and quality control that go into accelerometers and other sensors built into smartphones, each sensor contains enough tiny, unique imperfections to identify, not only the physical component, but also the data it records, researchers from the University of Illinois, the University of South Carolina, and Zhejiang University report.

“Even if you erase the app in the phone, or even erase and reinstall all software the fingerprint still stays inherent,” Romit Roy Choudhury, the UI associate professor of electrical engineering and computer science who led the team, said in a press release. “That’s a serious threat.”

By analyzing data from the accelerometers from more than 100 devices, the team was able to determine that tiny differences in the data recorded by the accelerometers were unique to the sensor itself, rather than reflecting flaws or differences in materials or environment from a particular plant of production line.

It’s not even necessary to get that specific or interact that much with one smartphone to identify it as unique. In June 2013, researchers at Technical University of Dresden published a paper that said variations in the performance of the power amplifiers, oscillators, signal mixers, and other components of a cellphone radio transmitter leave patterns in the analog radio signal that become a uniquely identifiable pattern of errors after the signal is converted from analog to digital.

That makes it possible to identify and track individual phones passively by their radio “fingerprints” without doing anything but listen to it, and to identify a specific phone even if the SIM card has been replaced or its unique identifying numbers have been altered, according to Jakob Hasse, lead researcher for the paper, which was presented at an ACM Workshop.

“Our method does not send anything to the mobile phones. It works completely passively and just listens to the ongoing transmissions of a mobile phone — it cannot be detected,” Hasse told New Scientist.

I forget who and when I was telling the following story to recently but it is my understanding that during the Vietnam war we had technology that could hear the radio emissions from the ignition systems from trucks many miles away. And because of variations in the ignition systems, such as worn spark plugs, dirty points, etc. the operators of that equipment learned to identify individual trucks.

I think the lesson to be learned is that if you leak electromagnetic radiation you can be tracked.

13 thoughts on “Privacy is tough

  1. “I think the lesson to be learned is that if you leak electromagnetic radiation you can be tracked.”

    Yup. I remember discussions of the same nature some 20 years ago in the ham radio circles– An individual transmitter could be identified by its unique spurious emissions, or flaws in the waveform. Analog, digital, tube or transistor, it doesn’t matter. Also, by the time of W.W. II it was known that true “radio silence” meant no listening as well as no transmitting, being that a receiver generates RF noise of its own.

    During his work in California before coming to Idaho, Lance Haserot said he worked on a project in which they recorded the entire commercial AM band on tape. This was decades ago. The challenge was to build a tape recorder with frequency response in the 0.5 to 1.6 MHz range. The result was that you could play back the tape into a small antenna and use an AM receiver to tune through the band and listen to everything that had been transmitted that day. An analog version of Google Cache if you will, on magnetic tape. I suppose now there is the technology to record and store the entire usable RF spectrum full time, from multiple stations, which would mean that not only can you be tracked today or tomorrow, but in theory at least, someone could go back and find you and your movements in the past, just from the RF emissions, not counting actual ping data, call histories and such, much in the same way you leave DNA evidence, but longer lasting.

    Playing with an umpteen thousand dollar spectrum analyzer some years ago was by itself an eye-opener. We could look at huge swaths of the RF spectrum at once, or zoom in and see the spurs on various transmitters. An order of magnitude better resolution and sensitivity, with some directional information and the ability to record it all, and there you pretty much have it. Spread spectrum complicates things a bit however. For now. I don’t know, since I’ve been pretty well out of the loop for a while.

    For every measure there at least several counter measures. Huge databases (very powerful) tend to have a large number of people with access to them (high vulnerability). Iron door, grass hut. And just because you had a particular device yesterday doesn’t mean you have that same device today. Track it all you want, I’m not there with it. I borrowed my buddy’s phone, who got it from Bob, who got it from Bill, then I lost it when my canoe tipped over in the river and I haven’t seen my buddy since he took off for Cancun. That bastard.

    • Re “I suppose now there is the technology to record and store the entire usable RF spectrum full time”. Definitely. Depending on what you mean by “entire” it might even be trivial. For example, real time recording of the whole AM broadcast band is doable by any amateur with an investment of a few thousand dollars, using standard commercially available SDR (software defined radio) technology. If you want to record more than 30 MHz or so of bandwidth at a shot, it would get trickier. But still, with standard commercial equipment and storage devices, slicing the spectrum into, say, 100 MHz slices, you can go as high as you want. So recording a fair distance up into the microwave region, say to 10 GHz, would take just 100 of those devices. Too expensive for amateurs, but trivial for three letter agencies.

  2. Interesting.
    Somewhat related though different: there was a paper I read about 6 months ago describing how to extract RSA encryption keys from computers and cell phones by listening to the sounds they make while doing the encryption calculations. It sounds unbelievable, but the authors are top authorities in the field and they actually demonstrated the process at work.
    There exist software workarounds for this, and the article gives some hints about that.
    Yet another fascinating article from a year or two ago described how to decipher encrypted voice communication (like Skype) by the data patterns, without any need to figure out the encryption key. That too is solvable.
    All this goes to show that security is really hard, and any system that’s designed will only get weaker over time. It also shows that you have to beware of “security” machinery designed by people who are not experts. There are some classic horror stories: the “encryption” used in WEP, and the secret encryption algorithm A4 invented for one of the cell phone standards, are examples of ignorant people making a botch of things.

  3. Maxim #33. If you’re leaving tracks, you’re being followed. — The Seventy Maxims of Maximally Effective Mercenaries.

  4. Pingback: Monday Gun News | Shall Not Be Questioned

  5. In the1st Gulf War, the Boeing 707 based JSTARS aircraft kept close tabs on all sorts of vehicle movements, by tracking their various electronic signals.

    No doubt, that technology has been continually updated since then.


    Sunk New Dawn
    Galveston, TX

  6. A couple of things:

    Yes, receivers radiate, but not very much. Detecting that radiation from any significant distance is tough (ie., more than a couple hundred yards). It was easier back in the days of regenerative and direct conversion receivers, less so today with modern superhets in an environment where there are a number of them likely to be on at the same time.

    Also, if you radiate, you can be DF’ed. There are ways to minimize the danger there, but it’s always a possibility.

    No computer is completely secure. They don’t have to break your whiz-bang super-4096 RSA crap if they can read the plaintext from your machine. Pencil and paper encryption, while slower (obviously), is ironically more secure: Once you burn the paper completely, they have to break it cryptanalytically (or use the proverbial $5 wrench). There are a number of different ways to encrypt manually that are hard enough to resist even the NSA, and the one guaranteed to be completely unbreakable when used properly, the one time pad, is really only secure when done manually.

    But yeah, don’t use a computerized device to communicate. If you use a radio, move once you’ve transmitted to a different location if possible. Use the minimum amount of power necessary. If you are communicating with someone within 300 miles, consider using NVIS (Near Vertical Incidence Skywave) techniques: It’s harder to DF that outside of the ground-wave range. Change callsigns, frequencies, and schedules on a regular basis, and don’t repeat them. Make new ones up as needed. Either encrypt completely, or don’t encrypt at all. Simple one-time codes can be useful for short-term use.

    /Ex SIGINT Weenie.
    //Google “ditty bopper” to see what I used to do.
    ///Didadidit, to Hell with it.

  7. What, signature analysis is a new thing? If it emits, it can be identified. On the other hand, like rifling and tool marks, a little work can change the signature.

    • This is true especially with older tube radios. Swapping the driver and final tubes of transmitters will result in new signatures that are unique. This is facilitated by the fact that tubes generally were in sockets for easy replacement instead of being soldered in place. Relatively quick job for

      With modern transmitters using transistors, and surface-mount parts, it’s not really an option.

Comments are closed.