(Geo)Location, Location, Location.!! Matt Blaze University of Pennsylvania

Similar documents
LOCATION DATA. Location information from mobile devices is typically obtained using the following:

Electronic Surveillance & Constitutional/Legislative Protections

Mobile Devices. Questions. NCJRL ICAC Webinar Mobile Devices October 25, Don Mason Associate Director, NCJRL. Presenter

Mobile Devices. Objectives. Types of Devices 4/25/2012

It s Too Complicated: How the Internet Upends Katz, Smith, and Electronic Surveillance Law

Strengthening connections today, while building for tomorrow.

WELCOME Mobile Applications Testing. Copyright

Phones & Location. How do abusers misuse phones and location devices? What are survivors telling you? CELL PHONES: SPYING & MONITORING

Call Detail Records The Evidence 10/19/2017. Locating Cell Phones

1/8/2013. Not one, single technology, rather a convergence of several technologies Systems for:

The Cellular Interceptor CC2800 Series

5G From Fixed Wireless Today to Mobility & Transformative Improvements by 2019

Gathering and Using Cell Phone and Location Evidence in Criminal Cases Supplemental Materials

17655: Discussion: The New z/os Interface for the Touch Generation

RapidSOS NG911 Clearinghouse Toolkit for Zetron Customers

2013 National HDT Rally

Workshop #10 Wifi & WhatsApp

The Use of Technology to Enhance Investigation

It s Too Complicated: How the Internet Upends Katz, Smith, and Electronic Surveillance Law

Lecture 20: Future trends in mobile computing. Mythili Vutukuru CS 653 Spring 2014 April 7, Monday

The Case for Secure Communications

How To Setup Bluetooth Iphone 4s Ringtone To Songs As Your >>>CLICK HERE<<<

The Internet of Things. Steven M. Bellovin November 24,

CANNOCK CHASE U3A SCIENCE & TECHNOLOGY GROUP. Mobile Phone Packages, Data, Wifi, SIMs, , Internet, GSM system. May 2016

Technology Safety Quick Tips

> *** Strengths: What are the major reasons to accept the paper? [Be brief.]

Privacy Year in Review: Privacy and VoIP Technology

Broadband PTT for LMR Augmentation

GLOSSARY OF CELLUAR TERMS

Are cordless phones safer than mobile phones?

Making Smart Use of Geo-location Data

Cell Catcher CC1900 3G Target Identifier + IMSI Catcher + Phone Tracking

Instruction How To Use Wifi In Mobile Phone. Signal Booster >>>CLICK HERE<<<

Wireless# Guide to Wireless Communications. Objectives

Lesson 1 Computers and Operating Systems

Instruction For Use Laptop Internet On Mobile Via Wifi Hotspot

How To Setup Bluetooth Iphone 4s Ringtone To Song As Your >>>CLICK HERE<<<

WELCOME Mobile Applications Testing. Copyright

LOCATION ACCURACY QUICK REFERENCE GUIDE: USING VESTA AND THE RAPIDSOS NG911 CLEARINGHOUSE

Mobile Applications 2010

Long Island Broadband Exploratory Committee Public Meeting Notes. Summary of Comments, Questions and Answers Presented at the Meeting

From heterogeneous wireless networks to sustainable efficient ICT infrastructures: How antenna and propagation simulation tools can help?

Los Angeles Hemisphere LAW ENFORCEMENT SENSITIVE

Our Changing Infrastructure

House Republican Policy Committee. April 5, 2018

Building Canada s Advanced Wireless Networks: The Future is Here Meeting with Markham Development Services Committee

T Mobile Manual Contract Phone Deals Not Working

A few weeks ago, I was lucky enough to visit AT&T s Drive Studio in Atlanta.

32nd Annual Precise Time and Time Interval (PTTI) Meeting. Ed Butterline Symmetricom San Jose, CA, USA. Abstract

Mobile Security Fall 2011

Leapfrogging the Infrastructure in Developing Countries

Large-scale Measurements of Wireless Network Behavior

How Do I Manually Lock My Iphone 4s A Hotspot Verizon

Wireless and Mobile Network Investigation

Start Here! wireless phones and devices within your home or small business environment. The 3G MicroCell is secure and can deliver maximum cellular

ExakTime Mobile for iphone

Mobile Communication Device Contract Consolidation for State Agencies. Report to the Joint Legislative Oversight Committee on Information Technology

WIRELESS BROADBAND Supplemental Broadband Solution

The Foundation for a Wireless World.

Easy to connect to internet & browse or listen to music or videos A range of software and programs can be used for home, business, education etc

WHITE PAPER. LTE in Mining. Will it provide the predictability, capacity and speed you need for your mine?

Top Urbanization Trends and Impacts on Communications Networks

"Getting Verizon 3G Service For Only 6 Bucks a Month"

End-to-End QoS in Mobile Networks

Wireless Network Security Spring 2011

Small Cells as a Service rethinking the mobile operator business

WIMAX. WIMAX (Worldwide Interoperability for Microwave Access ): Field of application:

Module 3.1. The Numbers Game - Call Tracking

Demonstration of Remote Wireless Access to a Database for Communicating Water Quality Data

Communications Infrastructure

Cute Tricks with Virtual Memory

A computer program is a set of instructions that causes a computer to perform some kind of action. It isn t the physical parts of a computer like the

Search. Smart. Getting. About

Convergence Everywhere

Digital Forensics, from floppies to the Cloud. Can Darwin win the game of digital evolution?

Home-Mobile. The Cast Devices. The Cast Network Related (2) The Cast Network Related. Voice over IP (VoIP) Dr. Hayden Kwok-Hay So

No required additional monthly fees just use the wireless minutes and data from your existing plan.

5G Separating Hype from Promise

Statement of Chief Richard Beary President of the International Association of Chiefs of Police

Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet

AirMagnet Wireless LAN Design

CELLULAR NETWORKS AND HOW CELLPHONES COMMUNICATE OVER THE NETWORK. by PROF. DR. ERHAN A. İNCE

8 Simple Ways To Free Up Space On Your iphone Without Deleting Photos

WIFI-BASED IMSI CATCHER

Gathering Open Source Intelligence Anonymously Ntrepid Corporation. All rights reserved. PROPRIETARY

T Mobile Manual Contract Sim Only Business

EPUB // OOMA CHANGE VOIC GREETING DOWNLOAD

KIK s GUIDE FOR LAW ENFORCEMENT

AACJ Winter Seminar January 8-9, 2015 Stingray Talk by Daniel Rigmaiden

Wireless Security Background

WHITE PAPER. Bluetooth 4 LE: the only viable solution for next generation payments

LAW ENFORCEMENT AND REGULATORY AGENCY SUPPORT GUIDELINES FOR INFORMATION REQUESTS TO INTELIQUENT

Understanding Carrier Wireless Systems

The Constant Change in Buying a Cell Phone

It s a Smart Phone World

Computers, Society, and the Law. Steven M. Bellovin Department of Computer Science, Columbia University

Introduction to Wireless Networks

Admin Password on the 4G LTE Broadband Router with Voice's display:➊. ➋ Plug the end of the telephone cord that was just removed from the wall jack

Mobile Millennium Using Smartphones as Traffic Sensors

Solution. Imagine... a New World of Authentication.

Transcription:

(Geo)Location, Location, Location!! Matt Blaze University of Pennsylvania

Mobile Devices Computers, but you carry them with you they have lots of sensors (GPS, etc) they transmit (cell, wifi, bluetooth, etc) they rely on services for almost everything Dumb phones, smartphones, tablets, things

How cellphones work (oversimplified edition) Handset is low power 2-way radio with a crappy antenna; you want it to work everywhere max range is a mile or so, depending on terrain Cell carrier has overlapping network of towers ( cell sites ) across service area so that you re usually in range of at least one handset periodically looks for the cell site with the strongest signal (usually nearest) and registers with it

But wait... Cell company wants to economize on towers, build them as far apart as it can get away with to cover service area should be one or two miles apart, right? But radio range isn t the limiting factor high demand limited spectrum So cell sites now must be much closer together than radio range would require especially in urban areas some cell sites serve individual floors of buildings

Radios in your phone Cellular voice and data (EDGE/3G/4G/LTE) announces self to carrier infrastructure WiFi announces self to nearby hotspots Bluetooth announces self to other nearby devices GPS receiver only, unless carrier asks (E911)

What does your phone know about where it is? What cell tower is it registered with accuracy depends on density GPS calculation ~3M accuracy What WiFi hotspots are nearby? Combination of some/all of the above surprisingly accurate

What others learn about where you are Cell company learns the cell sites you register with during the day even when you don t make a call WiFi and BT constantly announce MAC addr to anyone in range address is usually unique & constant for lifetime of handset WiFi location reveals loc to platform provider (Google, Apple) often linked to a user account or unique handset ID Of course, IP addr is revealed to anyone you talk to on net can correlate w/ your location Apps leak god-knows-what to app provider, including location

What about the Government? Intelligence vs Law Enforcement Wholesale vs Targeted Realtime vs Prospective vs Retrospective Call Metadata vs Geolocation vs Content Unilateral vs carrier cooperation Curiosity vs Subpoena vs Warrant

Intelligence Agencies (NSA, etc)

Snowden tells us something here 215 Program ALL call detail records from US telcos, delivered daily may or may not include location; no content Cable tapping program includes content mostly near intl cable landings, but some US traffic Handset malware implants is your phone really off? Some leakage from NSA -> domestic law enforcement

Domestic US Law Enforcement

LE more constrained Limited budgets, need evidence for court Mostly use smaller-scale techniques Call Detail Records Pen Register / Trap & Trace Content Wiretaps E911 pings Tower Dumps StingRay IMSI intercept devices Compromised target handsets But they do get some data from intel (DEA Hemispheres )

Target-based LE Techniques

Call Detail Records Every time you make/receive a voice call or initiate a data connection, the carrier creates a call detail record (CDR) billing record, even if not itemized on bill Time, number called, duration, cell site ID location accuracy depends on cell density records at start & sometimes end of call CDRs maintainted for a while (18 month min)

LE use of CDRs LE agency can request a target s CDRs over some period Requires relevance to investigation May or may not include cell site location unsettled law, different practices by different agencies, courts and carriers Location accuracy depends on cell density can be large or small radius (microcells) Generally limited to call records, not everything telco has Retrospective (you can be targeted after the fact)

Pen Register / Trap & Trace Like a CDR request, but prospective Real time delivery of target s call metadata going forward Similar (low) legal standard as CDR request may or may not include location (unsettled) Uses standard CALEA interfaces more expensive than CDR request

Content Wiretaps ( Title III ) What we think of when we think of wiretap Standard CALEA interface can deliver call content (& SMSs) in real time to law enforcement provisioned by carrier Includes cell site location High legal standard to get ( Title III ) probable cause + other techniques would fail Expensive, requires real time monitoring

E911 pings FCC E911 mandate for high-accuracy phone location capability for 911 callers Uses handset GPS, tower triangulation, etc Can be triggered by carrier, too no 911 call actually required sometimes at law enforcement request

Location-based LE techniques

Tower Dumps Standard carrier service to LE that we know about thanks to 2011 ACLU public records request not widely known, even by some LE agencies LE can request list of all handsets/subscriber accounts that registered with a particular cell site during a particular interval inherently un-targeted, except by location Unsettled legal standard, varies by jurisdiction

StingRays / IMSI catchers Portable device that pretends to be a cell site registers all phones in an area, then drops out used early in investigation to ID target phone Usually no backhaul (so no content collection) Marketed to LE by Harris (older version is TriggerFish ) mostly federal, but also state & local Can be handheld with directional antenna but typically used in a car (bulky & obvious) Unclear what the legal standard is

Intel -> LE trickle down spying Moore s law applies to spying what NSA uses today, the Tucson PD will have tomorrow StingRays will get smaller and cheaper Data collection and analysis gets cheaper Handset malware implants will spread DEA Hemispheres AT&T gave DEA unfettered access to CDRs new phrase: parallel construction

Countermeasures

The Metadata is the Message We have great technology for protecting content (crypto) We have less great technology for protecting metadata This is a great area to be doing research and building tools

What about Tor? Tor is great prevents observer from learning who you re communicating with But: Doesn t work for regular voice calls Doesn t prevent your carrier from learning & logging your access point

Learning from The Wire Burner phones! anonymous account (cash?) changed frequently avoid linking to your old network (hard!) Changing phone changes your ID but change MAC address, too

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback