Feeds

Mobile networks: the state's new bloodhounds?

Dial L for location

High performance access to file storage

And what about the handset?

If the handset is a smartphone, it could be using GPS to record your location, along with the time, and sending it off to who-knows-where over a data connection without the network operator, or you, being any the wiser.

Of course, getting the GPS to work when the phone is in your pocket won't be easy, so that's not a big concern unless your phone is labelled i-Kids in large friendly letters.

The handset does know the name of the local cell tower, which in Germany is usefully set to the tower's longitude and latitude (at least on O2's network), but elsewhere the spy will need to convert tower name to location , though that's not difficult.

A smartphone application which logs cell towers and sends that data over the mobile network wouldn't be too hard to write, and could easily be invisible to the user once installed.

Turning the handset off will prevent any information being created or logged, assuming the handset isn't just pretending to be turned off. Such handsets are available from various spy supply stores. Though these are generally used for recording and transmitting voice, they would work equally well tracking people.

The art of tracking

All network operators store where you've been for at least 12 months, but getting at that information costs money.

If you fall into the master criminal category a police officer might want to know if you really were in that club at that time, and can make a request to his SPOC (Single Point Of Contact, nothing to do with rubber ears or silly accents) to get the data out of your service provider.

The SPOC is responsible for dealing with all aspects of the RIPA, but location requests on mobile phones are pretty commonplace, with a large force handling hundreds a day. This number has been going up over the last couple of years as coppers get familiar with what they can, and can't, find out.

The requests are supposed to be pretty detailed: "Where was this phone at this time", rather than "What were the movements of this person over the period of a month or two", and it's up to the SPOC to ensure requests are necessary, proportionate, and lawful (as specified by RIPA). Any additional information that turns up, outside what was requested, is supposed to be discarded.

This isn't to say that any copper can just call up the SPOC when they feel like it. A typical request must be authorised by an inspector and will take a couple of days to complete. When the data is needed urgently, such as tracking an at-risk missing person, a Superintendent can give verbal permission and the data turns up faster, but that costs a lot more.

Mobile operators are only supposed to charge enough to cover their expenses, but as each network has different systems they all charge different amounts and have different ideas about how important the information is. Certainly, they charge enough to make police think twice before making an information request, which is no bad thing, but some operators also refuse to provide data they can't deliver within a few days - so you might get lucky if you choose a network operator with particularly errant computer systems.

SANS - Survey on application security programs

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
Turnbull gave NBN Co NO RULES to plan blackspot upgrades
NBN Co faces huge future Telstra bills and reduces fibre footprint
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.