Dutch tabloid De Telegraaf reports that 12 Somalis picked up in Amsterdam over Christmas were located using secret SMS messages, apparently bouncing back their GPS coordinates for the authorities. The 12 suspects were arrested on Christmas eve following a tip-off that they were planning some sort of terrorist attack, but now De …
The network will already know which base station(s) the handset is associated with, for routing purposes - but that's a lot less specific than GPS would give. The network might know that all three cell members are currently connecting through, say, "Amsterdam Tower 3" - but does that meet they are meeting up, or are they a mile apart in the same general area? It's a world apart from knowing they are currently in the back of a particular cafe right now, or tracking a cell member to the particular lockup where he's stashed the explosives.
Re: Knowing Location
It's much more accurate than this. You can easily be pinpointed using triangulation calculating your position from 3 cells. Signal strength will determine the distance from a mast and 3 masts will pretty much give your exact location.
What's much worse is that Echelon based at RAF Menwith Hill can and does listen in to mobile handsets. They do this as a matter of principle and if they choose, and your mobile is switched on, can silently listen in when you're not making a call - so if your mobile is in your pocket and powered up, they can listen in to your conversations without you ever knowing.
In the back of a a particular cafe?
It will probably not be possible to get a GPS fix anyway.
Re: listen in at any time when not on a call?
Re: GPS Fix
This is exactly how the Russians managed to pinpoint and drop a missile on a Chechen separatist leader several years ago, through the location revealed when he turned his phone on.
You think not? You seriously think it's not possible to make a silent call to your phone and listen in to the handset? I think you really need to do a bit of reading on the matter - this has been common knowledge for longer than I care to remember.
Close but no cigar
The precision with which the network knows the location depends if the handset is active or not.
If the handset is not active it "thinks" that it is the in the paging area where it last showed itself.
If the handset is active the network knows timing advance and a few stats of what the handset thinks about the closest towers. This allows to locate the handset down to tens of meters for networks which do not use distributed antenna systems. The ones that do (One2One/T-mob in the UK used to use that a lot) give readings that are way off.
So all the network needed to do is to page the handset. That is not a silent SMS message and that functionality is already inherent in the GSM standard.
3G is slightly different because of differences at L1/L2 but you can do that with 3G as well.
The fact that the Dutch police has awoken to the possibility is funny because it is something which other countries use all the time.
Not so much "silent"
as control or status messages. After all, that's what the channel used by SMS is used for when it's not transferring SMS. And how do you think emergency services get your handset location when you call them?
//Mine's the one with the battery in one pocket and the battery-less mobile in the other
Erm ... the GSM system knows where you are to within a Location Area, but GPS can tell where you are to within a couple of feet. Which do you think is more useful to the police?
The GSM signal can be triangulated between base stations and works indoors. GPS gives a more accurate trinabulation, as long as you have a clear line of sight to a sufficient number of satellites. In a built-up area, this can be a problem in the 'canyons' between buildings.
GSM trinagulation can be done in real-time (AFAIK). Although the phone can position itself in real time using GPS, the method of using GSM text messages to communicate that data means that it is unlikely to be received immediately by the recipient. SMS messages typically take in the order of several seconds to several minutes to cross the network, sometimes longer (think New Years Eve). Of course, these control messages which are sent over the SMS channel may have much shorter latency. Does anyone here know the technical details?
All in all, it really is a matter of 'horses for courses'. If you wanted to track someone in the middle of a city, GSM triangulation would likely give a better result than GPS. In the middle of nowhere with fewer base stations and a clear line of sight to GPS satellites, that is going to give you a far more accurate fix. Also, bear in mind that many people turn off the GPS on their phones when not in use as it drains the battery...
The one more useful to the police is the one available to them. Oh, and gsm is slightly better than that.
What we are missing...
...is whether any given handset is ABLE to provide GPS data via such a silent message. Personally, this strikes me as CSI "switch on a phone that's off remotely" science fiction, but I don't build phones for a living...
GSM triangulation in real-time...
...is indeed available. I used to work in an office a few yards from what was Trisent Communication, and the demos were pretty impressive. The service was able to pinpoint my mobile to within 5' indoors, while the GPS in the car was accurate to 5m, and was sod-all use without a clear view of the sky! If it wasn't for the fact that the service was so expensive, and the only way to find the results of the triangulation was from the website, I'd have replaced my GPS.
More useful to the police?
1. A technology that has existed since the dawn of GSM, is supported irrelevant of the handset or operator, and cannot alert the user? As described elsewhere in these comments, it provides much better accuracy than you think.
2. A technology only featured on the latest handsets, which comprise a small percentage of all phones in use, which depends on being able to see a large amount of sky for 30 seconds or more to getafix.
Does that help to answer your question?
Also, the use of silent SMS/GPS would theoretically be detectable by the user or by software on the handset itself.
I don't know why anyone is surprised by this. I mean, the ability of security services to track phones using GSM has been well-known for decades and has featured in many films etc. Talking about 'silent SMS' and GPS is just FUD.
Time for some good old pedantry
Algemene Inlichtingen- en Veiligheidsdienst (AIVD) literally translates to "General Intelligence and Security Service", and a quick look-up on wikipedia (purely for reference, of course) would have told you that. It's the Dutch non-military spooks, though they by no means have a monopoly on snooping and such. Not counting them, the Dutch police already snoop more than anyone else in Europe already.
It's not the AIVD that did the sneaky texting thing, but the national crime squad, on verbal(!) AG say-so. What happened was that the AIVD rang the alarm bells at the police's, fingering the somalis, and then the police located and arrested the somali bunch. The significance is that the only mention so far of these "stealth-texts" is in the as-of-yet secret dossier on those somalis. As in, this is method is new to the police.
Methinks this is or is based on the old "flash-sms ping" trick, that is at least a decade old. If texts were indeed involved and this isn't a misrepresentation in the dossier. Why the police resorted to that instead of fishing the data out of the telco's databases, which they're indeed allowed to do, have special interconnects to do it with and they do like trawling in databases quite an uncomfortable lot, has probably something to do with lines of communication, speed and length thereof. Of course, nobody really knows what happened and imagination is running wild. "Just what are they up to now?"
Which is, of course, always a valid question, current sudden and immediate interest due to dawning understanding of scope and scale notwithstanding.
Confusion over GPS???
I wonder if this is the usual confusion of GPS with cell triangulation.
Despite what some americans think, not all phones include GPS.
It would be much easier, and handset-agnostic, if they simply said to the telco "we'd like the location of xyz phone at abc exact time"... the telco would turn round and say that they can only provide a fix if there is some RF traffic at the time, to which plod decides to force some traffic without alerting the crooks by use of silent SMS pings.
Telco then triangulates the position and informs plod.
cell triangulation is a lot more accurate than "within this cell's coverage" - it pinpoints the sector (antenna) on the cell in use and factors in any other cells that can hear the phone, easily giving enough information to track users (generally to within ~30m)
Suddenly sales of RF Shields increase by 1000%
to the 'bad guys'.
It is a lot easier to just switch the phone off and put it in a little metal box than have to go to the troulbe of removing the battery.
BB for obvious reasons.
The title is required, and must contain letters and/or digits.
And how exactly would an Android GSM phone stop the network from being able to triangulate your position from the local cell towers?
Re: The title is required, and must contain letters and/or digits
It wouldn't stop them triangulating, but as already discussed, this is not particularly accurate and needs a signal from multiple masts. I regularly find myself having problems getting a reliable signal from one, let alone three.
My comment was aimed at the hidden message which gets the GPS to report back. With open source there is nowhere for it to hide!
Pre-pay SIM unregistered
....try tracking a phone with no registered user.
Re: no registered user?
What? Try thinking through your reasoning, mister.
so next time
i do something nasty, i better turn off my phone.
localizing someone through the GSM network has been possible for as long as i can remember, why my fellow countrymen suddenly think this is a big deal is beyond me.
Accuracy as shown by Apple's Find My iPhone system
You can see the relative accuracy using Apple's Find My iPhone system:
The initial fix of an iPhone is based on network information. As I have witnessed, it's either within several hundred meters, or sometimes off by many km (YMMV). Then, after a minute or so, after the 'lost' iPhone in question gets its GPS up and running, the location is suddenly correct and accurate to within about 10m or so (YMMV). They even provide helpful circles showing what they think is the relative accuracy.
I still don't know why they're off by many miles sometimes with the initial network fix.
On my phone, I installed some software called Track&Protect. Its there so that, in the event my phone is lost or stolen, I can try and track it down. Sending it a silent SMS message is exactly how it works, and in return it fires up the phones GPS (and other) location systems. The web interface for this will attempt to show me the location of the phone on the map - and will be as accurate as the GPS and other location services on the phone happen to be. So if its a stolen phone, and the perp is outside with a clear sky, chances are I'll have him nailed to within metres.
Other things I can cause the phone to do are use the front or rear facing cams. Using the front one might get me a pic. of the perp.
I can also lock the phone, with or without alarm - and trust me - if I set the alarm off the perp will know about it.
If none of this gets me my phone back, I can remotely wipe it so that at least the swine can't annoy my contacts.
Oh yes, in order to remove T&P from the phone, you need to know the pass code. The perp will also need it in order to add any software they might want to try and add.
So, stuff what the security services might be able to do, I can do most of that myself, to my own phone, from any convenient web browser. But only to my own phone of course.
Or send a text to
The contact called Mum to let her know that one of her offspring has lost its phone and where they can collect the phone from.
Finding those elusive cell phones
There are two major kinds of cell phone location technologies - the US FCC has different accuracy requirements for them . For “network-based” technologies, accuracy must be within 100 metres for 67% of calls, 300 metres for 95% of calls; for “handset-based” technologies, within 50 metres for 67% of calls, 150 metres for 95% of calls. The remaining 5% of calls are handled on a “best efforts” basis.
“Network-based” refers to, usually, Time Difference of Arrival (TDOA) – a carrier has receivers located at cell towers and determines a cell phone location by processing the signals received from that cell phone, which locates wireless phones by comparing the time it takes a mobile station's radio signal to reach several location measurement units (LMUs) installed at an operator's base stations. One advantage is that the technology works with legacy handsets, but the drawback is that it doesn't always work well in rural areas where there are fewer base stations and towers to measure a signal.
“Handset-based” generally refers to a cell phone with built-in Global Positioning System (GPS) receiver – it calculates its own location by receiving transmissions from at least three GPS satellites.
CDMA operators opted for handset-based location technology based on global position system (GPS) technology using satellites to determine the location of a handset. This offers greater accuracy but can't pinpoint callers indoors — because the signal is too weak — and is ill suited in the urban canyons common to cities.
Most of the GPS technologies currently deployed include a fall back to Advanced Forward Lateral Triangulation (AFLT) or Assisted GPS (A-GPS) technology to achieve better accuracy. Accuracy rules require these handset-based systems to provide accuracy within 150 metres for 95% of the calls and 50 metres for 67% of calls. A-GPS also is used on WCDMA networks.
There is also another technology from Rosum Corporation (www.rosum.com) who is exploring TV-GPS, a system that combines television signals with global positioning satellite (GPS) technology for tracking assets/people right to places where GPS alone can't go, such as in the high-rise “canyons” of urban centres and even inside buildings and garages.
Location Technologies include:
E-CID - Enhanced Cell-ID (500-1000 metres depending on cell-site density)
Derives additional timing advance and power measurements from the wireless network.
A-GPS - Assisted Global Positioning System (>30 metres)
Uses modified handsets that contain a GPS receiver and a special network server to assist in location calculation.
Uplink Time Difference of Arrival (>50 metres)
Uses low-cost location measurement units installed in the operators' base stations to precisely calculate location using trilateration (aka Lateral Triangulation).
AOA - Angle of Arrival (100-500 metres)
Uses two or more antennas with multiple element arrays, allowing the exact location of each AOA element to be calculated precisely.
Links: < www.gps-practice-and-fun.com/a-gps.html >, < www.911dispatch.com/911/wireless911.html >.
In the States the FBI can also use credit card transactions in REAL TIME. Cash remains king (or queen).
Suspicious people can always have their cell GPS receiver disconnected - a -minute operation at any cell service centre. Emergency calls can also be made when the SIM is removed or a cell is not in their providers area.
Just an observation...
The author of the article seemed to indicate that it would have made just as much sense for the law enforcement agency to ask the network operator to tell them where the phones were. However, if you want to minimize the number of people that know about your pursuit of x person then performing the location internally makes a lot of sense. (As an example, they might have concerns along the lines of "what if someone within the network operator's organization has been paid to let x know if someone inquires about them).
I think if you have a mobile phone on your person, you are at risk of being located. For the gentleman who suggested cash purchase of an unregistered SIM - the assumption in your statement is that no one you've given the number to (or that you have called) has ratted your number out. So, you better make that a number of cash SIM purchases for one shot use.
I'm just ecstatic
someone has finally realised the truth and called the Telegraaf a tabloid.
Phone, sim & battery should be kept in separate pockets, only being reassembled when messages need to be sent.
heh.. this is why the "Bad Guy" smashed his phone after learning of the trace.
On the flip side, I just came up with an evil workaround involving lasers, which relocates all the 'phone signals to an undetectable (when turned off!) "Phone Throwie" (tm) located on a convenient line of sight road sign.
AC, because when the real MI6 catch up with him he will probably be relocated to Area 51...
Only intelligence services?
Only duly authorized law enforcement will be given access to network location data. But what limits are there on who can originate these invisible SMS messages?
Its one thing to have the cops following me around. But the wife being able to track me to my GFs apartment. Now that's frightening!
Paris, because that will be a popular location.
If you are tracking someone then you try to get their location information in real time. A silent SMS is pretty good at providing adequate ball-park. Texting the operator is hopeless. You'd need to be in direct contact for constant updates.
This is a good argument in favour of using old kit. One of my cell phones couldn't respond to that kind of message. In fact it would probably lock up.
All your data
are belong to us!