this post was submitted on 28 Apr 2024
388 points (83.4% liked)

Technology

59669 readers
2928 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] dhork@lemmy.world 5 points 7 months ago (2 children)

It can be used, even while powered off, to track and surveil you.

How? The only legit thing I can think of is if they are tracking you anyway, and then they see your phone is turned off, they might try to claim that you must be up to something. But they won't be able to track it while it's off.

[–] masterofn001@lemmy.ca 10 points 7 months ago (1 children)

If you can't take out the battery, it's never actually off.

[–] dhork@lemmy.world 2 points 7 months ago (1 children)

That's not quite how it works, though. These devices are basically mini computers now, there's a limit to what they can do without fully booting. Devices that are plugged into the wall might be likely to retain some power-draining function while plugged in, but there's only so much you can do on a trickle charge while a phone is powered off.

[–] Aceticon@lemmy.world 4 points 7 months ago* (last edited 7 months ago) (1 children)

They're still running in low power mode and can wakeup from the network so they can absolutelly be made to "boot up" without turning the screen on and you being aware of it.

This is not like a bloody PC were the lights turn on and you can hear the fans when the thing starts, it's a machine with a low power mode in which it can already do a lot and which can be brought to a high power mode if needed without there being any visible or audible side-effects to alert the user.

Unless you completelly cut it off from power (by taking the battery out, which you can't in most modern smartphones) that smartphone with the lights off, the screen off and making no sound at all can just as easilly be in low power mode waiting for you to press the On button, as it can be in full power mode with a mobile network connection active, accessing the microphone and the GPS microchip and sending that data out, and both will look exactly the same from the outside.

[–] dhork@lemmy.world 1 points 7 months ago (1 children)

I think you are overestimating what these devices can do when turned off, specifically when whoever is doing the tracking wants to be covert. Devices like Cellular Radios and GPS chipsets are getting more efficient every year, but they still consume enough power that it would be noticed if they came on by themselves even if the device was off.

[–] Aceticon@lemmy.world 1 points 7 months ago* (last edited 7 months ago) (1 children)

I have an EE degree and have actually done work with embedded systems, including GPS.

The peak consumption of things like GPS is maybe 100 milliamps, with the average being in the tens of milliamps.

The wireless networking stuff is similarly frugal.

Further, stuff like encoding of audio is all done on the hardware and very efficient so even voice capture and encoding to send over the network isn't processor intensive.

Further, the CPUs on those things are ARM designs or equivalent, specifically crafted for low consumption and which have tons of tricks to avoid spending even a mW extra of power if it's not needed (basically the CPU will tend to activate only the bits it needs and use only the resources it needs to accomplish the operations its running, so it's almost never running at peak consumption).

The really big power consumption in modern smartphones is the screen and from very high GPU/CPU usage in things like games.

I think you seriously overestimate the similarity between modern portable devices design to operate from quite small batteries and things like desktop Personal Computers which are designed to operate from mains power.

If all they're doing is sending your GPS position out over the netweork every couple of minutes you won't notice that the battery has drained a tiny bit faster than expected even if you keep a keen eye on consumption because so little power is used to run just that part of the functionality.

[–] dhork@lemmy.world 2 points 7 months ago (1 children)

Doesn't a modern smartphone have something like a 4000 mAH battery? And that lasts most people all day with room to spare? Even 100 mA every few minutes will get noticed, if someone has their phone off and expecting consumption to stay minimal.

And that's the key thing here, you're not just building a tracking platform but you are building it into commodity phone hardware without the users consent, and without them noticing. Any phone that burns that much power while off would likely get replaced by the user. Do you think the phone vendors are in on it?

[–] Aceticon@lemmy.world 2 points 7 months ago* (last edited 7 months ago) (1 children)

It's not 100mA every few minutes, it's 100mA when calibrating from scratch with no satellites known.

I looked it up and the consumption when in normal use is around 30mA, which would mean that, say, if it took 10 seconds (probably a lot more than needed if you're not travelling) every 5 minutes - which adds up to 120 seconds @ 30mA per hour - that would consume 1mA/h (PS: by pure absolute chance my numbers ended yielding a result of 1 ;)), which is 0.025% of that battery per hour. If you're lucky, in the phone screen were one would be visualizing the graph for the battery power charge over time that would make the line fall 1 pixel.

It really is a whole other world out there in the embedded and low power systems domain.

[–] dhork@lemmy.world 1 points 7 months ago (1 children)

In order to not "start from scratch", though, you will need to save some state persistently about your location (and the location of the satellites), which will cost power. Then you go in a building and lose all your signal, while still burning power to maintain that old state.

If it was that easy and cheap in terms of power, AirTags would have GPS receivers. They don't.

[–] Aceticon@lemmy.world 1 points 7 months ago (1 children)

Flash memory preserves data without using any power at all. Ditto EEPROM. Both present in even the most basic of embedded processing cores (and the GPS protocol is implemented on those)

You need to move quite the distance for a GPS device to need to change just one satellite, much less all 3 and it doesn't matter if you've been underground or not as the thing will just try first the ones in its memory and unless you travelled hundreds of km underground, it's still going to be the same 3 satellites.

Last but not least, AirTags use CR2032 batteries with a capacity of around 200mA/h - 1/20th of a mobile phone one - and that charge is supposed to last for years between battery changes, not a mere few days until the next time the phone is charged. The power consumption of an AirTag must be thousands or even tens of thousands of times lower than what we've been talking about, in the order of nano-amperes not tens of milliamperes.

You're clearly clinging on to that pre-conception of yours for reasons other than logic, and you keep on inventing wild theories based on zero domain knowledge, to try and justify that beloved pre-conception of your, so I'll leave you to it since this feels like trying to explain that the Earth is roughly spherical to a Flat Earth believer.

[–] dhork@lemmy.world 0 points 7 months ago* (last edited 7 months ago) (1 children)

You seem to be the one going through mental gymastics to justify why the button might not just turn the thing off. Sometimes they're not out to get you, you know.

These phones cram oodles of stuff into a tiny space ~~at super low margins~~ , and are perfectly good at spying on their users when turned on. There's no reason for them to spend any extra effort to spy when they're turned off, for the .01% of people who turn their phones off regularly.

The margins aren't as low as I thought, but they still aren't giving any money away on their BOMs....

[–] Aceticon@lemmy.world 1 points 7 months ago* (last edited 7 months ago)

Let me explain this in a very very simple way: buttons which are not literally mechanical switches that physically connect and disconnect from power require that at least some of the circuitry to be alive because they're capacitive contacts, a technique which requires some power and some logic to detect that the button has been pushed.

So even shitty shit $0.12 microcontrollers often come with support this stuff, so that they can generate a hardware interrupt in the microcontroller to wake it up when a user presses one such soft button to power on a device.

Beyond this, in order to support something as simple as wakeup from the network side - for example, to support Find My Phone functionality - even $3 microcontrollers (not microprocessors, microcontrollers, their cheap cousins with puny computing power) have features such as programmable secondary low power cores that consume tiny amounts of power.

Even this "advanced" stuff doesn't add cents to BOMs, it only adds tiny amount of extra surface on vastly more complex microchips, which translates to at most tenths of a cent of extra cost because this stuff isn't supposed to be decoding videos or running some social media user interface (or any user interface), it's just running small simple programs which might use a few peripherals configured to remain active in low power mode (and those can be network related) to listen for certain conditions and decide if it should wake the main cores up or not.

The functionality isn't there in the hardware because they added it to facilitate spying, it's there because that's just the direction the technology evolved in the last 2 decades - soft buttons instead of mechanical ones, some amount of always on functionality for fast start, support for convenience features for users, that require some kind of wake up from the network side or merelly because microprocessor or SoC makers add everything and the kitchen sink to their designs to try an make that chip usefull for the broadest list of use cased possible (it's quite insane the amount of stuff built-in in even the cheaper of the the current generation of SoCs) so that those chips are used in more devices and get sold more.

But it gets better: none of this is necessary:

  • Hacked phones just simulate shutdown. They don't even go into low power mode, they just show the user a fake shutdown animation and keep on running at full power.

Now, maybe somebody who has never been involved in Politics, or Demonstrations, or Strikes can go around with total confidence that their phone ins't hacked, but if you're anywhere close to the organisers of the kind of public demonstration that can snowball into to the current POTUS losing an election, don't assume your phone hasn't been hacked (which can be done remotelly) and that turning it off in the soft button marked power when you go into a meeting with other organisers has actually in fact fully turned it off in a way that makes sure it isn't spying on that meeting.

[–] merde@sh.itjust.works 1 points 7 months ago* (last edited 7 months ago) (1 children)

let's put aside everything @Aceticon@lemmy.world wrote you; if the French state was trying to legalize exactly this, it must be possible: la validation pure et simple de l’activation à distance des fonctions de géolocalisation de téléphone et autres objets connectés (voiture, balises airtag, montre etc) qui repose exactement sur le même procédé technique que le dispositif censuré : la compromission d’un périphérique, en y accédant directement ou par l’intermédiaire d’un logiciel espion pour en prendre le contrôle à distance.

source

wasn't the scandal about the Pegasus spyware all about this imperceptibility?

[–] dhork@lemmy.world 1 points 7 months ago (1 children)

Nothing in your links above indicate that the spyware operates while the phones are powered off (although I relied on a crappy translation of the French). Could spyware mock the shutdown process so that it looks like the phone is powered off while the phone is actually running? Sure it can, but the victim will be tipped off when the phone's battery is being drained even while it is "shut off". (And someone who is paranoid enough to shut down their phone would pay attention to that.) . It seems like it's not worth the effort.

[–] merde@sh.itjust.works 1 points 7 months ago* (last edited 7 months ago) (1 children)

read, listen to people that were spied on using the pegasus software. Easy to find

i don't know if you've met any real activists, militants in your life but they're rarely geeks. And checking the battery of their phone or reading about battery life isn't one of their priorities

[–] dhork@lemmy.world 1 points 7 months ago (1 children)

Yes, info on Pegasus is easy to find. And never says Pegasus is active when the phone is powered off. It's undetectable and insidious in what it can grab, but at no point is there any reference at all to being active while the phone is powered off.

https://en.m.wikipedia.org/wiki/Pegasus_(spyware)

If you have a reference that states otherwise (that isn't written by an AI), please supply it. I'll be happy to give up on this if someone can prove their point.

And that is because it is way too easy to detect when the phone is off, not only because of the battery drain, but because the radios would be transmitting when they shouldnt . Plus, persisting across a reboot requires some trace of the Trojan to be on physical storage, which is more likely to be found on a scan.

I am assuming that when a state-level actor is hacking a phone, they are targeting a person directly, and know how to get the Trojan on undetected. Their main goal will be to continue to siphon data off it while it is in use. It's not worth the risk of detection to track it while it is off (and not being used, after all.) Don't you think they would prefer to use the same method they used the first time to infect the burner phone that's actually being used?

[–] merde@sh.itjust.works 1 points 7 months ago* (last edited 7 months ago)

back in the loop ☞ https://lemmy.world/comment/9738706

have a good day