The Art of Mobile Jamming Pt 1 (c)2012
Bill 15 introduced to the House of Commons on 20 June 2012 is titled PRISONS (INTERFERENCE WITH WIRELESS TELEGRAPHY) BILL and can be downloaded here:
http://www.publications.parliament.uk/pa/bills/cbill/2012-2013/0015/en/13015en.pdf
The aim of this Bill sets out the intention to seek legislations that enables prisons to lawfully use jamming devices to prevent inmates making 'unauthorised' calls. The proposed objective, therefore, would be to reduce or prevent further crime being perpetrated by inmates whilst serving their detention.
I ran an internet search to see whether any of the respected sources had highlighted this Bill and noted that Martin Beckford (Home Affairs Editor) of The Telegraph on 29 June 2012 wrote a very helpful column about [it] titled Prisons-to-be-given-mobile-phone-jamming-devices: http://www.telegraph.co.uk/technology/mobile-phones/9365741/Prisons-to-be-given-mobile-phone-jamming-devices.html
My understanding of RF inhibitors goes back to my 'type approvals' days in the 1980s/1990s, and in the last 12 years I have investigated whether jammers could be used to assist mobile phone examination and in relation to jamming devices used in crime. I am by no means a world authority, but this is a subject I do feel I know something about and therefore contribute some observations on the subject. I have also referred on a couple of occasions to jamming at my blog:
Mobile Phone Sniffer - http://trewmte.blogspot.co.uk/2012/01/mobile-phone-sniffer.html
CSA - R&TTE Directive - http://trewmte.blogspot.co.uk/2012/06/csa-r-directive.html
RF Jamming and RF monitoring occurring at the same time are not comfortable bed-partners. For monitoring to take place requires unfettered access to signalling taking place in two-way (uplink/downlink) communications: e.g. to/from mobile device and base station. Jamming, on the other hand, pollutes the uplink/downlink in order to prevent something happening. Thus, for a window of opportunity for both to coexist might be a solution that may require strict management controls. Permanent and interval jamming are two fairly obvious active states to consider.
Permanent jamming, usually associated with fixed jamming devices drawing energy from a permanent power source, and required to be always ON might be problematical in at least two areas. The first area is the propagation generated in the ether (the polluting footprint) and the common sense issues associated with the double-edged sword 'interference': (a) hindrance to lawful communications and (b) natural and manmade phenomenon acting as an inhibitor to the effective operation of the pollutant - a sort of jammers’ jammer if you will. The second area, permanent jamming doesn't work too well with handheld mobile jammers because these devices are battery charged and thus battery discharge is to be anticipated within a given timeframe. Moreover, handheld jammers have a range issue to be considered that should correspond to the proximity of a particular mobile phone.
One would need to look, too, quite carefully how a permanently-on jammer could still allow monitoring to take place? Any attempt, for instance, by a user of a mobile phone to make a call, the mobile user would naturally see on the screen of the handset that no radio signal strength (no bars etc) is available at the point when viewing the handset screen which the user notices when dialling or sees a message stating 'emergency' call or service only. The latter may occur with handsets due to pre-programming of algorithms or active 'state' indicators are active in the handset. I am not suggesting that jamming shall or should be intended to be intentional operated under clandestine conditions, and even if such a suggest were relevant the handset user would more than likely have some inkling that no services was available.
Consideration could, of course, be given to a situation where a mobile phone user dials a number anyway and presses the send button. The mobile phone might still conduct a call attempt procedure, making the necessary 'access request bursts' (RACH attempts) and disseminate the called party's number (maybe?). It may be possible to pick out wanted signalling from unwanted interference noise, which might be possible, but then again 'scrambled' is a counter-argument to that observation.
Interval jamming can be applicable in the instance of timed-period jamming (morning/afternoon/night etc) and could be deployed using fixed or mobile jamming devices. Handheld jamming devices might be problematical in relation to output power of the device where its power needs to be greater that the mobile phone power output. Such a jamming device running at full power for several hours, whilst being held by a prison guard, might require assessment of pertinent rules associated with health and safety.
The position may, in addition, need to be weighed up with respect to permanent programmable jammers vis-à-vis non-programmable handheld jammers that just pollute all the time whilst switched ON, until they are switched OFF. The handheld may face difficulties in doing its job because it won’t be able to detect when a mobile phone is switched 'ON', idle state or attempting to make a call. In this regard there are some salutary lessons that might be learned from experience vehicle and asset tracking, which by analogy the lessons lend themselves well to handheld jammers.
In an article for VEHICLE & ASSET TRACKING SYSTEMS – JAMMERS its author (Platt, I; 17/02/2009) identified a useful scenario that would need to be taken into consideration as it identifies important criteria to be considered. Platt stated:
“Leading GSM Tracking devices tend to be battery powered with a long ‘sleeping’ period, typically 6 hours, and a short ‘wake up and transmit period’ - typically 70 seconds thus making them extremely difficult to block – as a criminal a) has to know the device is fitted (they tend to be highly covert) and b) has to find the 70 seconds in 6 hours that it transmits.”
Interval jamming may though lend itself to reversing the dark arts of man-in-the-middle-attack to be put to good use that commonly is perceived to be associated with clandestine activity. Moreover, it could open the door to more discussion about evidence obtained by interception. I have already discussed various issues in my articles on the Art of Mobile Interception (c) 2011 so I do not propose to rehearse all of my observations again, here, in this discussion. It can be put quite simply though by pointing out that by running an on-site quasi-BTS this might assist in collection of dialled numbers, but not necessarily the content of a call, during the period when jamming is switched OFF.
In Pt 2 the discussion highlights some confusing legal issues that this Bill may need to resolve if it is to be transformed into legislation such that the technical criteria and application of testing jammers can be adopted.
The Art of Mobile Jamming Pt 2 (c)2012 - http://trewmte.blogspot.co.uk/2012/07/art-of-mobile-jamming-pt-2-c2012.html
Showing posts with label Fake Base Stations. Show all posts
Showing posts with label Fake Base Stations. Show all posts
Sunday, July 01, 2012
Monday, January 30, 2012
Mobile Phone Sniffer
Mobile Phone Sniffer
Preventing inmates who are detained at Her Majesty's pleasure from making mobile calls has been a harder task than might be imagined. Preventing mobile phones entering prisons was and is a long running battle of ingenuity vis-a-vis surveillance and detection. Counter measures to foil those who circumvent the original surveillance and detection have been used and proprosed but can fall at the final hurdle due to breach of one Act of legislation or another or for technical reasons.
The idea of creating RF jamming fields that basically pollute the electromagnetic environment to prevent mobile calls going outward can have consequences beyond the target field and therefore impacts at different levels e.g.
i) the same pollution (jamming) also prevents mobile calls coming inward
ii) can prevents legitimate mobile calls within the demesne (field of test area)
iii) as the pollution may not be confined by material objects within the demesne the pollution can spill over into a land parcel outside of a prison and prevent emergency calls etc
iv) ....
The use of nano-, pico-, micro-cell etc jammers are prohibited under the Wireless Telegraphy Act. In plain english that means whether it is of a base station arrangement or handheld device. Research also identifies that allowing the use of a mobile phone in prison to make incoming/outgoing calls allows some inmates to continue to run their crime businesses. Assuming the authorities provided an inhouse base station to provide coverage this may be fraught with consequences way beyond harvesting of personal information and possible subsequence breaches of the Data Protection Act vis-a-vis The Human Rights Act. Are these two Acts opposed to one another or do they walk hand-in-hand? The assumption that certain Rights from prisoners are waived, that legislative power has absolutely no legal impact at all on those who are the called party and whom have lost no 'legal' liberties at all. So there are always diffculties, which the authorities are pressed to meet challenges of any statutory tests within the legalisation and further pressed by decisions in case law. And if that is not enough, the authorities shall not create Guidelines that supercede or attempt to supercede Statutory Law or that produce extra statutory directions or activity.
To add a further ingredient into the mix and blend it with the above issues is the requirement to have a strategy that takes account when a mobile phone is switched ON what are the mobile phone's capabilities?
- communicating by bluetooth
- communicating by infrared
- communicating byWiFi
- communicating by NFC/RFID
- capability to operate in pilot mode
- ability to make voice recordings
- ability to take photographs
- ability to record information on to high capacity storage mini smart cards
- ability to interconnect to a computer
- ability to run applications on handsets to generate morse code
- ability to make sound that can be detected by listening devices
- and the list goes on
In the long running battle of ingenuity versus surveillance and detection a new product has recently been launched called Cell Hound from ITT Exelis. The way it works is that its sensors scan the frequencies used by cell phones as well as many other wireless products. Detects and locates all active cell phones located within or near a facility. The system utilizes an array of sensors that listen for cell phone activity. When a cellular call is detected, information about the call is transmitted via a standard Ethernet LAN to the central server. The data is processed in real-time by the software, which then displays the location of the cell phone onto a computer monitor (http://www.exelisinc.com/solutions/Pages/Cell-Hound.aspx).
From the technical information about this system it appears not to use jamming signals or generate false base station techniques. The technical information doesn't state that personal information is being harvested, so it will be interesting to see how many boxes it will tick.
Research I undertook for this discussion can be found in vast quantity of information available from various sources, which I have simplified for ease of reading consumption. What this research hasn't discussed is how the mobile phones or component parts thereof are getting into prisons; the combination of technology facilities available to prisoners within prisons; or surveillance and detection systems actually being used in prisons. From the material I read and cross-referenced with known materials to read what the research suggests to me is that it is possible to generate a quantifiable range of possibilities that need to be considered to create a surveillance and detection strategy from which it is possible to create a Check List against which a product can be assessed. It is fully accepted and declared that such a Check List should be an evolving list to take account of changing developments.
Preventing inmates who are detained at Her Majesty's pleasure from making mobile calls has been a harder task than might be imagined. Preventing mobile phones entering prisons was and is a long running battle of ingenuity vis-a-vis surveillance and detection. Counter measures to foil those who circumvent the original surveillance and detection have been used and proprosed but can fall at the final hurdle due to breach of one Act of legislation or another or for technical reasons.
The idea of creating RF jamming fields that basically pollute the electromagnetic environment to prevent mobile calls going outward can have consequences beyond the target field and therefore impacts at different levels e.g.
i) the same pollution (jamming) also prevents mobile calls coming inward
ii) can prevents legitimate mobile calls within the demesne (field of test area)
iii) as the pollution may not be confined by material objects within the demesne the pollution can spill over into a land parcel outside of a prison and prevent emergency calls etc
iv) ....
The use of nano-, pico-, micro-cell etc jammers are prohibited under the Wireless Telegraphy Act. In plain english that means whether it is of a base station arrangement or handheld device. Research also identifies that allowing the use of a mobile phone in prison to make incoming/outgoing calls allows some inmates to continue to run their crime businesses. Assuming the authorities provided an inhouse base station to provide coverage this may be fraught with consequences way beyond harvesting of personal information and possible subsequence breaches of the Data Protection Act vis-a-vis The Human Rights Act. Are these two Acts opposed to one another or do they walk hand-in-hand? The assumption that certain Rights from prisoners are waived, that legislative power has absolutely no legal impact at all on those who are the called party and whom have lost no 'legal' liberties at all. So there are always diffculties, which the authorities are pressed to meet challenges of any statutory tests within the legalisation and further pressed by decisions in case law. And if that is not enough, the authorities shall not create Guidelines that supercede or attempt to supercede Statutory Law or that produce extra statutory directions or activity.
To add a further ingredient into the mix and blend it with the above issues is the requirement to have a strategy that takes account when a mobile phone is switched ON what are the mobile phone's capabilities?
- communicating by bluetooth
- communicating by infrared
- communicating byWiFi
- communicating by NFC/RFID
- capability to operate in pilot mode
- ability to make voice recordings
- ability to take photographs
- ability to record information on to high capacity storage mini smart cards
- ability to interconnect to a computer
- ability to run applications on handsets to generate morse code
- ability to make sound that can be detected by listening devices
- and the list goes on
In the long running battle of ingenuity versus surveillance and detection a new product has recently been launched called Cell Hound from ITT Exelis. The way it works is that its sensors scan the frequencies used by cell phones as well as many other wireless products. Detects and locates all active cell phones located within or near a facility. The system utilizes an array of sensors that listen for cell phone activity. When a cellular call is detected, information about the call is transmitted via a standard Ethernet LAN to the central server. The data is processed in real-time by the software, which then displays the location of the cell phone onto a computer monitor (http://www.exelisinc.com/solutions/Pages/Cell-Hound.aspx).
Photo courtesy of ITT Exelis
From the technical information about this system it appears not to use jamming signals or generate false base station techniques. The technical information doesn't state that personal information is being harvested, so it will be interesting to see how many boxes it will tick.
Research I undertook for this discussion can be found in vast quantity of information available from various sources, which I have simplified for ease of reading consumption. What this research hasn't discussed is how the mobile phones or component parts thereof are getting into prisons; the combination of technology facilities available to prisoners within prisons; or surveillance and detection systems actually being used in prisons. From the material I read and cross-referenced with known materials to read what the research suggests to me is that it is possible to generate a quantifiable range of possibilities that need to be considered to create a surveillance and detection strategy from which it is possible to create a Check List against which a product can be assessed. It is fully accepted and declared that such a Check List should be an evolving list to take account of changing developments.
Subscribe to:
Posts (Atom)