Did you know that when you remove metadata from a photo, such as the camera's serial number, digital forensic experts can still figure out what digital camera was used to capture the shot? It is all about finding tiny imperfections in the image that the naked eye cannot see. Did you know that if a person on a GSM network were to change SIM cards or tweak the unique and identifying IMEI number, that cellphone can still be tracked? That too is possible due to tiny, subtle differences in radio pattern signals that each phone emits to cell towers.
By knowing the International Mobile Station Equipment Identity number, IMEI, law enforcement can target that phone for “lawful interception” wiretapping. Criminals know that and often swap out SIM cards and/or spoof IMEI so law enforcement cannot track or wiretap their phones. However, that method of hiding from Johnny Law may not work in the future. German computer scientist Jakob Hasse and his colleges at the Technical University of Dresden have developed a forensic technique to identify phones in GSM networks even if crooks take steps to thwart being tracked.
Although phones are mass-produced, and each model contains the exact same hardware, there are still differences in the radio signal patterns they emit. It is those tiny unchangeable differences, or “inaccuracies” sent to cell towers that are unique enough to be used as identifying digital fingerprints, thereby allowing police to track the phone. Digital Evidence added, “The novel approach also permits re-identification of mobile phones across interchangeable SIM cards, and it is not vulnerable to manipulated identification (IMEI) numbers. The core of the method exploits signal characteristics and transmission profiles of mobile phones.”
This summer in France at the 1st ACM Workshop on Information Hiding and Multimedia Security, Hasse presented “Forensic Identification of GSM Mobile Phones” [pdf]. In “real world conditions,” the researchers were able to distinguish and correctly identify 13 mobile phones at an overall success rate of 97.62 percent. “This included four identical and nine almost identical phones, which proves the selected features to be unique for an individual device.” The researchers concluded, “By targeting the air interface of GSM on physical layer, it is possible to identify mobile phones without the interaction with or recognition by the sender.”
"Our method does not send anything to the mobile phones. It works completely passively and just listens to the ongoing transmissions of a mobile phone – it cannot be detected," Hasse told New Scientist.
“Identifying a phone from its radio frequency fingerprint is certainly not far-fetched,” according to computer forensics security expert Nick Furneaux of CSITech. “It is similar to identifying a digital camera where the image metadata does not provide a serial number. From underlying imperfections in the lens, which are detectable in the image, the source camera can be identified.”
According to researchers of the EXIST startup team Digital Evidence at TU Dresden, “Forensic mobile phone identification has applications in speaker verification, tracking of (stolen) devices, and law enforcement in general. While existing active identification techniques require support by the service provider or operating a base station to set up so-called IMSI catchers, the new passive method relies solely on the observation of transmitted signals. Future applications beyond mobile phone identification may also include the detection of fake base stations.”