Law-enforcement technologyLocating criminals by tracking their cell phones’ digital fingerprints

Published 5 August 2013

To keep from being tracked and getting caught, criminals use evasion tactics such as modifying the built-in ID code in their cell phone or swapping out SIM cards, making it impossible for law enforcement to track the criminals down by relying solely on cell phone signals. German engineers found, however, that the radio hardware in a cellphone — a collection of components like power amplifiers, oscillators, and signal mixers — all introduce radio signal inaccuracies. When these inaccuracies, or errors, are taken together, as seen in the digital signal sent to a cell tower, the result can be read as a unique digital signal –a digital fingerprint. These digital fingerprints do not change even if the built-in ID code has been modified, or the SIM card has been swapped out.

Law enforcement agencies may soon have a new tool at their disposal — a device that which distinguishes between cell phones based on their digital signal. This new technology was developed by engineers at the Technische Universität Dresden in Germany.

A TU Dresden release reports that law enforcement officials can track criminals as they talk on their cell phones using triangulation of cell towers. To keep from being tracked and getting caught, however, criminals began using new evasion tactics such as modifying the built-in ID code in their cell phone or swapping out SIM cards – making it difficult, if not impossible, for law enforcement to track criminals down by relying solely on cell phone signals. The technology developed by the TU Dresden engineers would allow law enforcement to overcome the criminals’’ evasion tactics.

Jakob Hasse and colleagues found that each of the separate components inside a cell phone has a degree of error.

The radio hardware in a cellphone consists of a collection of components like power amplifiers, oscillators and signal mixers that can all introduce radio signal inaccuracies,” Hasse told the New Scientist. A phone’s resistance, for instance, can vary between 0.1 and 20 percent of its stated value depending on the quality of the component.

When these errors are taken together, as seen in the digital signal sent to a cell tower, the result can be read as a unique digital signal –a digital fingerprint. Thus, whatever criminals do to their cell phone — short replacing the internal components of one phone with those of another phone — the phone will continue to emit a unique signal which can be read by a device and used to separate the particular phone out from all the other cell phones. This allows the police to locate the phone, and the criminal using it, by triangulating cell towers.

Our method does not send anything to the mobile phones. It works completely passively and just listens to the ongoing transmissions of a mobile phone — it cannot be detected,” Hasse says.

Their research, funded by the EU and the German government, was performed on 2G phones — but “defects are present in every radio device, so it should also be possible to do this with 3G and 4G phones,” Hasse says.

Serious criminals are extremely adept in using single-use phones and dumping SIM cards so new capabilities like this would certainly help law enforcement,” Nick Furneaux of forensics security company CSItech in Bristol, U.K., told New Scientist.

Identifying a phone from its radio frequency fingerprint is certainly not far-fetched. It is similar to identifying a digital camera where the image metadata does not provide a serial number. From underlying imperfections in the lens, which are detectable in the image, the source camera can be identified,” Furneaux says.

A device using this technology is still in the development stage, but the researchers report a 97.6 percent success rate in correctly identifying a signal.

— Read more in Jakob Hasse et al., “Forensic Identification of GSM Mobile Phones” (paper presented at the 1st ACM Workshop on Information Hiding and Multimedia Security, Montpellier, France, 17-19 June 2013)