This article is also available in:
Deutsch: Polizei setzt häufig Stille SMS zur Ortung Verdächtiger ein
One issue that came out during the 28th Chaos Communication Congress held in Berlin between 27 and 30 December 2011, was the use of the so called "Silent SMS" by the police in Germany to track down suspects.
The Silent SMS, also called Flash-SMS is a SMS allowing the user to send a message to another mobile phone without the knowledge of the recipient. "The message is rejected by the recipient mobile, and leaves no trace. In return, the sender gets a message from a mobile operator confirming that the Silent SMS has been received," as it is explained by the developers from the Silent Services, company who created some of the first software necessary to send such SMSs.
Mobile security expert Karsten Nohl and his colleague Luca Melette, announced during their presentation at the Congress, that in Germany, in 2010, the police sent thousands of Silent SMS meant to locate suspects.
Silent SMS were initially meant to allow operators to acknowledge whether a mobile phone was switched on and test the network without advising the users. However, they have proven useful for the tracking down of suspects by the police in several countries. Silent SMS allow the precise location of a mobile phone by using the GSM network.
"We can locate a user by identifying the three antennas closest to his mobile, then triangulating the distance according to the speed it takes for a signal to make a return trip. A mobile phone updates its presence on the network regularly, but when the person moves, the information is not updated immediately. By sending a Silent SMS, the location of the mobile is instantly updated. This is very useful because it allows you to locate someone at a given time, depending on the airwaves" explained Karsten Nohl.
According to Mathias Monroy, a journalist with Heise Online, this surveillance technology is largely used because it falls in a gray area from the legal point of view, the law being unclear whether a Silent SMS can be considered as communication. "The state found that it was not one, since there is no content. This is useful, because if it is not a communication, it does not fall under the framework of the inviolability of telecommunications described in Article 10 of the German Constitution."
On 6 December 2011, the German Interior Minister Hans-Peter Friedrich announced that German police and intelligence have sent about 440 000 Silent SMS a year.
Although no official recognition was offered by French officials, police and intelligence services work with Deveryware, a "geolocation operator" which combines cellular localization, GPS, and other "real-time location" techniques. The company was evasive when questioned by OWNI.eu on whether Silent SMS were one of these techniques: "Regretfully we are unable to provide an answer, given the confidentiality imposed on us by legal requisitions. Deveryware's applications enable investigators to map and compile a history of a suspect's movements."
In the Netherlands the police has been used the technique since 2006. During a case in February 2011 when 11 Somalian people were arrested for terrorism, the public prosecutor admitted, for the e-zine Webwereld, that the practice was a normal part of the wiretap process in drug cases, organised crime, people trafficking and possible suicide. There is no need for a separate court order as the technique implies only location data.
When the question was raised in the Dutch Parliament in March 2011, the Minister of Justice answered that this "investigation means has been applied for a long time in a number of criminal investigation cases. This means is only being applied when there is already a wiretap on that telephone number." He also added that Silent SMS has been used in several cases and the judge has always found this means lawful.
Nohl showed during his presentation at the 28th Chaos Communication Congress that the technique together with easily procurable tools can be used by attackers to make a mobile phone initiate phone calls and send text messages. He noted that some users have already received bills of thousands of euros for calls and texts to Caribbean premium rate services. The researcher also called on the mobile network operators, network equipment suppliers and device manufacturers to implement techniques to improve GSM encryption mechanisms in order to give protection against such kind of attacks. The techniques are already available but are not used.
Getting the Message? Police Track Phones with Silent SMS (30.01.2012)
http://owni.eu/2012/01/27/silent-sms-germany-france-surveillance-dever...
28C3: New attacks on GSM mobiles and security measures shown
(28.12.2011)
http://www.h-online.com/open/news/item/28C3-New-attacks-on-GSM-mobiles...
28c3: Defending mobile phones (28.12.2011)
http://www.youtube.com/watch?v=YWdHSJsEOck
Each quarter a million Silent SMS (only in German, 22.11.2011)
http://www.heise.de/tp/artikel/35/35905/1.html
Custom, Federal Police and Protection of the Constitution sent more than
440,000 SMSs in 2010 (only in German, 13.12.2011)
http://www.heise.de/newsticker/meldung/Zoll-BKA-und-Verfassungsschutz-...
Investigation used very often Stealth SMS (only in Dutch, 4.02.2011)
http://webwereld.nl/nieuws/105613/recherche-gebruikt-zeer-vaak-stealth...