Oh, right. Ukraine is still at war. We don't hear about it on the news over here in the civilized democratized developed modern advanced West anymore, so I just figured it was over. But turns out it's still going on, since 11 years, 1 month, 1 week, and 5 days. The actual invasion of Ukraine has been ongoing for 3 years, 1 month and 2 weeks.
If you want to help:
- I want to donate to the Ukrainian people in the most effective way but there are so many options. What is needed most and where? [1]
- 5 ways you can support Ukraine — even if your government doesn't want to [2]
- United Help Ukraine [3]
- Ukraine - Fact Sheet: How You Can Help [4] (Yes, even the god damn CIA cough I mean state department wants you to help)
- How You Can Help Ukraine [5]
- How you can help the people of Ukraine [6]
- Support Ukraine [7]
- How can I help Ukraine? [8]
- No child should face the war experience alone [9]
- Nova Ukraine [10]
- One in five children in Ukraine has lost a relative or friend since the escalation of war three years ago [11]
- UKRAINE HUMANITARIAN CRISIS: Help with critical aid — Give now [12]
iOS is constantly scanning for NFC tags containing URLs etc., which requires emitting enough field power to allow the tag to indicate its presence.
Apple Pay itself uses card emulation mode, and as such the phone only needs to (passively) listen for a payment terminal's field; that should itself not be detectable without emitting such a field.
Is it really true that the phone must be passively listening? The field of the payment terminal will induce current in the NFC-coil and that should be able to wake the phone as necessary.
Bluetooth already broadcasts and has a UID, I have used this a few times in books as plot-outline to identify an antagonist, and I now wonder if NFC has a similar UID It would be interesting to decode the data and see.
If the transmission contains some identifying information and can be used for coarse triangulation to decide if a specific phone is in a specific building - well, that's pretty bad.
Can be harmful even without identifying information in situations where it's enough to decide if some building is occupied or not.
They mention android for this risk factor specifically-does android not have an "airplane mode" equivalent? I would assume it disables NFC also on iOS, but I guess I don't know —no mention of NFC on Apple's support page.
Andoird has an airplane mode
Once enabled airplane mode you can enable Bluetooth again and airplane mode stays on,so just no mobile data an.same is true for WiFi.
NFC however isn't touched by the airplane mode
...At least it was like that on the android phones I owned
Samsung Note (9 and 24 at least) has an "NFC and contactless payments" toggle (and a UWB one) on the page with wifi and bluetooth (Settings → Connections) but I don't know if it's "doesn't emit" or just "doesn't interact"...
"Classic" Bluetooth does not broadcast a detectable ID except if the device is explicitly in "pairing mode". It can be inferred when observing a connection establishment between two paired devices, or probed for if known (i.e. you can confirm that one of a few candidate devices is nearby, if you know their addresses), but not passively sniffed, as far as I know.
Bluetooth LE does explicitly broadcast its MAC address in some modes, but offers various forms of private or random address modes to mitigate the problem.
Don't they randomize their broadcast ID? I know both Android and iOS scramble the WiFi MAC address by default, it would be odd if they didn't take the same precaution with Bluetooth.
The randomization doesn't matter: you can very easily link the addresses if you have a few datapoints, even if it's just the time you observed the addresses: the basic method is discussed in https://inria.hal.science/hal-03045555/document
Even if you don't have any identifiers, the Bluetooth address randomization happens only about every 15 minutes: the manufacturer specific data in the public advertisement (or even the frequency and the length of these advertisements) during these 15 minutes periods can be used for linking the randomized addresses
Google has lately been far overstepping their utility with “security measures” which I definitely don’t need and often make everything more annoying and difficult.
Ex: blocking 3rd party cookies always now. Breaks countless websites which I need to work reliably. “Manage unused website/app’s permissions” even after I specifically granted them! Randomized virtual credit card numbers in Wallet: for no good reason, you thoroughly fucked up a refund attempt for me, >$500! And randomized MAC addresses by default for EVERY. SINGLE. SSID. It’s unhinged. It’s fake protection.
As a matter of fact, I do not enjoy my devices lying to my ISP, or to my college campus, my medical clinic, or to my employers. Device, please identify yourself without wearing a fuckin’ Groucho mask on top, and put on your big boy pants.
TFA talks about detecting phones through load-bearing walls over 15-20 meters, and how the lower frequency penetrates surprisingly well. You can't necessarily pull the actual data off it, but you can see that there is a signal
From the article.
"A great part of discussion in comments on the original thread I've made was about soldiers on the battlefield and a heavy usage of devices close to the line of contact. Android users might turn off Wi-Fi and Bluetooth and even remove their SIM card, thinking they’ve minimized their radio footprint. But NFC often remains active by default — and since most people assume it only matters within arm’s reach, they don’t bother disabling it."
> soldiers on the battlefield and a heavy usage of devices close to the line of contact. Android users might turn off Wi-Fi and Bluetooth and even remove their SIM card
I would think a faraday bag would be far more efficient for this - should take care of the NFC issue too
You know its interesting to know that the people that are in ICE are not smart/competent enough to make uses of these things to detect people and I dont think anything is going to change in the next 3-4 years, its actually bizarre.
TSA (more accurately - CBP, more generally - DHS) contract out the hard engineering to Cellebrite and NSO Group. Those companies develop a dumb-proof box. The CBP agents at the border take the phones, plug them to the box, press a few buttons, and that’s it.
No one in the TSA/CBP/ICE/DHS needs to be smart for this, that’s the job of private engineering firms/contractors.
That man is doing nfc spectrum analysis during an air raid.
I hope to someday acquire this amount of focus and dedication.
Oh, right. Ukraine is still at war. We don't hear about it on the news over here in the civilized democratized developed modern advanced West anymore, so I just figured it was over. But turns out it's still going on, since 11 years, 1 month, 1 week, and 5 days. The actual invasion of Ukraine has been ongoing for 3 years, 1 month and 2 weeks.
If you want to help:
- I want to donate to the Ukrainian people in the most effective way but there are so many options. What is needed most and where? [1]
- 5 ways you can support Ukraine — even if your government doesn't want to [2]
- United Help Ukraine [3]
- Ukraine - Fact Sheet: How You Can Help [4] (Yes, even the god damn CIA cough I mean state department wants you to help)
- How You Can Help Ukraine [5]
- How you can help the people of Ukraine [6]
- Support Ukraine [7]
- How can I help Ukraine? [8]
- No child should face the war experience alone [9]
- Nova Ukraine [10]
- One in five children in Ukraine has lost a relative or friend since the escalation of war three years ago [11]
- UKRAINE HUMANITARIAN CRISIS: Help with critical aid — Give now [12]
- International Medical Corps Ukraine [13]
- Chefs for Ukraine [14]
- Doctors without Borders [15]
- International Rescue Committee [16]
- Greater Good Charities [17]
- Catholic Relief Services [18]
[1] https://www.reddit.com/r/ukraine/comments/1eqnmbf/i_want_to_... [2] https://kyivindependent.com/5-ways-you-can-support-ukraine-e... [3] https://unitedhelpukraine.org/ [4] https://travel.state.gov/content/travel/en/News/Intercountry... [5] https://www.huri.harvard.edu/how-you-can-help-ukraine [6] https://www.obama.org/stories/help-ukraine/ [7] https://war.ukraine.ua/support-ukraine/ [8] https://www.rescue.org/article/how-can-i-help-ukraine [9] https://voices.org.ua/en [10] https://novaukraine.org/ [11] https://www.unicef.org.uk/press-releases/one-in-five-childre... [12] https://my.care.org/site/Donation2;jsessionid=00000000.app30... [13] https://internationalmedicalcorps.org.uk/country/ukraine/ [14] https://wck.org/relief/activation-chefs-for-ukraine [15] https://donate.doctorswithoutborders.org/secure/monthly-an?m... [16] https://help.rescue.org/donate/ukraine-acq?ms=gs_ppc_fy25_uk... [17] https://greatergood.org/crisis-in-ukraine-send-aid-now?utm_s... [18] https://support.crs.org/donate/donate-ukraine?ms=agigoo0922u...
> We don't hear about it on the news over here in the civilized democratized developed modern advanced West anymore, so I just figured it was over.
Maybe not in the US. But the invasion of Ukraine is still very much present in most of Europe and it's a driving factor of recent public policies.
At the moment a lot of Ukraine coverage is drowned out by Trump's daily bullshit onslaught though, just like 2016-2020.
Not if you don't follow from mainstream and social media sources.
This is surprising and cool. What's the explanation for why there are NFC transmissions on unlock or wake?
To look for NFC stuff like payment or tickets etc.
iOS is constantly scanning for NFC tags containing URLs etc., which requires emitting enough field power to allow the tag to indicate its presence.
Apple Pay itself uses card emulation mode, and as such the phone only needs to (passively) listen for a payment terminal's field; that should itself not be detectable without emitting such a field.
Is it really true that the phone must be passively listening? The field of the payment terminal will induce current in the NFC-coil and that should be able to wake the phone as necessary.
Bluetooth already broadcasts and has a UID, I have used this a few times in books as plot-outline to identify an antagonist, and I now wonder if NFC has a similar UID It would be interesting to decode the data and see.
Article notes this impacts soldiers (or I suppose others trying to be stealthy) who would have turned off bluetooth and wifi.
If the transmission contains some identifying information and can be used for coarse triangulation to decide if a specific phone is in a specific building - well, that's pretty bad.
Can be harmful even without identifying information in situations where it's enough to decide if some building is occupied or not.
They mention android for this risk factor specifically-does android not have an "airplane mode" equivalent? I would assume it disables NFC also on iOS, but I guess I don't know —no mention of NFC on Apple's support page.
Andoird has an airplane mode Once enabled airplane mode you can enable Bluetooth again and airplane mode stays on,so just no mobile data an.same is true for WiFi.
NFC however isn't touched by the airplane mode
...At least it was like that on the android phones I owned
Samsung Note (9 and 24 at least) has an "NFC and contactless payments" toggle (and a UWB one) on the page with wifi and bluetooth (Settings → Connections) but I don't know if it's "doesn't emit" or just "doesn't interact"...
"Classic" Bluetooth does not broadcast a detectable ID except if the device is explicitly in "pairing mode". It can be inferred when observing a connection establishment between two paired devices, or probed for if known (i.e. you can confirm that one of a few candidate devices is nearby, if you know their addresses), but not passively sniffed, as far as I know.
Bluetooth LE does explicitly broadcast its MAC address in some modes, but offers various forms of private or random address modes to mitigate the problem.
there are passive ways to track cell phones using bluetooth:
https://www.theregister.com/2021/10/22/bluetooth_tracking_de...
https://cec.gmu.edu/news/2025-02/find-my-hacker-how-apples-n...
Don't they randomize their broadcast ID? I know both Android and iOS scramble the WiFi MAC address by default, it would be odd if they didn't take the same precaution with Bluetooth.
The randomization doesn't matter: you can very easily link the addresses if you have a few datapoints, even if it's just the time you observed the addresses: the basic method is discussed in https://inria.hal.science/hal-03045555/document
See https://inria.hal.science/hal-02394629v1 for the theoretical bases then hop to https://samteplov.com/uploads/shmoocon20/slides.pdf for an example applying to Apple devices
Those who said the randomization and other techniques were sufficient were wrong: https://petsymposium.org/popets/2020/popets-2020-0003.pdf will show you how they changed their mind :)
It's not just apple: google nearby has also been reversed: https://publications.cispa.saarland/2748/ and https://www.ndss-symposium.org/wp-content/uploads/2019/02/nd... talks about attacks, but there's no need for that: just find identifiers that let you link the addresses
Even if you don't have any identifiers, the Bluetooth address randomization happens only about every 15 minutes: the manufacturer specific data in the public advertisement (or even the frequency and the length of these advertisements) during these 15 minutes periods can be used for linking the randomized addresses
That attack requires continuously monitoring a given device or area though, right?
In other words, you could possibly track a given device through an area with enough sensors, e.g. a store, but not across visits.
Sci-Fi books and it was a sentient AI, I can do anything I want in that situation :-)
Google has lately been far overstepping their utility with “security measures” which I definitely don’t need and often make everything more annoying and difficult.
Ex: blocking 3rd party cookies always now. Breaks countless websites which I need to work reliably. “Manage unused website/app’s permissions” even after I specifically granted them! Randomized virtual credit card numbers in Wallet: for no good reason, you thoroughly fucked up a refund attempt for me, >$500! And randomized MAC addresses by default for EVERY. SINGLE. SSID. It’s unhinged. It’s fake protection.
As a matter of fact, I do not enjoy my devices lying to my ISP, or to my college campus, my medical clinic, or to my employers. Device, please identify yourself without wearing a fuckin’ Groucho mask on top, and put on your big boy pants.
Never thought I'd hear someone complain Google takes privacy too seriously.
NFC uid is also randomized
one of the things I miss in iOS coming from Android is to be able to easily disable NFC or location :/
Can we use this to find people stuck in Earthquake rubble?
the n in nfc stands for near. won't help under layers of concrete
TFA talks about detecting phones through load-bearing walls over 15-20 meters, and how the lower frequency penetrates surprisingly well. You can't necessarily pull the actual data off it, but you can see that there is a signal
Are they checking their phones?
From article: "Then, when the screen turns off again (either manually or via timeout), another signal is sent, just 1 ping this time."
Nice.
Does it do it lockdown mode too?
Very interesting!
Time to start lining the walls with lead to block signal leak. New building code, when?
> tracking occupancy patterns, correlating signal presence with known devices, identifying sleep cycles
Wait til you find out about Wifi and GSM!
From the article. "A great part of discussion in comments on the original thread I've made was about soldiers on the battlefield and a heavy usage of devices close to the line of contact. Android users might turn off Wi-Fi and Bluetooth and even remove their SIM card, thinking they’ve minimized their radio footprint. But NFC often remains active by default — and since most people assume it only matters within arm’s reach, they don’t bother disabling it."
> soldiers on the battlefield and a heavy usage of devices close to the line of contact. Android users might turn off Wi-Fi and Bluetooth and even remove their SIM card
I would think a faraday bag would be far more efficient for this - should take care of the NFC issue too
You know its interesting to know that the people that are in ICE are not smart/competent enough to make uses of these things to detect people and I dont think anything is going to change in the next 3-4 years, its actually bizarre.
TSA (more accurately - CBP, more generally - DHS) contract out the hard engineering to Cellebrite and NSO Group. Those companies develop a dumb-proof box. The CBP agents at the border take the phones, plug them to the box, press a few buttons, and that’s it.
No one in the TSA/CBP/ICE/DHS needs to be smart for this, that’s the job of private engineering firms/contractors.