2

In a hypothetical scenario, I am travelling with my iPhone to, let's say, New Zealand. I stop at some random hotel and simply stay there doing nothing but staring at a wall for days with no interaction with my phone whatsoever.

Is it possible for hackers/organizations that are targeting me specifically to find my exact/relative location? Would it help if I turned off location services or used a VPN with a killswitch? How would the situation change if, instead of an iPhone that I used for a year, I travelled with a brand new iPhone, or with a Macbook?

Thanks in advance

Cobie Fisher
  • 135
  • 4

1 Answers1

1

Theoretically, yes they could track you, provided your phone was turned on. There are actually several potential ways for them to do it, but they vary in terms of the level of sophistication (i.e. how technically advanced they are and the amount of money they have to spend).

For a more technically sophisticated attacker, the protocol which mobile phone use, Subsystem number 7 (SS7), has known vulnerabilities which could allow an attacker to locate you.

If they have access to your iCloud account, they could potentially use the device location feature to find your location.

If they have already compromised your phone/laptop, a VPN won't do you any good. The attacker could potentially access your phone/machine, see what wifi networks are nearby, and use that to geolocate you.

Travelling with that new iPhone/macbook will only help if the attacker is not able to link you as an individual to those new devices. How easy it is to link you to a device is going to depend on the sophistication of an attacker.

Dan Landberg
  • 3,312
  • 12
  • 17
  • For all intents and purposes, let's suppose that the attacker is very sophisticated and has lots of money to spend. They do not have access to your iCloud account and your device is not compromised, but it is definitely linked to your person as your belonging. How can you eliminate or at least reduce the chance that you can be located? – Cobie Fisher Aug 01 '18 at 18:07
  • If that's the case they would probably go with the SS7 vulnerability I mentioned above. There's not much you can do besides turn your phone off or leave it at home. – Dan Landberg Aug 01 '18 at 21:53