14

Is it technically or theoretically possible for any part of a mobile phone's circuitry to be still on and transmitting even while turned off and the battery has been removed? If so, how?

I am thinking perhaps it could remain in a low power state and certain chips and capacitors could hold their charge for a while. Is this plausible or no?

NB: this question is distinct and more specific than this question so it is not a duplicate.

user20702
  • 159
  • 1
  • 1
  • 5
  • 7
    With the right level of paranoia, anything's possible. – Chris Murray Aug 14 '14 at 12:13
  • 4
    There would have to be an internal battery. Most circuitry components can keep state for at most 30 seconds. By that time, most if not all capacitors and what not have dissipated. Capacitors generally lose charge on the order of milliseconds to seconds. – RoraΖ Aug 14 '14 at 12:27
  • 1
    If there's *another* battery (or a supercapacitor, or whatever), it's possible to remove the first battery, but then the question becomes "with two batteries, can they be hot-swapped?", which is quite a different question ;) So - no, without a source of power, it is not possible to draw power necessary for functioning, certainly not longer than a few seconds. Now, the real question appears to be "is it possible to hide another battery inside the device?" – Piskvor left the building Aug 14 '14 at 12:32

5 Answers5

29

If you have a phone with a removable main battery, you can try this:

  1. Disable the cellular network, GPS, WiFi, Bluetooth etc on your phone by turning them off manually and then putting the phone into flight mode.

  2. Make a note of the current time shown on the phone and on your PC by writing it down on paper.

  3. Shut down the phone, remove the main battery and the SIM card. Now wait 5 minutes.

  4. Put the main battery back in, but not the SIM card and then turn the phone on again. The phone should still be in flight mode.

  5. Note the current time on the phone again and the current time from your PC.

    Remember when in Flight Mode and without the SIM card, the phone cannot get a time update from the cell tower. If a phone just stored the current time in flash memory before shutting down, then on powering on the phone it would be 5 minutes behind and match the time you wrote down on paper. This is because it would not know how much time had elapsed from when the phone had shut off and when it was turned on again. However that is not what happened, it kept up with the current time even when shut off and the battery was removed. That is because of the second battery on the phone.

mobile phone circuit board

This HowStuffWorks article looks into the inside of a digital mobile phone. Quoting from the article: "As you can see in the picture above, the speaker is about the size of a dime and the microphone is no larger than the watch battery beside it. Speaking of the watch battery, this is used by the mobile phone's internal clock chip." This would be similar to the function of a CMOS battery in every PC/laptop. There is also a February 2010 patent mentioning a primary and secondary battery of different size and capacity: "The first battery may discharge during use of the mobile phone without simultaneous discharge of the second battery. Upon discharge of the first battery, the second battery may not be automatically activated."

A standard silver cell watch battery has a capacity of 200 mAh, a Zinc-air battery has a capacity of 620 mAh. From personal experience, my battery in my wristwatch has lasted for over a decade as it was just keeping the time, running alarms and the odd stopwatch. I am not certain which capacity the secondary battery is which is installed on most mobile phones but it could contain a newer, powerful one installed by the manufacturers. The design of mobile phones is typically a closed design. There is a new micro-battery that could fit in and power a credit-card-thin device and be charged 1,000 times faster than regular batteries. Therefore every time you charged your phone, it would charge the secondary battery as well.

When the phone is turned off and the main battery is removed, the secondary battery could do more than just keep track of the time. It is all connected to the same circuitry so it could leave certain chips powered on in a low power state, for example the GPS, the microphone, the camera, or the closed baseband processor on every mobile phone.

Now, hypothetically the secondary battery could be remotely activated and periodically do a burst transmission every x minutes and send GPS coordinates or microphone recordings back to your favourite 3 letter agency. If the chips were just passively transmitting, perhaps they need a StingRay or Reaper drone in the area to boost the signal. The cell tower itself may be powerful enough to pick up the signal.

This article states that the NSA can technically listen in to the microphone of an iPhone even if it is switched off. In Edward Snowden's conversations with Laura Poitras he advised her to put her mobile in the freezer. In Snowden's NBC interview he mentions "They can absolutely turn them on with the power turned off to the device". He even took out the main battery in his phone before a recent Wired interview. Removing the main battery may not be enough to avoid surveillance.

If I add a thick layer of tinfoil to my hat, perhaps everyone's mobile phones have been converted to an always on bugging and tracking device by NSA. They could have bugged every phone and home in the world whether their phones were turned on or not. You could get intel on anyone, anywhere. This could be why NSA does not allow mobile phones in their secure environments. It could activate every time it picks up speech then do a burst transmission at certain intervals. Maybe it only does that if you mention certain key words but maybe the phone does not have that capability with only the second battery running. Usually that analysis usually takes place in the basement of Fort Meade.

I would not be surprised in the slightest if there was a big black screen system with a map inside the NSA with coloured dots all over it. The green dots would be the people with their cellphones turned on and transmitting audio and GPS coordinates back to NSA. Then the orange dots would be people in "flight mode" or who have turned their phone "off", but their phone is still communicating with the tower. Then blinking orange dots for people who have turned their phone off and removed their SIM card, but their phone is still trackable by the unique IMEI on their device. Then red dots for people who have turned their phone off and removed the main battery. Highly suspicious behaviour obviously. A Reaper or StingRay would then be dispatched to the red dot's location.

How would you potentially stop surveillance from our mobile phone even with the battery removed?

  • Open the phone and remove the secondary battery. This may be difficult if the battery is hardwired to the circuitry and could damage the phone. This will definitely void the warranty as well.
  • Use a Faraday cage for when you want to go 'off the grid'. Some retailers are selling this as a small pouch or bag you can put your phone in. The effectiveness of this has not been tested.
  • Do not take your cellphone to places where you do not want to be found.
  • Destroy your cellphone and get a fully open source WiFi only device (if such a thing exists). Only turn on the WiFi when you want to connect to something. This means no closed source secondary operating system running the closed baseband processor, no GPS and no cell tower connection. You could connect out through various WiFi hotspots using a VPN or Mesh networks instead.

As Brill would say, "The more technology you use, the easier it is for them to track you."

Community
  • 1
zxnmqwop
  • 430
  • 3
  • 3
  • 2
    Putting a phone in a freezer is a terrible idea, for two reasons - 1) If there's excess humidity, the device may receive water/liquid damage (or the condensation accumulated upon removing it) and 2) excessively cold temperatures damage electronics and batteries - my phone complained about the winter where I currently live. Buy a surplus ammo container instead. I find it implausible that a simple timekeeping battery would have the power to transmit anything, much less usual distances. Turn the microphone on, maybe. Some people also buy additional batteries, which would give false positives. – Clockwork-Muse Aug 15 '14 at 08:22
  • @Clockwork-Muse - a plastic bag + a gently warm-up solves the humidity issue, and the battery-destroying properties sound like a good way to "disable" the secondary battery without removing it (likely without even voiding the warranty) – user2813274 Aug 16 '14 at 14:20
  • @Clockwork-Muse, like I said, it does not seem that implausible if they use a quick burst transmission, or the device is kept in a very low power state waiting on a special command from the cell tower. Either that or a Reaper/StingRay needs to be in the area to boost/pick up the signal. Do not discount advances in battery technology (as linked above). Also do not discount coercion from NSA (using an [NSL](https://en.wikipedia.org/wiki/National_security_letter)) to force mobile phone manufacturers to implement certain types of (more powerful) secondary batteries in every phone. – zxnmqwop Aug 21 '14 at 05:21
  • 3
    It's funny to me how these measures and countermeasures undoubtedly seem over-the-top to many. But they are very simple to both understand and implement. So are they really doing this? Of course they are! They'd have to be idiots *not* to! – Tom Russell May 23 '18 at 23:06
  • I'm not sure about the quality of the source but this article states exactly what is written in this answer...https://www.bgr.in/news/google-can-track-you-even-when-your-phone-battery-dies-report/ – CuriousIndeed Aug 23 '19 at 13:41
  • 1
    But with a right level of paranoia, if someone really manufactured a phone with a hidden second battery (why else would it be hidden if it wasn't a secret feature), then they could actively counter these detection methods, and pretend as if they didn't have that secret battery. If they put it in for some nefarious purposes, they could be intentionally lying about the time, to fool you. (I'm not saying I hold it likely, just saying that *if* there really was such a clandestine battery, the methods with the timekeeping wouldn't be enough to decide) – vsz May 06 '20 at 20:47
10

You must define "transmitting". There are two categories; active and passive. Active transmissions require relatively large amounts of power to actually send out data whereas passive transmissions require little to no added power and could represent a NFC transmission such as an RFID chip being read by a scanner.

There are also some theoretical transmissions types. One is listed here.

While most electronic devices do have some internal power sources (small batteries, capacitors, etc) other than the main battery, these sources are very limited in their uses and generally are only there to preserve vital data while transitioning to a long term 'power off' state. While these power soruces could technically and theoretically be exploited to send a few transmissions, this would require great skill and very customized work.

Also note that an attacker could potentially charge/power a device with static electricity and thus without it powered on or a battery even there. Here's an article.

You may be interested in this question as it deals a little bit with powering on unpowered devices.

So to answer your question, yes, but it is unlikely as it greatly relies on how the device and attack/vulnerability is set up.

Also, IMHO, this seems more like a physics question and less of a security question...

Community
  • 1
Matthew Peters
  • 3,592
  • 4
  • 21
  • 39
2

No, even with any internal capacitors or small secondary batteries, there isn't enough power to get off even a small amount of transmission. Transmission simply requires too much power, even for relatively short range given the type of transmitter in the phone.

It would be possible to design a system where the phone could receive a command to do something later if you were to use some type of transistor radio powered off the radio wave itself, but it would require a specialized device with specialized circuity to do this. (I suppose technically such a system could also have a specialized local low-power transmitter, such as NFC tag mode (not the phone mode that is normally supported by newer smartphones), but it wouldn't be communicating on the cell network then.)

So no, realistically this isn't possible unless you are given a specialized phone with hidden hardware in it to either provide large amounts of power or to allow specialized transmission, both of which would be easily identifiable from looking at the insides of the phone.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
  • 2
    Clearly you're not being paranoid enough for this kind of question. What if there's **another battery**? You won't survive long in this spy vs spy industry unless you can think outside the... er... battery compartment. – tylerl Aug 14 '14 at 16:24
2

There are unpowered transmitters (or rather powered by the receiver), such as NFC and RFID tags, and with enough specialized hardware, it may be possible to read/send a very small amount of information (and repeat for a very low bandwidth communication), but these would be extremely limited without a battery or capacitor (note: while most capacitors do have a safety discharge circuit, not all do, and some are known to hold their charge a long period of time)

that said, physical location would be relatively easy to establish via triangulation with a couple high-powered receivers within range (~50 feet max?)

user2813274
  • 2,051
  • 2
  • 13
  • 18
0

No. The radio(s) require power. Without radio(s) there is no transmitting. While it is quite possible for silicon circuitry to maintain state in the condition described they cannot transmit.

zedman9991
  • 3,377
  • 15
  • 22