|
Hey folks,
I've bought a TinySA a while ago for some other project, but something
has cropped up that? makes me wonder if it can help here. I'm not an RF
professional, I know enough to know I don't know anything.
A good friend is going through a breakup, and there's credible evedince
their evicted ex has been spying on them. We did find a hidden
smartphone running a baby monitor app already. Wifi/Network are changed,
so any devices relying on that (e.g. ESP32-equipped power bars) are
eliminated.
However we have reason to suspect there's a cellphone hidden in or the
vicinity of the bedroom. My current approach is to inspect the power
outlets one by one to see if a power supply has been connected and the
setup stowed away behind some paneling.
I wonder if there's a way to use the TinySA to home in on such a device
as well. I've done some limited resarch into it, and found e.g. videos
of people using a HackRF to decode some cellular traffic between the
base station and their smartphone. These were quite sophisticated,
seemed to rely both on a lot of protocol knowledge (I don't have) and
even prior information from the smartphone itself about used
channels/modulations, that for obvious reasons also are unknown. I don't
even know which kind of technology is being used. 3G, 4G are most
likely, but these to my knowledge are umbrella-terms that cover a broad
range of frequencies and modulations and other protocol details. So I'm
just overwhelmed where to start.
If somebody has some idea if the TinySA can be used to at least detect
the presence if not precise location of a cell phone so we can be sure
that we have to rip half the room apart, that would be splendid. I know
it's a moonshot and if it is just not working that way, then I'll accept
that as well.
Thanks for your consideration, and I'll be back in the future with my
actual purpose I bought the little bugger for.
Cheers,
Diez
|
Diez,
The problem you have is that a mobile phone will be in 'sleep' mode for the duration of the time, it will 'wake' up and transmit to the base station to make sure its not moved and then will go back to 'sleep'. The only time you would be able to direction find
the phone is when its in a call, you would also then need to know what it is transmitting on (2 / 3 / 4G or 5G-NSA) and then look at the uplinks for those bands. Even with a phone in a call, if it is using 3, 4 or 5G-NSA it will use minimum power to transmit,
so looking on the TinySA you may see a large signal transmitting in the uplink of the band but it may not be the phone / device you are looking for. The best way to find a device would be to use an inhibitor in the suspected room, with the TinySA looking at
the full spectrum, when you then turn off the inhibitor, all cellular devices will then try and connect to the mobile network, you may see it then.
Cellular detection is a nightmare without the right equipment.?
Kind Regards,
Lee Johns
Lee Johns
Search Training Consultant
toggle quoted message
Show quoted text
Hey folks,
I've bought a TinySA a while ago for some other project, but something
has cropped up that? makes me wonder if it can help here. I'm not an RF
professional, I know enough to know I don't know anything.
A good friend is going through a breakup, and there's credible evedince
their evicted ex has been spying on them. We did find a hidden
smartphone running a baby monitor app already. Wifi/Network are changed,
so any devices relying on that (e.g. ESP32-equipped power bars) are
eliminated.
However we have reason to suspect there's a cellphone hidden in or the
vicinity of the bedroom. My current approach is to inspect the power
outlets one by one to see if a power supply has been connected and the
setup stowed away behind some paneling.
I wonder if there's a way to use the TinySA to home in on such a device
as well. I've done some limited resarch into it, and found e.g. videos
of people using a HackRF to decode some cellular traffic between the
base station and their smartphone. These were quite sophisticated,
seemed to rely both on a lot of protocol knowledge (I don't have) and
even prior information from the smartphone itself about used
channels/modulations, that for obvious reasons also are unknown. I don't
even know which kind of technology is being used. 3G, 4G are most
likely, but these to my knowledge are umbrella-terms that cover a broad
range of frequencies and modulations and other protocol details. So I'm
just overwhelmed where to start.
If somebody has some idea if the TinySA can be used to at least detect
the presence if not precise location of a cell phone so we can be sure
that we have to rip half the room apart, that would be splendid. I know
it's a moonshot and if it is just not working that way, then I'll accept
that as well.
Thanks for your consideration, and I'll be back in the future with my
actual purpose I bought the little bugger for.
Cheers,
Diez
|
Hi Lee,
In common terms would your "inhibitor" also be called a "jammer?
Mike C. Sand Mtn GA
On 1/25/2025 8:28 AM, Lee Johns via
groups.io wrote:
toggle quoted message
Show quoted text
Diez,
The problem you have is that a mobile phone will be in 'sleep'
mode for the duration of the time, it will 'wake' up and
transmit to the base station to make sure its not moved and then
will go back to 'sleep'. The only time you would be able to
direction find the phone is when its in a call, you would also
then need to know what it is transmitting on (2 / 3 / 4G or
5G-NSA) and then look at the uplinks for those bands. Even with
a phone in a call, if it is using 3, 4 or 5G-NSA it will use
minimum power to transmit, so looking on the TinySA you may see
a large signal transmitting in the uplink of the band but it may
not be the phone / device you are looking for. The best way to
find a device would be to use an inhibitor in the suspected
room, with the TinySA looking at the full spectrum, when you
then turn off the inhibitor, all cellular devices will then try
and connect to the mobile network, you may see it then.
Cellular detection is a nightmare without the right equipment.?
Kind Regards,
Lee Johns
Lee Johns
Search Training Consultant
Hey folks,
I've bought a TinySA a while ago for some other project,
but something
has cropped up that? makes me wonder if it can help here.
I'm not an RF
professional, I know enough to know I don't know anything.
A good friend is going through a breakup, and there's
credible evedince
their evicted ex has been spying on them. We did find a
hidden
smartphone running a baby monitor app already.
Wifi/Network are changed,
so any devices relying on that (e.g. ESP32-equipped power
bars) are
eliminated.
However we have reason to suspect there's a cellphone
hidden in or the
vicinity of the bedroom. My current approach is to inspect
the power
outlets one by one to see if a power supply has been
connected and the
setup stowed away behind some paneling.
I wonder if there's a way to use the TinySA to home in on
such a device
as well. I've done some limited resarch into it, and found
e.g. videos
of people using a HackRF to decode some cellular traffic
between the
base station and their smartphone. These were quite
sophisticated,
seemed to rely both on a lot of protocol knowledge (I
don't have) and
even prior information from the smartphone itself about
used
channels/modulations, that for obvious reasons also are
unknown. I don't
even know which kind of technology is being used. 3G, 4G
are most
likely, but these to my knowledge are umbrella-terms that
cover a broad
range of frequencies and modulations and other protocol
details. So I'm
just overwhelmed where to start.
If somebody has some idea if the TinySA can be used to at
least detect
the presence if not precise location of a cell phone so we
can be sure
that we have to rip half the room apart, that would be
splendid. I know
it's a moonshot and if it is just not working that way,
then I'll accept
that as well.
Thanks for your consideration, and I'll be back in the
future with my
actual purpose I bought the little bugger for.
Cheers,
Diez
|
How does a smartphone app work in a baby monitor mode? Baby monitor's are continually transmitting and I doubt this would be done over a cellphone call. Does it transmit over wi-fi and if so what is the destination receiver? Mike N2MS ------------------------------
From: [email protected] <[email protected]> on behalf of Diez B. Roggisch via groups.io <deets@...>
Sent: 25 January 2025 11:21
To: [email protected] <[email protected]>
Subject: [tinysa] Scanning for unknown mobile phone
Hey folks,
I've bought a TinySA a while ago for some other project, but something
has cropped up that makes me wonder if it can help here. I'm not an RF
professional, I know enough to know I don't know anything.
A good friend is going through a breakup, and there's credible evedince
their evicted ex has been spying on them. We did find a hidden
smartphone running a baby monitor app already. Wifi/Network are changed,
so any devices relying on that (e.g. ESP32-equipped power bars) are
eliminated.
<snip>
Cheers,
Diez
|
Thanks Lee,
this sounds all very reasonable. I assume it has some data link but don’t know if it is for example level triggered to dial in, or compressed and uploads on demand or daily etc.
But all of this together with your great explanations makes it clear I’ll not follow that route.?
Thanks,
Diez? Mobile Mail. Excuse brevity.?
toggle quoted message
Show quoted text
Am 25.01.2025 um 15:25 schrieb Lee Johns via groups.io <johns643@...>:
?
Diez,
The problem you have is that a mobile phone will be in 'sleep' mode for the duration of the time, it will 'wake' up and transmit to the base station to make sure its not moved and then will go back to 'sleep'. The only time you would be able to direction find
the phone is when its in a call, you would also then need to know what it is transmitting on (2 / 3 / 4G or 5G-NSA) and then look at the uplinks for those bands. Even with a phone in a call, if it is using 3, 4 or 5G-NSA it will use minimum power to transmit,
so looking on the TinySA you may see a large signal transmitting in the uplink of the band but it may not be the phone / device you are looking for. The best way to find a device would be to use an inhibitor in the suspected room, with the TinySA looking at
the full spectrum, when you then turn off the inhibitor, all cellular devices will then try and connect to the mobile network, you may see it then.
Cellular detection is a nightmare without the right equipment.?
Kind Regards,
Lee Johns
Lee Johns
Search Training Consultant
Hey folks,
I've bought a TinySA a while ago for some other project, but something
has cropped up that? makes me wonder if it can help here. I'm not an RF
professional, I know enough to know I don't know anything.
A good friend is going through a breakup, and there's credible evedince
their evicted ex has been spying on them. We did find a hidden
smartphone running a baby monitor app already. Wifi/Network are changed,
so any devices relying on that (e.g. ESP32-equipped power bars) are
eliminated.
However we have reason to suspect there's a cellphone hidden in or the
vicinity of the bedroom. My current approach is to inspect the power
outlets one by one to see if a power supply has been connected and the
setup stowed away behind some paneling.
I wonder if there's a way to use the TinySA to home in on such a device
as well. I've done some limited resarch into it, and found e.g. videos
of people using a HackRF to decode some cellular traffic between the
base station and their smartphone. These were quite sophisticated,
seemed to rely both on a lot of protocol knowledge (I don't have) and
even prior information from the smartphone itself about used
channels/modulations, that for obvious reasons also are unknown. I don't
even know which kind of technology is being used. 3G, 4G are most
likely, but these to my knowledge are umbrella-terms that cover a broad
range of frequencies and modulations and other protocol details. So I'm
just overwhelmed where to start.
If somebody has some idea if the TinySA can be used to at least detect
the presence if not precise location of a cell phone so we can be sure
that we have to rip half the room apart, that would be splendid. I know
it's a moonshot and if it is just not working that way, then I'll accept
that as well.
Thanks for your consideration, and I'll be back in the future with my
actual purpose I bought the little bugger for.
Cheers,
Diez
|
Check for Smart outlets, like the USB versions and replace with standard or Bix box versions, check attic or crawl space. A stung gun on the walls will EMP any device into downfall. Check under all cabinets including up under sink cavities. Dont remove anything and call authorities. Divorce case solved but perp ends up in jail and you get no payments.
|
Keep use of the SA here, of course, but I suggest leaving discussion of
countermeasures, legal implications, and what appears to be "jailhouse
lawyering", for other forums.
DISCLAIMER: I'm not a lawyer, I don't play one on TV, I don't even own a
briefcase, but I'm married to an attorney and I know her response to the
discussion.
Rick
KC3DOO
|
Having once been on the periphery of various TSCM sweeps, I'd say that modern devices are becoming increasingly hard to detect, especially with domestic grade equipment.
?
Most of the time, a physical examination will locate more suspect devices than electronic means, but it is VERY time-consuming, and costly if you get a professional to do it for you, but even then you can't be 100% certain you are in the clear, as so many companies outsource the work, and you never know how competent the technician may be.
?
Devices used at a corporate / government level are even harder to find, and 20 odd years ago they were already incredibly sophisticated, so goodness knows how much more advanced modern day devices are likely to be.
?
However, it still remains a lot easier to obtain information by other means, particularly though various forms of social engineering.
?
Regards,
?
Martin
|
Bravo Martin. ?
After 13 years of locating clandestine communications equipment, I realized not every scenario required state of the art equipment and knowledge.? I had a friend in a similar situation that called on me and I showed up with a Walabot wall scanner. ?30 minutes later, I located the implanted listening device in the wall near a suspect looking outlet and removed it.? The individual who allegedly put it there was never charged - we have to look at all option - even the simple and obvious ones. ?
On Sat, Jan 25, 2025 at 2:41?PM Martin via <martin_ehrenfried= [email protected]> wrote: Having once been on the periphery of various TSCM sweeps, I'd say that modern devices are becoming increasingly hard to detect, especially with domestic grade equipment.
?
Most of the time, a physical examination will locate more suspect devices than electronic means, but it is VERY time-consuming, and costly if you get a professional to do it for you, but even then you can't be 100% certain you are in the clear, as so many companies outsource the work, and you never know how competent the technician may be.
?
Devices used at a corporate / government level are even harder to find, and 20 odd years ago they were already incredibly sophisticated, so goodness knows how much more advanced modern day devices are likely to be.
?
However, it still remains a lot easier to obtain information by other means, particularly though various forms of social engineering.
?
Regards,
?
Martin
|
How does a smartphone app work in a baby monitor mode? Baby monitor's are continually transmitting and I doubt this would be done over a cellphone call. Does it transmit over wi-fi and if so what is the destination receiver?
I use a baby monitor app when I’m tuning my home antennas. The app is called Baby Monitor. It can use audio, video or both. I have the app on my iPhone and iPad. In the shack I put the iPad in baby mode and face the camera towards my Rig Expert antenna analyzer. I take my iPhone with me and tap parent mode and it connects to the iPad and I can adjust my antenna and watch the Rig Expert analyzer for proper tuning. Either device can be connected to a network via WiFi or the cellular network. My iPad is only WiFi but the phone obviously has both. There is just a little bit of lag so when you are adjusting the antenna you have to adjust and then wait a couple of seconds to see the change on the analyzer.?
I’ve never left the iPad on indefinitely and tried to connect so that could be something that happening with this guy.?
Curt
WU3U
?
|
Ha,
?
For that sort of scenario, I once made my own Nonlinear Junction Detector (NLJD), based on a pair of Motorola Analogue cellphones placed in "Engineering" mode by internally strapping the battery contacts, and connected to an external duplexing filter and log periodic antenna.
?
https://en.wikipedia.org/wiki/Nonlinear_junction_detector
?
It worked surprisingly well, but rusty metal conduit and similar items, embedded in walls, could often lead you astray.
?
Regards,
?
Martin
?
On Sun, Jan 26, 2025 at 06:21 AM, jamesarmstrong2071@... wrote:
I showed up with a Walabot wall scanner
|
Mike C.
Richard B. Emerson