Tech-savvy criminals try to evade being tracked by changing their cellphone's built-in ID code and by regularly dumping SIM cards. But engineers in Germany have discovered that the radio signal from every cellphone handset hides within it an unalterable digital fingerprint – potentially giving law enforcers a simple way of tracking the handset itself.
Developed by Jakob Hasse and colleagues at the Technical University of Dresden the tracking method exploits the tiny variations in the quality of the various electronic components inside a phone.
"The radio hardware in a cellphone consists of a collection of components like power amplifiers, oscillators and signal mixers that can all introduce radio signal inaccuracies," Hasse says. A phone's resistance, for instance, can vary between 0.1 and 20 per cent of its stated value depending on the quality of the component.
The upshot of these errors is that when analogue signals are converted into digital phone ones, the stream of data each phone broadcasts to the local mast contains error patterns that are unique to that phone's peculiar mix of components. In tests on 13 handsets in their lab, the Dresden team were able to identify the source handset with an accuracy of 97.6 per cent.
"Our method does not send anything to the mobile phones. It works completely passively and just listens to the ongoing transmissions of a mobile phone – it cannot be detected," Hasse says.
Their research, funded by the EU and the German government, was performed on 2G phones. But "defects are present in every radio device, so it should also be possible to do this with 3G and 4G phones," Hasse says.
The novel method is welcome but technically demanding, say forensics specialists.
"Serious criminals are extremely adept in using single-use phones and dumping SIM cards so new capabilities like this would certainly help law enforcement," says Nick Furneaux of forensics security company CSItech in Bristol, UK.
"Identifying a phone from its radio frequency fingerprint is certainly not far-fetched. It is similar to identifying a digital camera where the image metadata does not provide a serial number. From underlying imperfections in the lens, which are detectable in the image, the source camera can be identified," Furneaux says.
William Webb, CEO of the UK-based Weightless Special Interest Group , which is engineering ways to use unused TV frequencies for broadband transmission, says the method is plausible but boosting the handset recognition rate to 100 per cent will be the team's overarching challenge. "If they can't do this it could lead to hundreds of thousands of mis-tracked calls, privacy invasions and wrongly disconnected mobiles," he warns.