With any new technology, innovators are always trying to dream up new ways to apply it for different purposes. One application I’ve been asked about a number of times relates to capturing the phone numbers of anyone passing within range - without the owners being aware of it. Is this possible, what are the implications and do other technologies offer an alternative?
One scenario being considered involves retailers or other businesses wanting to find out the details of their visitors so they can follow up with text messages or other marketing communications. These may be to existing customers where the retailer already has their contact details and would provide greater knowledge of time and duration of visits.
This tactic isn't new for some - for example, customer behaviour is already commonly tracked today by large retailers using loyalty cards, and potentially could be derived where credit cards are used for most transactions.
And of course there may be more malicious or unscrupulous reasons for such activities which don’t bear consideration here.
Why femtocells wouldn’t be used for this purpose
Here are a few reasons I can think of:
1: Your mobile phone number isn’t transmitted to the femtocell. All communications between your phone and the mobile network uses the IMSI (International Mobile Subscribers Identification), which is the unique number of your SIM card. Only your mobile operator will be able to match this with a specific telephone number (this is held in the HLR – Home Location Register – a big online database in the core of the network).
2: Femtocells are limited to a single network operator. Since visitors are likely to be distributed across all the national operators (and perhaps some from abroad), you would need to install a stack of femtocells, one from each of the networks.
3: Many short visits would be missed. It may take a few minutes for mobile phones entering an area covered by a femtocell to locate it and switch to use it. For transient passers-by, they may have come and gone without registering.
4: Most data is encrypted. 3G uses a secure connection between the mobile device and the core network. Anything your femtocell doesn’t need to know (such as the number you are calling, Caller ID for incoming calls etc) won’t be visible to it.
Other ways to snoop on mobile phones
Other technologies also present on your mobile device also have some limitations:
Bluetooth could be detected from those phones which have it switched on. This doesn’t identify the user although each phone does have a unique id. It can (and has) been used to track movement of unknown people around urban areas, but is entirely anonymous.
Wi-Fi can also be used to record which users are accessing each hotspot. This is less of a problem at home or in the office where the WiFi connection is secured – avoiding both the chance of eavesdroppers snooping on your connection and your device connecting to the wrong hotspot.
But Wi-Fi is commonly used for public hotspots (e.g. at hotels) with unencrypted connections. The MAC address (a unique identifier for the device) can be tracked against any user registration, and your activity monitored. For example, the websites you visit could be recorded and pages viewed. Use of such hotspots normally requires the user to accept the connection, even when it's free, so it's unlikely to happen in transient situations like visiting a shop.
Any secure websites visited (i.e. where the padlock shows) would be encrypted within your device and invisible to any such snooping attacks. Likewise, Skype calls and Blackberry email are also hidden. For those using UMA (the dual-mode WiFi/mobile system popular with T-Mobile US and Orange France), everything is encrypted on the handset and is therefore also secure.
But for those using smartphones or featuresphones, a more common risk might be theft of your email address and password which are often not encrypted during its travel from your phone to your email server. Many (but not all) email providers offer secure SSL connections, and these are easily overlooked or omitted when configuring email clients.
Some further information about this risk can be found in this security briefing – especially the bit about using an email program through a public WiFi hotspot. For example, if your iPhone is set to connect to any WiFi hotspot and check your email regularly, every time it does so it could send or receive emails “in the clear” including all your email accounts and passwords.
There are some programs out there already which can run on a standard laptop that performs this snooping, without any direct interference or visibility of such an attack. Such programs don't exist for mobile phone networks (to my knowledge), which have many levels of security protection built in.
Sorry – femtocells can’t capture your phone number
So regrettably for those wanting to snoop on you, I don’t see femtocells as an easy answer at this stage. WiFi is more of a risk today for certain types of activity. Where WiFi is secured, for example when using UMA with a dual-mode GSM/WiFi phone or when connected through secure SSL connections, then this shouldn't be a problem. However, femtocells offer a much more secure, easy to use and straightforward approach that open/public WiFi today.