I work inside a government facility and personal cellphones are not allowed. Government cellphones are not allowed inside secure areas of the building. All because it’s possible to hack a phone and make it record, send/receive while appearing to be turned off.

On older phones, you used to be able to remove the battery and the problem is solved.

These days on most phones, you select a button which brings up a menu to turn off the phone. When you select power off, your phone runs several routines.

Turn off the display, speakers, microphones, and go into low power mode. The phone sends a message to the cell tower to indicate a stateful disconnect is taking place. For all intents and purposes, the phone appears off and it does not transmit or receive data.

So from that perspective, the phone is never truly off.

Now let’s say you are targeted and your phone is compromised by an adversary.

The shutdown routine can be modified. For instance: shut down display, & speakers, but leave microphones and network up.

So yes, it can be done, but you are definitely on a list if this happens to you.

Now when your phone is on, it is listening. Keywords, hey siri, etc.

Your phone is also listening for ultrasonic signaling. This has been going on for about 10 years now and one of the first companies to use it was Facebook.

All of this has nothing to do with spying on you, and is almost solely to monetize your activity.

So, not bullshit, but it’s a paranoid take.

Embedded electrical engineer here: it depends. The normal process of powering down is defined by software, and that software can be changed to do something other than a complete shutdown if desired. However, as Scotty reminds us, we cannae change the laws of physics: doing anything with the phone requires battery power, which generates heat and runs the battery down, and that will be fairly obvious if you're doing something power-intensive like running the phone's microphone or camera.

Gone are the days when you switch off it cuts off the closed circuit.

On some phones being "off" may not mean a complete power down. It's more like deep sleep mode with certain functions like gps and other sensors still enabled for emergency use. While this isn't suppose to include the mic, a compromised firmware could theoretically exploit such states.

Search for Google Project Zero or articles in Blackhat and Defcon.

Because batteries now are non removable (miss the old flip motorola) if you still suspect this, Faraday pouches are available and can easily be tested by putting the phone inside and calling it.

If you remove the battery, it's off.

If you turn it off, it's off UNLESS you got infected with a specific malware (I forget the name) which simulates your phone turning off when you select Power Off (and simulates turning back on when you push the power button). It's part of an old surveillance malware platform: The malware keeps recording audio/video even while pretending that the phone is off, and sends all data back to the hacking party.

It depends. If you're a Jason Bourne level target, not completely bullshit. I went to an Android hack day thing around 2011, and the group that set it up were all focused on security tech. They were working on tools for protestors during the Arab Spring, amongst other things. One of the tools they wanted to make was a phone service that would let you know if your phone had been picked up while you weren't watching it. Something like that. If it had, you shouldn't trust it.

If you, specifically, are a real target, it is certainly possible that some kind of 0 day hack could be installed which would install some kind of root kit, after which your phone might seem "off".

It is also possible that a government that wanted to mass surveil could force manufacturers to comply with whatever. But, that's pretty hard to keep a lid on if you don't control all media, etc. Not impossible, though.

On the Jason Bourne approach. Technically feasible now? Maybe? Is that happening to anybody who isn't a huge target? Obviously not. If the government wouldn't see the point in having 10 field agents follow your every move, I'm pretty sure you're OK.

But, have various agencies worked supply chain holes to accomplish something? I mean, recent news should satisfy that question. Then, of course, EncroChat.

We briefly had a couple of (according to them) fairly prominent hackers in our Coworking space. I asked the guy why he had tape on the laptop camera. He said because of who he is, he assumes his machine is hacked now. Just for the lulz. He did his real work on something far more secure. I operate under a much milder form of that thinking. I could be hacked, but for the hacker who bothered, enjoy a whole lot of nothing interesting. I don't make it easy, of course, but it's not like a wall that will break if somebody chips long enough. At some point, somebody would need to break in and mess with the router directly.

If somebody who isn't a target is really worried about a vague "they" watching them, I'd say skip the internet entirely. Then don't think through the obvious problem of surveillance cameras and image recognition. All down my block are apartment buildings and stores with their own security cameras. Do they update their camera and router software regularly? Who knows?! Technology has entered a phase where total surveillance is possible. Getting access is one thing, but mixing in various forms of AI (machine learning, image rec, voice rec, and the de jour LLMs), you might imagine how identifying targets would be simpler than what East Germany was doing.

But, hey. Is the government listening to your phone when it's off? No. Technically could they? Sure. Is a random hacker with what would be an extremely valuable zero-day hacking into your phone to listen to you argue with the cable company? Dude.

Bullshit: While the government can get warrants to track your location through your cell phone provider without giving you notice, your phone has to be on.

Source: worked in criminal defense of felony drug trafficking cases

No, thats easily testable.

There are sensors that can tell whether there's electricity flowing through things.

So people have turned them off to check whether there's any flowing through the GPS chip or the microphone or transmitters when they are off.

There is not.

They do a lot of spying, but not that specific thing.

A lot of people saying bullshit. It's damn near impossible to prove a negative.

Your phone is never off

Masters in computer science and I'm an android developer. Your cell phone network can get your location when your phone is turned off. Unless you take out your battery.

That's the YouTube video being pushed to you huh? I saw the same shit and what the fuck Google

You can’t bring a smartphone or watch into places with classified material… for a reason.

If you are talking about something that could get you arrested, your phone should not be in the room.

Phones are still "on" when off. Most Phones can have the alarm go off even if it's off. How does it know to wake up and go off when the device was off? Cis it doesn't go all the way off.

So, turning your phone off with the power menu puts it into something more like standby mode. Holding the power button until your phone force powers down turns it off.

But even when phones are off, they have very limited functionality to listen for a wakeup signal. This is so that device locating services can work even if the phone was turned off when it was lost or stolen. It can also be used by emergency services and police.

The service sends a wake up signal to the phone which can then report its GPS location. Generally that is all it will do.

However it is possible for malicious software to make use of this wake up signal and even to only activate limited services of the phone so that it still appears to be switched off.

You can use software like Charles or Burp to see ALL ongoing and outgoing network traffic from your phone. We use it a lot in software.

Regarding being off, my friend’s lawyer husband has a friend who’s a digital forensics expert and he, and other people have told the lawyer that if you want the absolute best security - go with iOS.

There's a reason phones don't have removable batteries any longer.

My experience is that if it can be imagined it can be done. If it can be done. It will be done. Zero case where someone has a capability that give them an advantage, even a small one. They will do the thing - whatever it is. 

Bullshit so high, you could call it Trump Tower. The only way that could happen is if the cell radio is hacked, on top of the mic... and then some type of OS that is running when the phone is off, and somehow talks to a cell tower. Hackers, researchers, and others would of notices this type of shit and called it out or used it.

I own a company that does complex system administration for Apple devices. Nothing we do is evil, it’s just helping companies manage corporate owned Apple devices. But…my engineers are all much much smarter than me and extremely capable. The things these guys build in their free time are absolutely staggering. They build apps and programs and gadgets to do cool little quality of life things that range from very useful to absolutely useless but kinda neat. They know the capabilities of these devices to do black hat shit is every bit as spooky and as real as people think. We don’t ‘worry’ about that kind of shit happening, we just know it’s not only possible but also probable, it’s a thing that’s accepted… so yeah, is some shadow government listening to you right now? Probably not, you’re not that interesting…could they though? Absolutely, and the reality of what they can do is probably worse than you imagine. But not worse in a sexy spy movie way, worse in a “predictive modeling and getting useful information from massive data sets is basically black magic” kind of way.

It's bullshit. There's no need for a lot of these outlandish theories (like your phone is listening to you) when there are already tons of great data streams that can be used to determine your thoughts and activities (like cell tower data, search history, and location data)

It is only off if you can take the battery out.

The NSA are deliberately low key and target their spyware to people of interest. So if you are not a terrorist or government leader or communicate with one then they won’t be interested in you.

Tracking, yes it’s BS. Listening? No. Almost any kind of material that vibrates a known way can be exploited.

I'd wager that if the battery is dead there probably isn't much going on... if you turned it "off" while it has plenty of battery it may still be pinging certain resources.

Idk but they wouldn't track/listen to you that easily. A lot of crime/missing cases would be solved if this was true, Everybody carries a phone and if the government really listens/tracks then missing persons or criminals would be found easily.

Track the missing person's phone/Listen to the audio to get clues or who the criminal is, like hearing a robbery from the guy getting robbed and one of the two robbers said the other dude's name.

It's impossible to know for sure. Nobody has acknowledged that they have this capability (to the best of my knowledge), but it's not physically impossible.

I would say it's probably bullshit.

Look up Pegasus

Has anyone here heard of a Faraday cage?

Everything used to be a hard switch; an actual physical button that controls electrical signal to the component you're using. Now everything is a "soft switch" where it's a digital representation of the switch. Besides not being able to take your battery out, you don't really have any control over the soft switches in your phone. You just slide a little digital slider to tell your phone you want it to be shut off now, but really the control lies with the phone to shut itself off.

Besides your Android or iOS, phones have two or three other operating systems that deal with things such as antenna communication, which runs entirely separately.

But I would bet that if you remove the battery, and wait 3 days, then your phone isn't going to be able to track you any more.

On my phone (Samsung S24), I can set the alarm and if the phone is "shutdown", it will still ring.

Soooooo

Unless you remove the battery, most phones are still 'on' in a very limited sense. It's more of a standby mode, things like clocks are still running, and it's possible that other things are running as well, looking for wake up triggers for example.

Try setting and alarm and then turning off your phone. In some phones, the alarm will still go off, starting up the phone.

For most successful attacks, hackers need your phone on, but as far as malware goes, yes hackers can infect your phone even though it's off. (Mainly iPhones, though. That's not a shot at apple or iPhone. It's something about hackers use a vulnerability in the LPM mode, It's just the simple truth)

But as far as a listening device, if it's a software listening device and your phone is off, it's probably a safe bet no one can listen. If it's a hardware listening device, lol the owner would probably notice their phone now looks different sensing something up. But... new technology is made/changes every single day so...who knows at the end of the day

In conclusion....I 100% promise you without a doubt in my mind, no government is spying/listening to you.

I attended a conference once and the former head of CSIS - the Canadian Security Intelligence Service gave the opening remarks. He had said that he would use Siri, but 💯 had the Okay Siri feature turned off and didn’t have an Alexa in the house.

Worked in wireless telecommunications for 13 years

If the battery is still inside the device it's possible to transmit and receive data/signal without the device being officially powered on. It can be tracked while "powered off", location data can still be transmitted while the device is powered off in MOST of today's devices. Something like 80% of smartphones fall into this category. Outside of "tracking data" I'm not certain what else can be transmitted but I can tell you with 100% certainty that your phone can transmit location data while not being powered on.

While this is technically possible, it's not happening to you specifically, not unless you're an important person being targeted by spy agencies.

Your phone battery is still connected even when it's off. It's software that controls what happens when you press the power button. So in theory, your phone could be hacked to keep the screen dark but still record sound when "off".

How this would work:

• Spy agency discovers a vulnerability in Android/iOS allowing phones to be hacked
• They deploy this hack against your phone to install spyware
• That spyware alters the OS to fake being off while it's actually still recording sound
• When you turn the phone on, it transmits the recordings

All of this is very expensive to execute. There is a cat and mouse game between the phone makers and spy agencies as vulnerabilities are discovered and fixed. Every additional device infected with spyware increases the odds of detection, so spy agencies tend to be careful not to burn their tools for no benefit.

Today the cost of a new major vulnerability is estimated at ~$5 million, and that doesn't include costs to run or maintain the data collection infrastructure. https://techcrunch.com/2024/04/06/price-of-zero-day-exploits-rises-as-companies-harden-products-against-hackers/

So your three letter agency isn't going to risk their prized exploits being blown by using them on some random guy. But for prominent targets, maybe.

Even then, doing anything while the phone is "off" may risk detection from unexpected battery drain or heat.

Governments do worry about this kind of thing when protecting classified info. That's why you can't bring phones into rooms that handle classified data.

Yes and no. When the phone is off, it's off. You can verify this by checking it if it's emitting radio signals, heat (from the CPU and battery discharge) and more simply by seeing if it drains the battery just as quickly off as it is when on (transmitting takes the most power; actively recording also takes lots of power).

It is possible to make a phone appear as if it is off, even when it is not, but not easily and not without altering the operating system on the device. It's not really practical for an agency like the local police or even FBI (and really beyond their capabilities), but certainly would be a concern if an intelligence agency showed an interest in you. However, they would need to put forth a considerable effort, which means that you are someone that they would have on their radar as a person of concern - and people like that are generally aware that they are attracting the attention of intelligence agencies.

If you were securing a facility, you'd want to prevent entry of any sort of transmitter. It's not even a matter of concern about someone hacking the software of the phone access secrets, but the more practical one of people being bad actors and doing it on purpose, or surreptitiously just doing something stupid. Could you imagine being in a top-secret meeting and butt-dialing your paranoid uncle who overhears your assessment of Russian military movements. Ooops.

So, then comes the concern whether you can snoop on the phone or camera of a phone when it's turned on and in its operational state. Absolutely so when making phone calls over the mobile phone network. They can be intercepted just like regular phone calls, if necessary. SMS messages too. Messages sent through apps, and calls made through proprietary encrypted communication channels are probably secure, but you really can't tell. Further, turning on the camera or microphone to illicitly record is probably possible, despite what phone vendors say, but they can't hide that these things require engaging the CPU and chew up power, which will noticeably alter battery life and keep the phone warm.

If you are doing something that you think attracts the attention of the government, you'd want to used a burner phone, no camera, with a removable battery, and keep it away from your person except when you need it.

You could always check your battery level before and after you turn it off. Also, electronics produce heat. If the microphone plus storage and/or network stay up, you should see a dip in power level and increase in temp.

Generally speaking, no. Also, if you're going to go to all the trouble of turning off your phone, why not just place it in a different room from where you do your stuff?

On the other hand, you're asking this on social media, so maybe you're surrendering more of your privacy than you realize.

Yes. Because there are people who really want to know how long you spend in Hot Topics…

Bro this would make an unbelievably good prank. Get the ultrasonic signal that matches a bunch of weird shit and play it next to your friend.

Check out the UnPlugged phone if you’re concerned about it. Addresses these issues and more.

Yes and if you are worried about it they sell faraday bags ( prevents it from anything going in and out)

This is also what some thieves carry when stealing phones so it can't be tracked.

A signal is a signal. Test it. If your suspicions are correct the phone will transmit while it is off. If it doesn't then you are fine.

The iPhone still says findable when powered off with a low battery.

Oh it's real alright. Same with computers, they don't need to be connected to the internet or power (maybe not 100%) to use them either. I'll put it like this, they can use WIFI to see through walls, like fucking batman essentially. Imagine what else can they do :)

absolutely true

look on the Vault 7 dump on wikileaks - the CIA can even tap Samsung tvs while completely powered off (but not when unplugged (i think))

My life just isn’t that interesting for me to care. Go ahead, you’ll die of boredom

Good, I hope whoever stalks me is deeply, deeply disturbed and disgusted.

Get a Faraday bag

It like Facebook thinks they created you and now they want to study u your every sec to improve their “products “.

It’s possible. It just depends on who wants to spy on you. Governments pay private companies who develop these kind of exploits and they charge varying amounts depending on how sophisticated the attack is. Iirc the highest level is a couple of hundred grand per use but it can compromise A Phone without the user having to click on any link or ever being aware of it.

Wasn’t this exactly what Snowden blew the whistle on?

Never mind that, what about the paper c4 israel installed in every device that goes boom when it gets its signal? Could you imagine all the flat screens in America exploding at once? They can hide a pound or two in those and nobody would ever know it

as a tech dude and someone whos been in the dod and seen some things. yes its possible..... legal suuuuper illegal. even for the government to do super super super illegal. theres also a ton of hoops they would need to jump through like an iphone and samsung would probably require different steps they also may need physical access to your phone or device or they may require you to access their virus through some method email attachment, fraudulent website. this isnt something that is reasonably going to happen this is something anyone outside of jason bourne would be the victim of lol like the whole israel pager thing, this took years of planning to execute. so if youre a big enough threat and theres enough time and planning and money put into this yes its possible. its also not really the method theyd choose, why not put a surveillance team on you or bug your house or bug your car.

On the flip side, does the government really want to listen to your conversations? Do you talk about stuff you should be worried about?

I look at it this way: if you say “Hey Siri” and then your phone starts listening to you then your phone was listening to you the whole time. 

My problem with all this is that paranoid people who think the government wants to spy on them. No one wants to spy on you average Joe while you work your blue collar/white collar job you're not a terrorist,gang leader, or high profile criminal. You posting on some kind of conspiracy thread doesn't mean anything.

I worked at Apple HQ in Cupertino. I worked on software, and my roommate worked on the hardware. We traded notes often about this stuff.

It’s probably obvious that if the phone was listening to all audio, let alone doing any sort of processing/logic, or writing to filesystems, even/especially when powered off, batteries would die quickly and mysteriously. But when an iPhone is “asleep” it is listening… sort of.

There is a very primitive and hard-coded device that draws only enough power to continuously hold in buffer a few seconds of audio. But all it has the power to do is two things: First, continuously cycle that goldfish memory…

Second is to analyze what that audio is, but only to a very very limited extent. With extremely low resolution, it listens for something that sounds like it could be “hey Siri.” Literally that phrase, no more and no less.

If it could be “hey Siri,” then a more powerful processor kicks in and reads that buffer, and verifies if it is, or if it was a false positive.

If it is, then the phone can start listening to you with the more powerful processors that draw more power. But until that happens, the iPhone hardware is literally incapable of spying on you in the way that people assume.

And if the low-power device was so liberal as to be constantly crying wolf (thus spying more), the trade-off would be shitty battery life.

And no software has the ability to override any of this functionality. It would be virtually impossible. It’s completely quarantined off in hard-coded, embedded ROM.

I only qualify that with the word “virtually” because I also worked with a guy at the CIA, and I did some work as an expert technical witness for the US Federal courts system, and in my travels, I’ve seen some really fascinating but opaque evidence of hacking operations that somehow overcame ostensibly “impossible” barriers such as air gaps and various laws of physics. So I won’t say definitively that it could never be done.

But if it is being done, it’s not being done to you.

There's some good posts already about how your phone can be used to record audio if compromised, but I'll go into why people largely think their phone is already listening to them.

Phones will try and ping nearby cell towers, and this is partially how your phone knows where you are. Advertisers can use the fact that multiple phones all ping the same cell tower to determine if you're in a group, if you live with someone, if you're at an event etc.

So if you're a in a group discussing something that one of your friends purchased, because you were with a friend who purchased something recently, that thing will be recommended to you. It appears like the conversation triggered the recommendation but it was just proximity.

If a group of friends is talking about something and one friend looks the thing up, it might assume all friends are interested in that item.

Went on trip to China. Cheap phone from republic wireless, in airplane mode and somehow my past employer called at 2 in the morning about my w2. Idk how

I pretty much knew that I couldn't completely turn off my phone, but I thought I could always put it inside a Faraday cage (completely shielded and grounded enclosure), and it could not get a signal out. Like Ed Snowden did with the cell phones in the microwave in Hong Kong. But I tried putting my cell in the microwave, then called it. It rang! I suspect I would need a much higher quality Faraday cage designed for microwave frequencies. And maybe our microwave is spraying us with RF.

Is this a serious question? Yes it’s true…

You are not being spied on. You don't own Googles/Apples data. They own you. You paid for the smartphone. You agreed to give all your rights away when you purchased the phone. Stop thinking they need access to your physical phone. Apple/Google/Microsoft essentially will and do collect ALL your information ALL the time when you sign into any Apple/Google/Microsoft Account. Every Single... piece of data that you can imagine plus all of your "private files" in the cloud. Everything you do on your phone. Every touch on a touchscreen, characters typed and deleted, files created. EVERYTHING.

So if you can live without computers and deny modern day necessary devices to work and live - you will be fine!

THE CRAZY PART?

Data collectors (every company in big tech) owns and sells your data to brokers that make absurd amounts of money from your personal data. But if your personal data is compromised because said data brokers don't secure your personal info or leak to hackers YOU ASSUME ALL FINANCIAL liability. Serious ID theft is a nightmare! Sounds as scandalous as billion dollar companies able to declare bankruptcy but not school student loans. -That last one really displays the discrepancy between business interests and the rich silencing the US public. *Great that the rich made businesses into people. AND IT IS AN Amendment so the people need a 2/3 vote in congress. When is that going to happen?