I hope to someday acquire this amount of focus and dedication.
If you want to help:
- I want to donate to the Ukrainian people in the most effective way but there are so many options. What is needed most and where? [1]
- 5 ways you can support Ukraine — even if your government doesn't want to [2]
- United Help Ukraine [3]
- Ukraine - Fact Sheet: How You Can Help [4] (Yes, even the god damn CIA cough I mean state department wants you to help)
- How You Can Help Ukraine [5]
- How you can help the people of Ukraine [6]
- Support Ukraine [7]
- How can I help Ukraine? [8]
- No child should face the war experience alone [9]
- Nova Ukraine [10]
- One in five children in Ukraine has lost a relative or friend since the escalation of war three years ago [11]
- UKRAINE HUMANITARIAN CRISIS: Help with critical aid — Give now [12]
- International Medical Corps Ukraine [13]
- Chefs for Ukraine [14]
- Doctors without Borders [15]
- International Rescue Committee [16]
- Greater Good Charities [17]
- Catholic Relief Services [18]
[1] https://www.reddit.com/r/ukraine/comments/1eqnmbf/i_want_to_... [2] https://kyivindependent.com/5-ways-you-can-support-ukraine-e... [3] https://unitedhelpukraine.org/ [4] https://travel.state.gov/content/travel/en/News/Intercountry... [5] https://www.huri.harvard.edu/how-you-can-help-ukraine [6] https://www.obama.org/stories/help-ukraine/ [7] https://war.ukraine.ua/support-ukraine/ [8] https://www.rescue.org/article/how-can-i-help-ukraine [9] https://voices.org.ua/en [10] https://novaukraine.org/ [11] https://www.unicef.org.uk/press-releases/one-in-five-childre... [12] https://my.care.org/site/Donation2;jsessionid=00000000.app30... [13] https://internationalmedicalcorps.org.uk/country/ukraine/ [14] https://wck.org/relief/activation-chefs-for-ukraine [15] https://donate.doctorswithoutborders.org/secure/monthly-an?m... [16] https://help.rescue.org/donate/ukraine-acq?ms=gs_ppc_fy25_uk... [17] https://greatergood.org/crisis-in-ukraine-send-aid-now?utm_s... [18] https://support.crs.org/donate/donate-ukraine?ms=agigoo0922u...
Maybe not in the US. But the invasion of Ukraine is still very much present in most of Europe and it's a driving factor of recent public policies.
[0]: https://www.goeuropean.org/product-details/unixhost-web-host...
Apple Pay itself uses card emulation mode, and as such the phone only needs to (passively) listen for a payment terminal's field; that should itself not be detectable without emitting such a field.
But it also means they can't do the neat trick of paying with a completely dead (i.e. not even reserve battery power) phone that some early Android and Windows Phone devices could do.
Field-powered mode is possible in at least some NFC chipsets, but I suspect that Apple either values a consistent NFC range more than usability even with a completely dead battery (the amplifier that grants a significantly higher NFC range to Apple Pay obviously needs power), they see it as a security feature (reserve mode is capped to a few hours, I believe), or their NFC controller simply doesn't support it.
Can be harmful even without identifying information in situations where it's enough to decide if some building is occupied or not.
On the Pixel 7, Airplane mode absolutely did not disable those frequency spikes upon screen unlock. Only disabling NFC through the dedicated setting in the phone’s parameters did (Settings > Connected devices > Connection Preferences > NFC). This theoretically puts Android users at greater risk, since on iOS, Airplane mode does disable those polling signals.
It’s easy to see how an average user might assume they’ve gone completely dark by enabling Airplane mode on an Android device—when in fact, they haven’t.
I’ll update the original post with this information, and thank you for pointing it out.
NFC however isn't touched by the airplane mode
...At least it was like that on the android phones I owned
Bluetooth LE does explicitly broadcast its MAC address in some modes, but offers various forms of private or random address modes to mitigate the problem.
https://www.theregister.com/2021/10/22/bluetooth_tracking_de...
https://cec.gmu.edu/news/2025-02/find-my-hacker-how-apples-n...
The Trojan code runs on the computer to be tracked.
It retrieves the advertising address, acquires the matching
public key from our server, and then advertises lost messages
The first one describes radio fingerprinting, which is relatively new, concerning, and might be tricky to address.
See https://inria.hal.science/hal-02394629v1 for the theoretical bases then hop to https://samteplov.com/uploads/shmoocon20/slides.pdf for an example applying to Apple devices
Those who said the randomization and other techniques were sufficient were wrong: https://petsymposium.org/popets/2020/popets-2020-0003.pdf will show you how they changed their mind :)
It's not just apple: google nearby has also been reversed: https://publications.cispa.saarland/2748/ and https://www.ndss-symposium.org/wp-content/uploads/2019/02/nd... talks about attacks, but there's no need for that: just find identifiers that let you link the addresses
Even if you don't have any identifiers, the Bluetooth address randomization happens only about every 15 minutes: the manufacturer specific data in the public advertisement (or even the frequency and the length of these advertisements) during these 15 minutes periods can be used for linking the randomized addresses
In other words, you could possibly track a given device through an area with enough sensors, e.g. a store, but not across visits.
Ex: blocking 3rd party cookies always now. Breaks countless websites which I need to work reliably. “Manage unused website/app’s permissions” even after I specifically granted them! Randomized virtual credit card numbers in Wallet: for no good reason, you thoroughly fucked up a refund attempt for me, >$500! And randomized MAC addresses by default for EVERY. SINGLE. SSID. It’s unhinged. It’s fake protection.
As a matter of fact, I do not enjoy my devices lying to my ISP, or to my college campus, my medical clinic, or to my employers. Device, please identify yourself without wearing a fuckin’ Groucho mask on top, and put on your big boy pants.
Google calls it “my privacy” but it’s not their business model to keep my stuff private to me but to Google and their partners.
Google is trying to keep their own secrets like what their hardware MAC address really is, (because Google themselves are tracking everyone’s radio-enabled devices in every public space with far more sophisticated methods)
or hide/virtualize my credit card details, and protecting the card from crackers who wear hoodies, build EBM playlists, and use Firefox? that is a side-effect at best, especially considering how they are already a crazy non-bank middleman 3rd party with a miasma of shifting TOS and hundreds of advertising partners salivating to know what you paid for 3 milliseconds ago. Sheesh.
Edit: can't reproduce this with my android phone, sitting 6ft away from my SDR.
Otherwise, there might be some other nuances I'm not yet aware of, such as some phones not polling on unlock. I did test iPhone 15 Pro and Pixel 7 for initial POC. Others tested modern Samsungs/Xiaomis - worked as a charm.
Nice.
Wait til you find out about Wifi and GSM!
I would think a faraday bag would be far more efficient for this - should take care of the NFC issue too
It speaks to how terribly fit for purpose mobile devices are for soldiers in an active modern battlefield. Not only do they require discipline and technology training to prevent leaking positions, but most of them actually lack the capability to prevent leaking altogether no matter how trained you are.
No one in the TSA/CBP/ICE/DHS needs to be smart for this, that’s the job of private engineering firms/contractors.