[adamb_]

How does airplane mode fit in with this? Wasn't it until recently that FAA regulations required cellphones have an explicit means to halt ALL radio communication? If the phone's radio is still potentially active even when the device is "off", how could these baseband OS's get government certification?

[alandarev]

There is no confirmation whether baseband processor can be reached while device is OFF/in Airplane mod.

And I join the crowd who think that is impossible. I bet someone would notice weird patterns if the baseband kept working despite of device off. (Speakers catching 2G, battery drain, interference with other devices, etc.)

[alexwright]

The radio interface could listen/wait without even replying, ie wouldn't make the GSM RFI speaker noise. If governments, carriers and law enforcement could all manage to use this so incredibly rarely that it's never been observed.. then it could be real.

Given the types of people that would have to have access / knowledge of this though. For example people that suspect their partner of infidelity and is on the police liaison team of a carrier say...

I agree it's very unlikely, someone would have noticed it by now.

[alandarev]

Oh, that is a fair point.

Though, not receiving any information back, draws the tracking practice significantly more difficult.

[Theodores]

It need only reply if it is requested to do so, therefore for 99.9 recurring percent of the time there need be nothing observable.

[alexwright]

Or reply in some side channel, piggy back the next (expected, ie when the user has switch back to normal mode) UMTS radio packet for example. I don't know the packet structure but I expect there are areas that could be re-purposed covertly. We did after all fit the entire SMS system into such a space.

[tmzt]

"Airplane mode" is essentially and AT command sent to the baseband to disassociate and go to sleep, it doesn't disable the baseband CPU, DSP or anything else.

You could argue that "off" is the same thing, for instance, many Qualcomm devices boot with the BP first and and can do a lot before the AP is even taken out of halt, without initializing the LCD display, backlight, etc.

[noselasd]

Theoretically, that wouldn't be hard:

* Push the airplane mode button.

* Have the FAA place the phone in a faraday cage for testing the phone.

* Don't remotely activate the phone at this point (which you wouldn't be able to anyway, the phone is in a faraday cage )

* "Forget" to tell the FAA about the cellular equivalent of "wake on lan" we built into this phone.