Ask HN: How would French police locate suspects by tapping their devices?

103 points

3 years ago

I just found a news article regarding a law that passed in France allowing police to remotely activate GPS, camera, microphone on a user's device [0]. This was posted before on HN [1], but without traction, but I am not all that much interested in the civil aspects of it, I am more interested in the technical aspects of it. I'm curious if there is someone with know how about how such a thing would be achieved.

Would they base it on exploits? Would they have to require manufacturers to add police APIs on the devices? Would a remotely activated camera / microphone / location get the active camera / microphone / location indicator?

55 minute edit: It seems like for simple stuff, like coarse location they can get it through the carrier; I assumed as much and it's relatively easy to get it done. For other stuff, rootkits and exploits are developed by some intelligence agencies which require manufacturing consent or physical interception. Then there's also groups that sell OS levels exploits such as the NSO group.

I'm guessing in the case of software exploits, the indicators would appear for camera / mic / gps. But maybe for hardware exploits they could bypass the circuitry? Seems like a lot of work for non-high-profile targets.

Later edit: Keyword "baseband" seems to be the most likely attack vector

[0] https://apnews.com/article/france-surveillance-digital-devic...

[1] https://news.ycombinator.com/item?id=36779568

87 comments