|
Locating
a Missing Person Via Cell Phone
Welcome
to this quickly written article, those who know of
the missing Kim case skip to the next section as I
will explain basics here. James Kim of CNET and TechTV
went missing with his family on Saturday while on
vacation in Washington State. With James was his wife
and two children. James is well known in the tech
community and so is the concerned push to locate him.
James Kim disappearance is highly unusual as no traces
have been found. This article is in the attempt to
throw an idea out to the public in the hopes of helping
locate him.
Cell
Phone Technology
Most
modern cell phones have a way to communicate their
location to a cell tower. In most cases this is used
when the phone owner dials 911. On older cell phones,
including TDMA and CDMA, the towers triangulate position
by sampling signal strength of the multiple towers.
This is not accurate but gives police and emergency
people an idea where to search. TDMA and CDMA phones
are holdovers of older technologies, mostly analog
and extremely lowend digital service phones. The analog
system is still active and some newer phones still
can use it. TDMA is still quite common in rural areas,
like where the Kim family went missing, as it works
better in mountains/hilly terrain. Analog phone freq.
is lower allowing more surface dispersion of radio
waves than its higher freq. band GSM counterpart.
GSM in rough terrain is limited by the effect of high
freq. radio waves bouncing of the earth surface.
Extremely
Quick Crash Course in Radio Wave Physics
(Yes
I have a HAM radio operator license if anyone is wondering.)
Low freq. radio waves tend to bounce off the upper
atmosphere toward the earth. Hence why most people
can receive AM radio broadcasts from a great distance;
some people even make a hobby of it. Low band radio
waves, like the low band 1mhz band of AM radio, tend
to follow the curve of the earth. CB radio operators
also are effected by this effect, CB radio operates
in the 11 meter band (27Mhz) with a relative short
wave length broadcast. CB operators observe an effect
they call "skip-land", skip-land occurs
when the conditions are right and radio waves bounce
off the lower atmosphere back to earth. Its not uncommon
for a CB operator in New Hampshire to talk to Texas
when skip-land occurs.
Why
does this happen? The lower the frequency, the more
likely the radio waves will stick to the ground. This
is applied opposite-verbatim to higher freq. as well.
As you increase freq. the greater chance you lose
your radio waves to bouncing off the earth into space.
That's why a CB radio can broadcast 5 miles on 4 watts
of power at a low frequency (27mhz), and the FM radio
station down the street broadcasts 20 miles needing
1000+ watts of power. (FM Radio operates between 88-108Mhz).
Another
example of this wave vs. distance relationship is
that of TV. Most young people won't know what VHF
or UHF is, but older people will remember when they
could tune TV stations from many miles away on VHF
with relative ease. VHF is a low band freq. operating
at 30-300Mhz and typical power requirements of 5000+
watts of power to achieve the distance of the afore
mentioned FM radio station. You may also remember
UHF stations were harder to tune in, that's because
UHF operates 300Mhz to 3000Mhz (aka 3Ghz).
UHF,
or Ultra High Frequency, is were cell phones operate.
Older Analog, TDMA, and CDMA phones operate around
824Mhz to 894Mhz band. Being a lower freq. the radio
waves generated tend to bounce into space less often.
However, the newer GSM technologies operate on what's
known as Quad-Band. Quad-Band GSM operates between
850Mhz-1800Mhz in the USA. Some areas may use the
lowband GSM in the 450Mhz freq. block but that is
extremely uncommon.
GPS
in Phones
A
common myth I have seen allot on Digg is that the
cell phone could provide GPS data. This is both true
and false. Some phones do support GPS tracking data,
it is sent to the tower when a call is made. Also
your cell phone will broadcast GPS data when you call
911 for emergency purposes. Now this is false because
most phones allow you to turn off GPS data broadcasting
(except when you dial 911). There is no way to ping
a phone for GPS data directly.
Locating
a Missing Person with the Phone
(Here
is the meat and potatoes... if you work for a cell
company in the area... please try this...) A little
known fact to most people, is that the cell phone
in your pocket is traceable. On older cell phones
this tracer is called a ESN, or Electronic Service
Number. It is a 32bit code with a manufacture code,
a unique serial number, and other regional data. On
newer phones this tracer is called an IMEI, or International
Mobile Equipment Identity. Both of these codes are
unique to your phone. The ESN on older phones is transmitted
to the tower when the phone is switched on, makes
a call, or receives a call. This is an identifier
used mostly for billing. On the newer phones the IMEI
is not always reported. The data required for the
newer 3GPP phone is what called a IMSI, or International
Mobile Subscriber Identity. The IMSI is the number
identifier to your service and phone. This number
is reported to the tower when a phone turns on (also
the IMEI if the tower requests it).
Finding
Kim with the IMEI and IMSI
All
phones can display the IMEI to anyone who asks (the
IMEI only identifies the phone hardware). Most phones
have an option to view it in the settings window,
but all phones can be queried from the network with
a AT+CGSN command (3GPP TS 27.007, Section 5.4 sub2
standards document) from a tower. But most IMEI's
are linked to an account in the Cell providers records.
The IMSI is the key to locating a phone, the IMSI
is stored on the SIM card of the phone an is required
to be broadcast to a tower for the phone to make calls.
In
theory... if a cell worker AT commanded the IMEI of
the phone to get the linked IMSI number. Shut off
the service to the phone by disallowing the IMSI number
and SIM card as invalid. Then after waiting a few
minutes, reactivate the IMSI and SIM card in the phone.
When
the phone reconnects to the tower the IMEI and IMSI
will be broadcast so the tower will allow connection.
When connected, scan the IMSI list for all the towers
on the route the Kim family is thought to have taken.
When the IMSI appears you have located a 5 mile mile
radius to search of the tower the IMSI connected to.
Considering laws of radio waves and the limited range
of highband radio freq. of the phone.. it creates
a very limited search area.
Downsides
to this method
As
much as I hate to say this... this depends on a few
variables... 1.) Mr. Kim's phone is powered on (or
a member of his family's phone). 2.) The phone is
in range for a connection to a tower (on the bright
side, the phone can be out of range to make calls
as long as a few kilobytes of login data can be sent)
3.) Use of non-directonal towers. (A directional tower
means the search is in a 25 degree band outward but
stretching 20 miles. Not impossible but adds more
search area.)
Closing
I
hope this information helps the search out, and Mr.
Kim and family are found safe. This is provided free
and clear so if someone reading this needs to send
it or copy it to anyone... please do so...
-Digital
Madman
|
