Testing Faraday Cages

Matt Blaze tested a variety of Faraday cages for phones, both commercial and homemade.

The bottom line:

A quick and likely reliable “go/no go test” can be done with an Apple AirTag and an iPhone: drop the AirTag in the bag under test, and see if the phone can locate it and activate its alarm (beware of caching in the FindMy app when doing this).

This test won’t tell you the exact attenuation level, of course, but it will tell you if the attenuation is sufficient for most practical purposes. It can also detect whether an otherwise good bag has been damaged and compromised.

At least in the frequency ranges I tested, two commercial Faraday pouches (the EDEC OffGrid and Mission Darkness Window pouches) yielded excellent performance sufficient to provide assurance of signal isolation under most real-world circumstances. None of the makeshift solutions consistently did nearly as well, although aluminum foil can, under ideal circumstances (that are difficult to replicate) sometimes provide comparable levels of attenuation.

Posted on December 3, 2021 at 6:13 AM69 Comments


Winter December 3, 2021 6:50 AM

“although aluminum foil can, under ideal circumstances (that are difficult to replicate) sometimes provide comparable levels of attenuation.”

This is undoubtedly true, but aluminum foil is easily obtained, can protect objects as large as you want, can be double folded to any desired thickness, and can be folded “air tight” if you make an effort. If you want it grounded, that is not that difficult to achieve (if you have a good ground, that is).

Yes, a $1000 special purpose Faraday Pouch is much better. But if that is not handy, go for aluminum foil.

Ted December 3, 2021 7:19 AM

Aluminum foil works pretty good for blocking signals. High five!

I just tested it with my Apple AirTags, and voila… the Find My app says “Signal is weak. Try moving to a different location.” This was when I was about a foot away from the tags.

I had to turn my phone off and on and fold/crimp the foil around the tags to lose the signal. But if I ever want to hide my keys from myself, I will know exactly how to do it!!! Happy dance! 🙂

Ted December 3, 2021 8:04 AM

Also, I didn’t ‘know’ that the AirTag can play play a sound. When the tag is wrapped in foil the sound won’t play. The app says “AirTag Not Reachable.”

However, when it’s not wrapped I could get the AirTag to play a sound from at least 30-40 feet.

Ted December 3, 2021 8:59 AM


On my phone, the power off function gives 100% attenuation.

Are you 100% sure? The third paragraph mentions that some software/malware could still support signal transmission even when the phone is ‘off.’ Matt says that non-removable batteries can compound these issues.

I’ve got extra aluminum foil if you need it😉

Winter December 3, 2021 9:26 AM

“Are you 100% sure? The third paragraph mentions that some software/malware could still support signal transmission even when the phone is ‘off.’ ”

The “phone part” controls the computer part, not the other way round. You, as a user, cannot alter the phone related chips without a soldering iron. You can do that from the telecom side.

In practice, this means the phone part can switch the whole phone on and off without user intervention.

TimH December 3, 2021 9:30 AM

Hmm. Does the phone still try to find a cell, so ramps up the PA power to max on ping and flattens the battery?

Who? December 3, 2021 9:31 AM

@ Winter, Ted

What about putting multiple layers of aluminum foil inside a box and even protect it with something hard like polycarbonate sheets to make it more resistant to multiple uses?

@ Alan

Indeed, turning off a phone makes it look it has 100% attenuation. Reality is odd, however; you do not really “turn off” a smartphone these days, at least without removing the battery.

Clive Robinson December 3, 2021 9:41 AM

Have we not been through this just a short while ago?

One reason aluminum foil is not as effective as it could be is “slot antennas” and “Fractal Antennas” as I’ve mentioned before.

In fact without care it is extraordinarily easy to turn a sheet of aluminum foil into a slot antenna.

To fold it at the edges you realy should “roll tightly then crush” rather than “fold and crimp”.

Part of the problem is that whilst aluminium as a metal is a good conductor, it’s oxide which easily forms is infact one of the best electrical insulators we have (though it’s thermal conductivity is high). It’s frequently used in high power radio frequency equipment for device mounting.

Also whilst aluminium metal is very soft,aluminium oxide is very hard and very dificult to machine.

I actually use slugs of anodized aluminium inside silver plated coils to change their inductance as they can in some circumstances work better than ferrite materials (other metal oxides)

[1] Slot antennas traditionaly are the inverse of a dipole. That is a half wave length narrow slot in a sheet of metal with the feed being across the slot. However an infinately large sheet of metal is impractical so many slot antennas are cuts in boxes or cylinders that form cavity resonators,


But not all slot antennas look like slots,


[2] Fractal antennas are wide band antennas and are still not at all well understood. Some can look like a piece of modern art made with car springs…


[3] Alumina or aluminium III oxide,


Who? December 3, 2021 9:44 AM

@ Matt Blaze

[wrt 5G networks] “It is possible that the containers tested here perform similarly at those frequences, but it’s also possible that they would do much worse.”

On the contrary, I think they will perform much better. One of the key points on the old Ricochet network at California was that it worked at 900 MHz. At that low frequency, a single pole-top access point was able to reach a lot of places and pass through multiple walls. A similar 5G-like setup would have required tens of access points placed everywhere.

Ted December 3, 2021 10:01 AM


The “phone part” controls the computer part

Not quite sure I follow. Could you explain more?


What about putting multiple layers of aluminum foil inside a box and even protect it with something hard like polycarbonate sheets to make it more resistant to multiple uses?

It looks like Matt tested three commercial pouches and three makeshift pouches. The makeshift pouches were: 1) Electrostatic and Mylar Bags, 2) Metal Cookie Tin, and 3) Heavy Duty Aluminum Foil. Each had varying degrees of effectiveness.

It would be fun to try your experiment!

Winter December 3, 2021 10:24 AM

“Not quite sure I follow. Could you explain more?”

A mobile phone consist of two computers. The part that connects to the cell tower and handles calls and messages and the part that acts like a user computer and installs the apps etc.

The part that controls the calls and the messaging works independently from the user computer part. It is a much simpler type of computer. But it also can control what the computer part does and read out its memory.

And the phone part is controlled from the cell tower.

Jordan Brown December 3, 2021 10:26 AM

Does aluminum foil work as well as tin foil?

How tightly do you have to wrap it around your head? Do you have to shave off your hair?

JImbo December 3, 2021 11:12 AM

I would think you can test by calling the phone from another phone. First verify reception by calling the unprotected phone. If it rings, then protected with whatever method you choose and call it again. If it doesn’t ring you have some protection?

Marc December 3, 2021 11:14 AM

Can a cell phone be located when turned off?

Apple says iOS 15 can and does. I believe this.

In 2013 the NSA said that it can track a phone that is turned off. “allegedly” and “reportedly” have been used in all the articles I could find. Some articles mentioned infecting target devices with malware. This is now eight years ago. Has this malware been found? Does it have a name? Has anybody else been able to reproduce these findings and publish results? On modern hardware? I found an article that made a mention of a Nextel phone. That’s at least 16 years ago.

Z.Lozinski December 3, 2021 11:41 AM


One of the key points on the old Ricochet network at California was that it worked at 900 MHz. [..] A similar 5G-like setup would have required tens of access points placed everywhere.


5G is frequency independent, it is designed to be used in multiple bands from 450MHz, 900Mhz all the way up to 27 Ghz. And there are people working on 66Ghz.

5G in the 900MHz band would have the same coverage area and the same in-building penetratoon as 2G in 900MHz.

The reason you don’t see 5G deployed in the 900Mz, especially in the US and Europe are all the vested interested who are submitting objections when operators file to close down 2G service because they have deployed IoT devices using the 900MHz band and don’t want to have to upgrade them.

When people talk about 5G densification that is because there is another requirement – number_of_users * average_data_usage and to meet that requirement you need higher frequency which in turn deives extra cell sites. John Donovan (the now retired AT&T CTO) once said he had seen 475000% growth in mobile data which lead to some challenges in network engineering.

Clive Robinson December 3, 2021 12:27 PM

@ Who?, Ted, Winter,

What about putting multiple layers of aluminum foil inside a box and even protect it with something hard like polycarbonate sheets to make it more resistant to multiple uses?

Ask yourself the question,

“Where does the energy go?”

If you think about it, “wave guide” is a box lined with metal, it very efficiently transports the energy from one end to the other.

Then think about a microwave oven, it is a metal box at the end of a short piece of waveguide with a magnetron at the other dumping between 0.5-1.5kW of power into the system.

They tell you quite rightly you should not use a microwave when it is empty, because there is nothing to absorb the EM energy and turn it into heat that will not just cook the food but let the excess energy escape as convected heat.

If you put a mobile phone in a metal lined box the EM energy will bounce around untill either it is absorbed or it escapes out of the box.

Most likely with aluminium foil it will escape via a “slot radiator” where the lid and body of the box join…

To stop this with microwave ovens they cheat, they turn the broad lip of the box into a transmission line when the door is closed. It becomes a shorted 1/4 line that just happens to reflect the energy back in opposition therefore looks like a very high impedence the same at the odd harmonics. However at the second harmonic it is now a shorted 1/2 wave at that looks like very nearly a short circuit as it does at the even harmonics.

All of which is greate at the single frequency the microwave oven is designed to work at.

However at other frequencies that transmission line will take the EM energy out to the door edge where it will be a “slot antenna” and it will radiate outwards quite effectively.

It’s what amused me about the Ed Snowden story and supposadly putting the journalists mobile phones in the microwave oven…

If it was me I would have put them in the freezer conpartment of the mini-bar and chatted about nonsense for half an hour or so to wait for the electronics and importantly the battery to get very cold. Though the thermal insulation inside a fridge, generally is very good at muffling sound which the metal walls of a microwave do not do anywhere near as well.

A Dummy December 3, 2021 12:48 PM

what about copper tape for shielding guitar electronics cavities?

better than al foil?

top dog for cheap?

Ted December 3, 2021 12:55 PM

@Clive, Who?, Winter

Re: Microwaves and…

However at other frequencies that transmission line will take the EM energy out to the door edge where it will be a “slot antenna” and it will radiate outwards quite effectively.

Fascinating. Which almost goes to show that one would really need to test everything. The unknown unknowns are the worst.

Clive Robinson December 3, 2021 1:06 PM

@ Marc, ALL,

Has this malware been found? Does it have a name? Has anybody else been able to reproduce these findings and publish results? On modern hardware?

The answer to all your questions is effectively “Yes”.

Only what you are chosing to call “malware” is actually part of the underlying phone standards going back before mobile phones as you know them existed.

I’ve pointed this out several times over the years on this blog, and for some reason it keeps getting asked…

Officially it’s there under the old rouse of “Health and Safety” that various Five-Eye members on the standards committees have used to “finesse” it in. It goes back to long prior to WWII and is a side effect of “Operator Breakin” on the ancient “Plain Old Telephone System”(POTS) that you might call a “land line”.

During the Cold War the UK developed a little device it could put into a POTS pair, it was based on an RF Noise bridge. What you did was squirt an RF signal around the Medium Wave frequencies into the bridge. It in turn would send it down the telephone pair which was effectively a “transmission line” where it would see a complex load of the hook switch capacitence and variable resistance of the carbon granual microphone (later variable inductance). This complex load would reflect back the energy but modulated by the impedence change of the microphone. The RF bridge enabled this to be recovered as an Amplitude Modulated signal in a simple diode detector, giving very clear audio…

If you read the first half of Peter Writes 1980’s book “Spy catcher” you will not only find the device described but be told how it was used to bug various Embassies in London. In one case –Egypt– apparently they had a phone line in their “CryptoCell” adjacent to their “CommCen”. Back then they were using Crypto Kit from a well known Swiss Crypto Company secretly owned by the US. Being electro-mechanical not only dis they generate EM signals they generated audio signals that leaked the wheel settings way way better. The result GCHQ knew the key settings almost before the first message of the day had bern encrypted…

It’s why in the UK Prime Minister Margaret Thatcher banned the use of mobile phones in confidential or above meetings/briefings and would not alow mobile phones to be brought anywere close to crypto equipment. Because she knew there ws another trick that could be used with mobile phones.

A mobile phone is an RF generator and receiver. If RF gets into sensitive electronics it can,

1, Be cross modulated by the electronics pulling out secret information.

2, It can cause timing errors in computer circuits enabaling you to inject faults benificial to your activities.

As I’ve mentioned before I independently discovered all of this and more in the early 1980’s as I now know did several other engineers.

The thing is for something that is not in anyway secret these days, just how very very few know about it.

Worse when the Uni in Israel demonstrates upto date systems doing it wirh less than $50 of “Software Defined Radio”(SDR) people still do not appear to get it.

Likewise when it’s demonstrated by university students that you can use WiFi signals in people homes to not just see people move from room to room but see their hand movments as well such as typing at a keyboard people still do not get it…

I could go on wirh a very very long list of these “don’t get it” items, certainly enough to fill over a hundred pages of text…

But hey, most peoples ignorence is another man’s income…

Clive Robinson December 3, 2021 1:15 PM

@ Ted, Matt Blaze, ALL,

Which almost goes to show that one would really need to test everything.

Importantly “at all frequencies” not just a tiny number of “spot frequencies”.

One of the reasons EMC test houses use prober spectrum analysers is that they contain “tracking generators” that make such all frequency testing relatively painless.

It’s something I do from time to time and I’ve access to a proper test TEM Cell / RF anechoic chamber that is about the size of a “white van” of the Ford Transit variety.

I also have a walk in Faraday Sheilded “cage” that is also anechoicaly lined (quit cosy in the winter, stinking hot in the summer).

Clive Robinson December 3, 2021 1:36 PM

@ Ted, ALL,

Is this a good example of a fractal antenna?

There are “fractal antennas” that look like that “decoration”. In fact one of the first demonstrated did look very similar.

However you would have to test it to know for sure.

But my keen eye suggests it is “unlikely” to be an effective “fractal antenna”…

Why, because it’s not actually a fractal as such. If you look at the “limbs” you will see the wires are not parallel but taper being quite wide in the center and quite fine towards the tip. Kind of like the outline of a star. This would probably not provide a very good impedence against frequency profile.

Hence the need to test.

Clive Robinson December 3, 2021 1:42 PM

@ Jordan Brown,

How tightly do you have to wrap it around your head? Do you have to shave off your hair?

Well actually you do not want it,

1, To touch your head.
2, Have any gaps.

Whilst you could use a metal bin / trash can for the first requirment.

The second kind of means not so much the shaving of hair, but the need to cut off the head at the neck. Which lets be honest could be,

1, Counter productive.
2, Distinctly messy.

Bear December 3, 2021 2:04 PM

This is a topic about which there is no shortage of misinformation.

First there are a lot of people who want to appear knowledgeable. More than that they want to believe themselves knowledgeable. They want to believe that they are in control of the situation, so they believe that the things they have come up with will work.

Second, there is moderate difficulty in testing claims. Not severe difficulty, but sufficient to mean that claims made without testing evidence are usually unchallenged. And, people usually don’t test their own “home remedies” either, partly because they prefer not to learn that they aren’t (yet) in control of the situation.

Third, there are a lot of people who want the first set of people to believe bullshit, who will do absolutely nothing to discourage the spread of such bullshit when it naturally arises, and who may or may not even wait for it to naturally arise.

You can see how these three things interact.

I once believed in cookie tins. You know the metal containers with the tight-fitting metal lids that certain types of cookies (often marketed as “Danish” cookies) come in? It seems like a good bet, doesn’t it? Then I actually tested them. That was disappointing.

A few hours later, after roughing the joint along the bottom of the tin with steel wool and then laying down a bead of solder all the way around it, putting a layer of tinfoil over the tin before pushing the lid on, wrapping it in bubble wrap to keep it from making electrical contact, and sticking that bundle inside a second, larger, similarly-treated cookie tin, I finally managed, as completely as I could tell with my testing equipment anyhow, to completely shut up the radio noise.

A cookie tin, by itself, can attenuate radio signal a lot. But on a different frequency, or with a different tin, or even just a different time the lid gets closed, it doesn’t. I thought it was way more reliable. I was wrong.

lurker December 3, 2021 3:00 PM

@Clive, All, re putting phones in the freezer

A local anti-vaxxer who heckled our PM had his home searched on a related matter. Police allegedly found inside a chest freezer a cellphone and a laptop, both wrapped in Al foil …

John December 3, 2021 3:41 PM


Tracking generator makes testing MUCH easier :). I would not trust the ‘tests’ as they are described. Spacings are too close.

Better operational test is to look for ‘shielded’ cell phone emission outside the ‘box’. Also, try to send SMS and calls to the phone inside.

Then try moving closer to the serving tower.

Removing battery works the best :).

I did some physics work with a triple shielded room. Not much RF inside it!!!


Ted December 3, 2021 3:44 PM


I once believed in cookie tins.

How frustrating. I volunteer to try Ferrero Rocher. For the foil of course.

David Leppik December 3, 2021 3:54 PM

I was working on Bluetooth software a while ago with a lot of debugging the no-signal case. Not being an electrical engineer, I expected that putting my device in a metal tin would work perfectly. As the original article noted, that’s not the case! I tried grounding the tin; still didn’t stop the signal all the time.

Eventually I ended up putting the device in the tin, then into the refrigerator, when I needed to reliably block the signal.

As others have noted, there’s a lot of misinformation out there, even though it’s easy to test.

vas pup December 3, 2021 4:31 PM

Yeah, it is working if you turn it off by removing battery if design let you do that.

Time and again: Apple, Samsung, you name it are friends of Big Brother (not only Chinese manufacturers), not yours as a customer.
Otherwise their design will provide you not BB or hackers with full control with power off switch as real HARDWARE kill switch for battery, then you don’t need all Faraday Cages altogether.

SpaceLifeForm December 3, 2021 4:52 PM

Fresh Cookies

Power off phone. Remove battery if possible. Place in cookie tin. Put a layer of Aluminum Foil over top. Replace lid. Store in fridge.

Well, that was how you could keep the cookies fresh back in the pre-cellphone days.

ResearcherZero December 3, 2021 6:36 PM

@vas pup

Big Brother is hardly going to consider giving out contracts to anyone who isn’t willing to be friends. Where would lay the financial incentive, and likewise the commercial success of those friends?

ResearcherZero December 3, 2021 6:45 PM

Israeli officials not only ‘permitted’ the sale of NSO and other cyber weapons to authoritarian states that would put them to questionable uses but ‘encouraged’ it, using these backroom deals to buy the public support of countries which had been hostile to Israel.

Though companies may protest otherwise, many were only too happy to give up everyone’s data and privacy if it meant they received the investment.

Dave December 4, 2021 2:46 AM

There’s an Android app you can use to test this, what you do is put the phone inside whatever protective device you want and it activates on a timer and looks for signals using all possible radio types it supports. Once it’s done, you pull it out of the protection and it reports if any signals got through… ah, MD Faraday Test, also available for the iPhone.

Winter December 4, 2021 7:42 AM

Mobile phone “Power Off” does not always power off.

It took me some time to find the reference (again).

How the NSA can ‘turn on’ your phone remotely

How did they get into your phone in the first place? Here’s an explanation by former members of the CIA, Navy SEALs and consultants to the U.S. military’s cyber warfare team. They’ve seen it firsthand.

Government spies can set up their own miniature cell network tower. Your phone automatically connects to it. Now, that tower’s radio waves send a command to your phone’s antennae: the baseband chip. That tells your phone to fake any shutdown and stay on.

A smart hack won’t keep your phone running at 100%, though. Spies could keep your phone on standby and just use the microphone — or send pings announcing your location.

John Pirc, who did cybersecurity research at the CIA, said these methods — and others, like physically bugging devices — let the U.S. hijack and reawaken terrorists’ phones.

“The only way you can tell is if your phone feels warm when it’s turned off. That means the baseband processor is still running,” said Pirc, now chief technology officer of the NSS Labs security research firm.

Teledamus December 4, 2021 8:29 AM

I am not an electrical engineer, physicist, or radio engineer.

Would sealing the phone in a plastic bag and submerging it in mercury be effective?

If so, are there less toxic liquids that are conductive enough, e.g. sufficiently salty water, or are we looking for electrons in a conduction band rather than ionic conduction?

Ted December 4, 2021 8:57 AM


“The only way you can tell is if your phone feels warm when it’s turned off. That means the baseband processor is still running,” said Pirc, now chief technology officer of the NSS Labs security research firm.

Thank you greatly for that article. It was a treasure trove of information.

I was skimming several linked articles in your original article, and was curious about the research of John Pirc. He was also interviewed for an article in Bricata:

The refrigerator was internet-enabled, a recent evolution of the internet of things (IoT). Unfortunately, the product was rushed to market and security was merely an afterthought. That’s how a refrigerator winds up as the weakest link in enterprise network security.

That’s the nightmare scenario that keeps folks like John Pirc up at night. It hasn’t happened yet, but he thinks it’s coming and he’s doing everything he can to help businesses prevent it.

He’s co-written a few books, was former CIA, and former many things. According to his LinkedIn page, he’s now at Kandji, a company based in San Francisco, CA.

He’s got a book that might be interesting to skim called “Cyber Crime and Espionage.” It’s not a freebie, but does look good.

Again, many thanks for hunting down that article on how phones can be turned on and found even when they’re ‘off.’ Frightening, especially in the wrong hands, but very good information.



Clive Robinson December 4, 2021 9:27 AM

@ Winter, ALL,

Re the article,

“The only way you can tell is if your phone feels warm when it’s turned off. That means the baseband processor is still running,” said Pirc, now chief technology officer of the NSS Labs security research firm.”

That is extreamly dubious advice to put it bluntly even though true.

To see why you have to go through a worked example.

But the first thing you have to realise is that the NSA or who ever will have to minimise the power they use, otherwise you will notice your battery is apparently “not holding charge”. To see why the battery capacity of your smart phone is going to be roughly 4volts for 3 amps over an hower. Or 12W/h so they would want to get down to some quite small fraction of that say 1-2% so so say 200mW/hour or ~50 millionths of a watt per second on average or a lot less.

What he is realy saying is that with the inefficiency of the work being carried out you will get a tempreture differential you will notice on the broad surface of the phone…

So they are percentages of the work carried out…

1, Work done over time.
2, Heat due to inefficiency
3, over surface of phone.

So for say just the lowest power option a “Bluetooth beacon mode”.

That is say 0.1 second of work every 15 seconds (0.67%). Heat due to inefficiency (50% of 0.67%). Over say 20x10x2 = 400 square centimeters. Of maybe 100mW or 0.1watts of power when working.

So it is on 3600/15= 240 times an hour for 0.1 seconds so 24 seconds at 0.1watts so 2.4 watts in an hour or 667uW/sec or over 13 times the power budjet out of the battery or 0.333mW of heat.

But even then 0.333mW / 400sq cm is ~0.8uW or under one millionth of a watt for heat for each squ cm on average…

You can see why “keep an eye on battery life” might be better advice than “feel for the heat”.

Ted December 4, 2021 9:36 AM

@Clive, Winter, ALL

You can see why “keep an eye on battery life” might be better advice than “feel for the heat”.

How can a user even detect this? What level of user do you have to be?

Clive Robinson December 4, 2021 10:09 AM

@ Teledamus,

Would sealing the phone in a plastic bag and submerging it in mercury be effective?

No more than putting it in a large dish of small steel ball bearings, which actually has two advantages over the mercury,

1, You don’t need the plastic bag.
2, Ball bearings don’t let off kidney and other organ killing vapours, make your teeth go blue, etc[1].

As I’ve mentioned on this blog befor when I used to work in the design side of FMCE cordless and mobile phones one of our tests was to submerge mains powere equipment in 6mm diameter ball bearings to do what is called “Hi-Pot Safety Testing”.

If you look in the ETSI and VDE standards you will find refrence to a standard “test finger”. There is realy nothing so labourious as using it. If you however make a note of the tip where all the action is you will see a 6mm diameter ball bearing fits just nicely inside it. So if the equipment survives a Hi-Pot in the ball bearings it will survive the standard finger.

[1] Mercury drunk in wine has never cured venerial disease even though very highly paid doctors used to think so. Look up “mercury treatment”,


Clive Robinson December 4, 2021 10:26 AM

@ Ted, ALL,

How can a user even detect this? What level of user do you have to be?

To answer it backwards,

The only sort of user you have to be is one who is observant about recharging their phone when it is turned off (which should be the way you recharge electronic gizmos if you want your battery to survive longer).

To do it, you need to keep an eye on the percentage charge. When it gets to say 50% left make a note of the time turn the phone off and put the phone on charge. When the charge light says “charged” make a note of the time and turn the phone back on again and make a note of that time.

Keep an eye on those times in a spread sheet or just a note book. the “time before charge” will slowely go down and the charge time will slowly get longer as the battery ages. However if either suddenly jumps then something has changed with your phone.

The hard part is working out what has changed… But any sudden change is an indicator that something has changed with your phone so untill you know why act with caution or if you think you are a “person of interest” like say a journalist, treat the phone as “radio active”.

I treat my mobile phone as a “spying servant” at the best of times. That is I do not take it anywhere security work etc related and discuss little more than the weather. The riskiest thing I do with it is probably post to this blog.

Ted December 4, 2021 10:43 AM

@Teledamus, Clive

Would sealing the phone in a plastic bag and submerging it in mercury be effective?

From Matt’s article:

So how much attenuation do we need? RF engineers usually measure attenuation in decibels (dB)….. So 20dB of attenuation converts a 1 volt signal into a 0.1 volt signal…

This following article might help us understand how different materials can attenuate signals:

Each material is associated with an attenuation constant, a (dB/m), which is a function of the temperature and the signal frequency…

The human body consists of about 70% water and therefore attenuates the RF signals significantly. Metals, in general, do not allow any signal penetration and reflect almost the entire signal.


Someone correct me if I’m misunderstanding this. Maybe, you could try testing it with water first?

Teledamus December 4, 2021 11:00 AM

Ah, so a few layers of ball-bearings will act as a sufficiently good Faraday cage?

The reason I suggested mercury was that it would provide a continuous surface around the phone, so no ‘slot antennae’. Steel ball bearings would have the advantage of being cheap.

Travelling with a container of mercury or ball-bearings would be inconvenient, so a properly tested pouch is probably a better option.

Ted December 4, 2021 11:03 AM


Keep an eye on those times in a spread sheet or just a note book.

Thank you so much Clive.

It is empowering to think that being observant is at least one good tool to have in this nitty-gritty techno crazy world.

I love how methodical you are. As you even suggest keeping a notebook to track times and charges. Again that is empowering.

Yeah, the sudden changes are scary. Hope everyone has that ‘phone (or text) a friend’ option. Sometimes my phone scares me. I go in and out of denial about how potentially dangerous it is.

Also, I didn’t know that my battery could be preserved if I charged it while my phone was off. This might explain why my current battery capacity is 82%.

That is good that you keep your risks moderate to low. It would be devastating for you not to connect. So some risk just has to be acceptable.

snur-pele December 4, 2021 11:46 AM

@Teledamus, Clive

I used to use copper tape. Now I think I will stick with the bearings.
Size them up a bit (16mm) and you can play childish games with them.
Or up a bit more and impersonate Bogart.
(oh how I love dual-use…)

Winter December 4, 2021 12:15 PM

“Mercury drunk in wine has never cured venerial disease even though very highly paid doctors used to think so. Look up “mercury treatment”,”

Mercury was (is) one of the few poisons that can kill fungi that cause skin diseases [1]. This was widely used by doctors pre-science. Venerial diseases, ie, syphilis, were considered a “skin disease” and treated by quacks[2] with mercury. It appeared to work, but that was because the ulcers can disappear while the disease progresses to the next stage.

[1] Treating fungal diseases is a race who is killed by the treatment first, the host or the fungus.

[2] “Quack” as a “snake oil doctor” stems from Dutch “kwakzalver” which is a pun on “kwikzilver” (Mercury) and a contraction of “kwak” (quack, the sound of a duck) and “zalf” (ointment), to mean “applier of mercury ointments”. This refers to their use of mercury to treat syphilis with snake oil results.

Clive Robinson December 4, 2021 12:18 PM

@ Ted,

Now the question is are you going to forward the link to any of your class mates or even lecturers?

First rule of electrical safety,

Electricity and water are a dangerous combination that kills or injures thousands each year

@ ALL,

Actually though, pure water does not conduct, but it has such an afinity for mineral salts that do when in solution it’s impedence can be very low, tap water is full of mineral salts it’s why it tastes disgusting in oh so many places.

For those living in the US where there are now effectively no enforced water quality standards, you have my sympathies and can only suggest a reverse osmosis purification filter, if you can not safely collect and store rain water.

Ted December 4, 2021 12:39 PM


I have a blockquote under my name I don’t think I said, which was this:

Now the question is are you going to forward the link to any of your class mates or even lecturers?

I said this:

Maybe, you could try testing it with water first?

Which was dumb, now that I think about it. I can’t even think of a way to make it less dumb. Don’t do this kids.

Clive Robinson December 4, 2021 3:20 PM

@ Ted,

Cut and paste let me down… What you see is a text message I was editing immediately prior… Not the block of text I know I highlighted from your post and could swear I cut to clip board…

Just as well I was not texting a romantic partner… lord alone knows what trouble that could bring.

Whilst I do write the odd bit of poetry, lets just say they are not Shakespearean sonets, but of a more well I’ll leave it to your imagination but they are above the typical “Roses are red, violets are blue, flesh is pink, oh what a lovely hue” level 😉

SpaceLifeForm December 4, 2021 3:36 PM

Another TLO

Besides monitoring your battery, keep an eye on your signal quality level if not in Airplane Mode.

Poor signal will eat up your battery faster.

Better than expected signal may be telling you something that you may want to pay attention to.

vas pup December 4, 2021 6:02 PM

Related to the subject
How to spot the software that could be spying on you

“Soon after she got engaged she slowly realized odd things had started happening to her phone. The battery would quickly drain and her phone would suddenly restart – both tell-tale signs of stalkerware being potentially installed on her device.”

Do our IT/security gurus have their tips on the subject?

Clive Robinson December 4, 2021 8:25 PM

@ vas pup,

Do our IT/security gurus have their tips on the subject?

Yes but they are not wise for someone in an abusive relationship to do as it could get them hurt.

The first thing that people have to realise is that like all stalkers a cyber-stalker does not view what they are doing is wrong, even when they are fairly forcefully taught it is so by legal action etc. It should be treated like the incurable mental disease it is which is problematic as our justice systems are predicated on the notion that punishment works as a deterant not just during but after punishment comes to an end.

The Police do not want to know about cyber-abuse for the same reason they do not want to know about domestic abuse. They know they can not stop it as long as the person being abused has any contact in any way with the abuser…

I know this sounds like victim blaiming but it is not, it’s an unfortunate acceptance that they can not change the abusers behaviour.

So what can a victim do? Well first they must realise that they are the only variable they can control in the relationship. So they have to decide what they are going to do in a cold hard way.

Abusive relationships are almost always about “power” disguised by the abuser as something else, usually made to look like it is the victims fault. The “I can not trust you” and similar arguments followed by the accusation of things like “you do not tell me…” are not going to get any better if the victim trys to tell the abuser things, in fact in many cases it will actually cause an escalation as it is handing over even more power to the abuser. Thus a downward spiral builds up…

The victim has to arive at the unfortunate conclusion that technology is just a tool that is available for abuse.

It does not matter if the abuser is your partner or the state they abuse because they can as it gives them power over an individual and they will fight tooth and claw to keep that power.

The second thing to realise is “convenience is your enemy”. Any technology that makes it more convenient for you to “interact” socially makes it a lot easier for you to be abused. There is no solution to this issue it’s inherent at a very fundemental level of the way “interactive” systems work.

A broadcast system is asymetric, thus not actually interactive it’s sometimes a little dificult for people to understand. But a radio program is sent out to hundredds of thousands or millions not to individuals and any response by individuals has to be conciously made by them by a different technological route.

There are four important things to note from this,

1, You don’t have to listen.
2, You don’t have to react.
3, You don’t have to respond.
4, You don’t have to communicate.

Unfortunately “interactive” systems take most if not all of those options away from you.

That is if you need an interactive system for one social asspect, it is unless you take fairly stringent “OpSec Measures” open to all to interact with including an abuser once they are aware of it.

So if you are to gain the advantages of “interaction” you have to be able to ensure it remains “secret” from a potential abuser.

Keeping such “secrets” from certain types of abuser is well neigh impossible.

Once such a “secret” is known or even just assumed then the abuser will start to work towards using it as a tool of abuse as that gives them the power over the victim they desire.

To stop this you only have two choices,

1, Maintain good OpSec.
2, Forgo interactive systems.

The problem with the first option is “Second party betrayal”. Whilst you can maintain “secrecy” about your use of an interactive system, can you say the same for those you interact with or through? The simple answer is no, not a chance as they are not the ones at risk. So one way or another eventually the interactive system becomes known to the abuser.

Which means the only safe thing is to not use interactive systems or use them in a way that limits or stops the abuser being able to use them.

One such is to use “pagers and payphones”. A pager is a broadcast system and is non interactive unlike SMS. If used properly it does not betray your location. This then alows you to find a randomly located “payphone” if you do need to communicate interactively. Whilst the number of the payphone can be blocked to many people, some abusers who have access to SS7 information directly or indirectly can find the phones location. There are ways to limit this by the use of “reflectors” but it will take to long to explain how in this response.

Unfortunately there is a weakness in the system a cleaver abuser can take advantage of. Paging systems work as wide area cell systems. That is the message sent to your pager gets sent from individual transmitters in a pattern in time that can be used by an abuser if the victim responds or responds quickly. It will take to long to explain how in this response.

A similar system is semi automated marine telephony but with a catch. A ship listens on a standard broadcast frequency for a message. If one for the ship is received then the ships operator decides if to enter into “interactive” communications, if they do then their position can be given away. There are ways to limit this but it will take to long to explain in this response.

One interactive system that is difficult but not impossible to track back is “pirating satellites”. The US military put a bunch of satelites up quite a few years ago that act as “transponders” rather than as “repeaters” the result is quite a few in various South American countries illegaly use what is in effect an “open access” system.

There are other transponder based satellites that are available for some to use legaly, but could be used illegaly. It would take way to long to explain in this response, and it is beyond the abilities of all but communications specialists to do sufficiently covertly.

However the general point is the correct use of “broadcast systems” of which there are many, can with care and good OpSec, stop or limit abusers ability to get the power they want over a victim ONCE direct access has been broken.

And that at the end of the day that is,

The first and only step a victim can take to stop abuse, is direct access has to be not just broken but stay broken for ever.

And the victim must assume that at some point an abuser will not just try but succeed in getting contact back, so the victim must have severall “fall back” plans in place to ensure that contact can be quickly broken again.

This sort of mentality required to do this requires great mental strength and is unlikely to be found in most people. Further to do it without assistance requires quite specialized knowledge very very few posses.

So it is a very hard problem to solve, even for State level actors trying to protect certain types of people.

It’s also a problem that is getting harder and harder each day. Because the “power to abuse” can be extrodinarily profitable not just for mentally diseased individuals but corporations and states who see great advantages in such power and care not a jot about the harms, or worse see the harms as an actual benifit.

SpaceLifeForm December 5, 2021 1:32 AM

@ vas pup, Clive, ALL

Clive’s comment above summarized as a Cliff Note: Facebook

Do not let yourself become interrupt driven.

Do not let your buffers get overloaded.

Manage your inputs.

SpaceLifeForm December 5, 2021 4:26 AM

@ Dave

“I’m sorry Dave, I’m afraid I can’t do that”

That app is looking at the problem from the wrong side of the cage.

Leikhus Skartgripir December 5, 2021 8:47 AM

So, the conclusion is – cellphones achieve the old alchemical dream of converting one element into another. Al or Sn is converted into FeS2.

But would sheets of FeS2 actually work ?

John December 5, 2021 8:48 AM



Pretty good summary. I would suggest adding a few comments about how to actually go about stopping your response to their ‘offer to dance’.

From what I see the ONLY effective way to get help from someone who has stopped responding themselves successfully over the long term.

This will lead the serious student to the various 12 step programs. AA is the first and the NA literature is much deeper. Both methods have members who have succeeded over the long term! It works for me.

And isn’t stopping the dance what really counts?


Clive Robinson December 5, 2021 7:00 PM

@ SpaceLifeForm, ALL,

Does anyone make a Faraday bag to cover a car?

Sort of but you have to finish it…

It’s called a “shipping container” basicly a large welded steel box open at one end, with doors added.

You need to modify it so that the doors compleate the internal conductive surface.

I think though I better make one thing clear, the energy of radio signals is “not in the wire” but “around the wire”. Look up Maxwell’s equations and Pointing vectors for the nitty gritty maths, but for a simplified explanation look up “skin effect”.

Which means that at the radio frequencies that count, even aluminium foil has two distinct sides that are effectively issolatrd from each other. So assume you have a tube of metal like the outer of a piece of coax RF “current” flows doen the inside surface in one direction where it arives at the antenna. Any impeadence mismatch will cause some of that current to be reflected. It can in many cases take either the inside or the outside of that metal tube to return.

If inside you get what is called a “Voltage Standing Wave Ratio”(VSWR) if on the outside you get what is called “Common Mode Current”.

The important thing to note is that most “radiation” occures where the effective EM current is highest.

So to stop radiation you have to stop EM current in the outside surface. To do this you have to compleat the inside surface and “choke” the outside surface.

That is you make the inside as lower impedence as possible, and any gap, break, or path to the outside surface as high as possible.

Oh and for this kind of work you can not use the tricks they do with microwave oven doors. Because those impedence tricks are highly wavelength selective so change their impedence from very close to a short circuit impedence to very near an open circuit impedence and back again as you increase frequency.

So berilium copper fingers/fringes on the inside, copper wire tube around flexibal plastic gasket in the gap and ferite slab over the gap towards the outside with further berilium copper fingers/fringes on the outside. With those fingers/fringes properly braised or welded to give a continuous surface connection.

Whilst it does not sound easy it can be done and if “thoughtfully designed in” is easily capable of “mass production”.

But if you want to just “buy” and money is no object, there are EMC “TEM Cells” large enough to drive small cars into…

But as these are eye wateringly expensive in most cases for EMC testing an “Open Air Test Site”(OATS) is used for anything larger than one person can shift by themselves.

neill December 6, 2021 12:52 AM


appreciate your insights

RE shielding – how about used toner from laserprinters, that contains lots of fine metal powder?

or ferrofluids, where the liquid allows the metal particles to somehow freely move and hence absorb energy?

Clive Robinson December 6, 2021 4:49 AM

@ Neill,

RE shielding – how about used toner from laserprinters, that contains lots of fine metal powder?

I know next to nothing about the composition of toner for photocopiers and printers other than it is in a plastic carrying medium that melts and fuses to the page, but which can be removed again fairly easily with a solvent and heat[1].

What I do know is that as a powder it is very very fine and thus has at the very least physical dangers to humans. Also if it is combustable such finesse would potentially make for an explosive “dust mixture” in air as does non dairy creamer and various fine flours used in cooking.

The fact it can be easily manipulated with high / static voltage suggests it is very probably is a fairly strong insulator with certain electron shell issues that enable it to be held by a charge (think strands of hair on balloons etc).

One way to test it’s RF properties in a “garage laboratory” would be to put a very small sample in a microwave oven and see what effect it has on it. Making sure you follow the appropriate safety procedures…

My gut feeling is however it would not be of much use.

[1] It’s the way some people make their own T-Shirt designs.

Neill December 6, 2021 5:10 AM


Laserprinter tone is made with fine metal particles, and the cylindrical magnets inside the toner cartridge hold onto the metal with the color particles mixed in, till those get electrostatically transferred onto the photo drum and from there onto the paper

hence the idea of using a cheap waste product thats easily available

there are YT videos where you mix toner with oils to make a ferrofluid

question would be the shielding capability / EM absorption should you bury a cellphone in the powder or ferrofluid?

Clive Robinson December 6, 2021 6:50 AM

@ Neill,

there are YT videos where you mix toner with oils to make a ferrofluid

The last time I used “ferrofluid” in security work, was back in the late 1980’s when designing electronic locks for the various “hospitality” industries.

It was used to optically read the magnetic stripe on ISO Formate “bank cards” that we used as the “keys”.

Beyond that with some “party tricks” where you make what looks like oil turn into a spikey solid at the press of a hidden switch I’ve not thought much about them.


should you bury a cellphone in the powder or ferrofluid?

I’d say neither, not because it might or might not work, but because either way it would at the very least be,

“Messy Messy, MESSY”

And near imposible to clean up if any small mistake was made.

But also think about what the effect of evaporation of the carrier fluid would do… appart from that any oil would smell and organic ones would go rancid via oxidizing and that is realy not a nice smell at all, as well as turn into a rather foul waxy fluid as humidity in the air gets absorbed in, just yuk yuk yuk on all sensory fronts.

However as a “garage experiment” it could be fun if safety precautions are taken.

Ted December 6, 2021 7:00 AM

@SpaceLifeForm, Clive, ALL

Does anyone make a Faraday bag to cover a car?

Lol. Yeah the AirTags are sort of dual-use trackers aren’t they? It looks like Apple is trying to throw some more fixes out to curb the “bad” kind of tracking.

MacRumors says that iOS 15.2 beta will allow users to scan for “Unknown” devices. They also say Apple is working on an Android app that will let Android users detect an unknown AirTag.


Did you see Ars Technica picked up that story too? One reader suggested that people could put an AirTag in their own car to help find it if it was stolen. (Tongue-in-cheek or a good idea?) Another reader commented that Tile, another Bluetooth tracker, doesn’t have as large of a finding network as AirTags. So I was trying to look into Tile a bit too. The attack/defense vectors are going to be fascinating to watch.

neill December 6, 2021 10:40 AM


good point about the yuk factor here. i dont think though that has been overlooked (or oversmelled?) by the ones hiding contraband within the bodies of all kinds of creatures alive or not

no idea how the metal particles are generated – nails in a coffee grinder will just generate certain sizes, besides grumpy folks that are robbed of their favorite liquids

if you believe part of the marketing of major printer makers there are important difficult-to-achieve specs for toner, hence the price they set

but due to the random and different size of particles generated by shaving or grinding i would expect them to react to a wide range of RF waves

besides, oils could probably be synthetic ones that are not rancid after some time

name.withhheld.for.obvious.reasons December 9, 2021 9:33 PM

Have to admit the lab here is a three cage EMF isolation design. The first is the primary working or person accessible cage which is in the building, a separate interior development cage is within (3m x 3m x 6m), and a small cage (1 1/2 cubic meters) for individual test units or devices. This last cage has multiple shielded conduits for source power and/or test probes (d-dots, antenna, etc). The second cage can be set up to monitor the first cage as well. First out layer is solid shielding, the second is a cross frame solid with banded attenuation blocks, and the last is a full wire mesh, with hinge and window features for leak/reflection protection. Power is separately conditioned and then isolated at each physical layer.

Really helps when attempting to characterize emitters and beacons. Too much fun or time I guess.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.