If a mobile phone is switched off, it is not possible for its location to be identified.
There is only a threat if you (unknowingly) come into possession of a mobile phone that has been subject to this type of targeted manipulation. However, manipulation of mobile phones can be largely excluded if:

• The mobile phone is not left unattended for long periods
• You do not use a mobile phone of uncertain origin that is given to you as a gift

As it is not possible to exclude manipulation of mobile phones completely, removing the mobile phone batteries can provide additional security.

Mobile phones that have not been manipulated and are free of faults cannot be activated if they are switched off. The described attack can only be implemented if the mobile phone has already been manipulated or if faults can be exploited. In our view, this means only two cases are possible:

• The attack can work for any mobile phones/networks if the mobile phone has been subject to prior, targeted manipulation (hardware/firmware).
• The attack only works for specific mobile phones and mobile networks that happen to contain exploitable faults or functions intended to cause damage (hardware/firmware) for bugging purposes.

There is not currently any technical way of guaranteeing 100% security. You can only make attacks more difficult through technical protective measures, such as

• Implementing cross-network inter-operable mobile communication end-to-end encryption
• Reciprocal authentication between mobile phone and the base station (currently authentication is only one-sided, i.e. by the mobile phone to the base station)