Sophos Cloud Optix
US law enforcers are demanding a kill switch on our smartphones that would theoretically brick them after they’re stolen.
New York’s top prosecutor, State Attorney General Eric Schneiderman, together with San Francisco District Attorney George Gascón, put out a statement on Thursday about the launch of an initiative devoted to drying up the secondary market on which stolen devices are sold.
The initiative, dubbed Secure Our Smartphones (SOS), is a coalition of law enforcers from across the country: state attorneys general, district attorneys, major city police chiefs, state and city comptrollers, as well as public safety activists and consumer advocates.
The announcement came on the same day that Gascón and Schneiderman co-hosted a “Smartphone Summit” with representatives from smartphone makers Apple, Samsung, Google and Microsoft.
Schneiderman said in the statement that about 113 smartphones are stolen or lost every minute in the US, with many of the thefts turning violent.
Here’s how the SOS coalition describes this “epidemic”:
In 2012, 1.6 million Americans were victimized for their smartphones. This is a growing epidemic
affecting all corners of our nation and accounting for a majority of the robberies in our cities.Last year, 50 percent of the robberies in San Francisco involved a stolen mobile communications
device.Washington D.C Police report smartphone theft accounting for 38 percent of their
robberies, with Philadelphia Police reporting this type of theft accounting for 33 percent of all
robberies.In New York City, 20 percent of all robberies involved the theft of a smartphone; a 40
percent increase in the past year.These crimes have led to severe injuries and the loss of life. The trend indicates that the problem will only get worse if manufacturers and carriers do not take immediate action.
The coalition aims to curb the problem of mobile phone theft by focusing on five things:
- Analyzing patterns, causes and trends behind device theft;
- Investigating the capability of manufacturers to develop technology that would deter theft, including a kill switch that would brick stolen devices permanently, eliminating the economic incentives for would-be thieves;
- Understanding how the economics of device theft have affected decision-making by the smartphone industry;
- Working with device manufacturers to make a kill switch, or equally effective deterrent technology, a standard feature of their products; and
- Investigating impropriety on the part of manufacturers, raising public and shareholder awareness about industry practices in this area, and using all available tools to press for safety-oriented innovation and responsible corporate citizenship.
The concept of a kill switch plays nicely with Apple’s just-announced mobile operating system, iOS 7, which features exactly that: an activation lock.
Apple previously did have a Find My iPhone feature, but the new activation lock takes it a step further by not only tracking the lost phone but also enabling users to remotely nuke it.
(And, of course, Sophos has a free Mobile Security app for Android that lets you remote-lock or remote-wipe your phone.)
Samsung has reportedly promised a similar feature, while Google and Microsoft apparently talked about the concept at the Smartphone Summit.
Would this type of kill switch actually work?
The Register’s Bill Ray, for one, thinks that it might have less impact than you’d imagine.
Ray notes that, at least as far as the UK goes, while most muggers do steal mobile phones, it’s not so much the phone they’re after as a delay in the time when muggees can call the police – a delay that gives crooks more time to turn stolen credit cards into cash.
Not that stolen phones can’t be sold, if a thief manages to change a handset’s International Mobile Station Equipment Identity (IMEI) number – a unique 15 digit code assigned at production to GSM and other phones.
That’s illegal in the UK, Ray points out, but it’s still possible to do on most handsets. A quick online search will reveal how easy it is.
Most mobile networks subscribe to a system – the Central Equipment Identity Register (CEIR) – that blocks stolen IMEI numbers from their networks. But given a changed IMEI on a handset, all bets are off that its original owner can track it down.
That means that once a thief has changed a handset’s IMEI, the phone can be used anywhere.
A kill switch, in short, might be a good addition to the tools already in existence to protect our smartphones.
If we do see manufacturers install kill switches on all smartphones, I’d still suggest that it’s a ton of fun to install an app that lets you snap photos of people trying to unlock your phone.
Wait until you’ve snapped a photo of a suspect – like this one! – I say, before you brick the thing.
Image of red button and mobile phone thief courtesy of Shutterstock.
One problem with a kill switch is that it inherently creates a new security risk: someone can potentially disable your phone without permission. Apple's new Activation Lock, for example, requires only your iCloud username and password to disable your phone. It's easy to imagine an attacker gaining access to your account, deactivating your phone, and changing your password so you can't get back in to reactivate it.
Putting a kill switch into a phone is a bad idea. If the activation code is hacked by a virus then peoples phones are at the mercy of someones android OS virus. Android already has a brick feature in the software so all it needs is a malicious app which requests the "brick device" permission, a phishing scam (free money app?) can do the rest.
My greatest concern with anyone in the government having a “kill switch” on smart phones would be the abuse by the government, such as an officer pulling a person over, pulling their identity and bricking their phone so that any violent actions taken by the officer could not be recorded.
The article doesn't mention BlackBerry Protect which precisely addresses this problem
Are not there several apps that already accomplish this? Prey, and avast security are two different apps on my phone that provide pretty much all this and more.
Don't forget unprincipled manufacturers/companies. The only person to brick your phone is you. Get the security manufacturers to add it to the list of actions thier software offers
That raises a few issues, if this is implemented it is necessary to make it optional. Imagine what can happen in a dictature, after disabling the internet they'll just have to brick all smartphones for "national security reasons".
A better alternative would be to make it completely impossible to change a phone's IMEI as long as preventing crafted IMEI numbers to work.
I can see how this can be misused by the government, especially when they're doing something wrong. No.
Politicians and government think everything can be solved by creating new laws, and rarely understand the unintended consequences.
There are many current solutions on the market which people can employ if they desire.
The biggest issue is user education, but people have to want to increase their security and if we look at what gets posted to social media, the reality seems to be security takes a back seat.
Any time the government demands that certain features be included in a private citizen's communication device I get paranoid.
A car can cost 20 times or more than a phone at full retail. There is a reason kill switches have not taken off as a consumer demanded product on cars even though the potential for financial loss is greater. I know we all hate car analogies, but I am going to look to the automotive industry for a parallel solution in the mobile phone industry as follows:
1. Hold the cell phone providers accountable for activating phones with serial numbers that have been reported stolen. Provide a national registry for stolen phone serial numbers.
2. Encourage 3rd party or competitive insurance offerings for phones similar to what people can buy for their cars. Make these reputation based. Some people are lower risk than others. I’ve lost zero phones in 15 years of carrying them and I suspect there are many others like me.
3. Educate the end user about password locking and encryption, so that even if their phone is stolen their data will remain safe. A common thief might find value in the purse sitting on your car seat but not enough cost/benefit of stealing the actual car. Point being that if the phone is itself worthless because it can’t be reactivated, then the next most valuable thing could be the data on it. If it is impossible to get the data off for the common thief, then their incentive to steal it in the first place is gone.
None of this requires the government to have the ability to turn off your phone.
The papers concern the particular area of the interaction between law, science and new technologies. The use of English and the selection of participants through a review process in several steps by international referees assure the scientific quality of the papers.