Sophos Cloud Optix
US consumers could save $2.6 billion! (£1.56 billion!) that they’re currently spending to replace stolen phones and to insure the irresistible, pocket-sized thief magnets, says a new report (PDF).
As it is, the country’s law enforcers and politicians have been putting the thumbscrews to cellular carriers to get them to make kill switch technology standard on all phones shipped in the US.
A kill switch is remote-control technology that bricks a phone after it’s stolen.
The political push to make kill switches mandatory is being headed up by California Senator Mark Leno and San Francisco District Attorney George Gascón, who are facing a wave of increasingly violent street crime in which phone theft acts as the catalyst.
A coalition of politicians and law enforcers called Secure Our Smartphones says that in 2012, 1.6 million Americans suffered a crime related to their mobile phone, while 50% of the robberies in San Francisco involved a mobile device being stolen. Other cities report similar statistics.
The Californian politicians believe, as do law enforcement officials, that phones will be worthless to thieves if making the devices inoperable after they’re stolen becomes a simple, routine procedure.
The report, released on Sunday by Creighton University, in Nebraska, shows that consumers are gung-ho about the idea of a mandatory kill switch.
To analyze what consumers are spending to protect and replace their phones and to gauge their attitude about a kill switch, Creighton University professor and consumer advocate William Duckworth surveyed 1,200 smartphone owners.
According to Duckworth, his findings show that consumers not only support a free kill switch on all phones; they actually expect it:
My research suggests that at least half of smartphone owners would in fact reduce their insurance coverage if the Kill Switch reduced the prevalence of cell phone theft. Overall, it seems clear that Americans want the Kill Switch and that an industry-wide implementation of the technology could significantly improve public safety and save consumers billions of dollars a year.
The report’s findings about our gung-ho-edness:
- 99% of smartphone owners feel wireless carriers should give all consumers the option to disable a cell phone if it is stolen.
- 83% of smartphone owners believe that a Kill Switch would reduce cell phone theft.
- 93% of smartphone owners believe that Americans should not be expected to pay extra fees for the ability to disable a stolen phone.
This is where consumers’ money is going, according to the report:
- We’re spending an estimated $580 million per year replacing stolen phones.
- Another $4.8 billion per year is being spent on premium cell phone coverage from wireless carriers.
Duckworth said that his research suggests at least half would make the switch to cheaper insurance plans that don’t cover theft, for some $2 billion in savings.
Given that stolen phones lose their resale value if they’ve been bricked, most of the $580 million spent on replacing stolen phones would be saved, Duckworth proposes.
The CTIA, a Washington-based lobbying group that represents the telecom industry, begs to differ and offers a host of reasons why a kill switch isn’t the answer (PDF).
“Serious risks” the CTIA sees in a mandatory kill switch include the fact that the requisite “kill” message would have to be known to every operator and therefore couldn’t be kept secret.
That would present the opportunity for cybercrooks to forge an SMS to send to a phone and maliciously brick it.
Scale it up, and crooks could disable entire groups of customers, the CTIA suggests, including, for example, the Department of Defense, Homeland Security, police or emergency services.
IT World points out that as an alternative to a kill switch, the CTIA’s been pushing a database that blocks stolen phones from being reactivated by new subscribers.
But as the industry group has acknowledged, the database is limited in scope to just a handful of countries, meaning that if somebody steals a phone and takes it to a country that’s not covered, the reactivation-blocking database is useless.
Short of a kill switch, there are ways to locate, lock and/or erase a wireless gadget if it gets lost or stolen.
The CTIA has listings for security remote-command apps for Android, Blackberry, iOS (Apple), Symbian and Windows.
Apple, for its part, introduced an activation lock in its iOS 7 mobile operating system.
Apple previously had a Find My iPhone feature, but the new activation lock takes it a step further by not only tracking the lost phone but also enabling users to remotely wipe it.
This approach isn’t as drastic as bricking it forever and ever, given that a locked iPhone can still display messages if the true owner lucks out and his or her device falls into the hands of a reputable person.
Of course, I would be remiss if I didn’t mention that Sophos has a free Mobile Security app for Android that offers a bunch of remote commands you can send to your phone: Wipe, Lock, Alarm, Locate, Reset passcode, and Message to finder. It also reports the device’s location before the battery runs out, and it provides notification if the SIM card is replaced.
Image of phone theft courtesy of Shutterstock.
I for one cannot understand the need of this. These devices all are gps equipped and have unique IDs. So are you really trying to say they can’t find a lost device? Even more to the point, why don’t the cell companies block a stolen phone from getting back on network until cleared?
A kill switch is not needed, and it is far to likely to be abused. I for one do not trust the world governments not to abuse this.
GPS is a one-way device. If the phone is on, you can tell which tower it’s connected to based on the IEMI or the SIM. But that’s about it.
A remote kill switch would do literally nothing.
Well, a crook could turn off the cell phone for a day or a week, and it vanishes completely. Then when it turns on again, it could be on another continent. Are you visiting Zimbabwe, or just your phone?
I know iphones use a combination of location mechanisms. GPS works when it can see the satellites, and the latest GPS systems are frightfully accurate. They also use cellphone triangulation, if there’s a signal from nearby towers; won’t work out in the woods or out in the ocean or in a metal box or dungeon. And, when all else fails, it uses its inertia sensors and figures it out based on its last known location. Not sure if/how to turn off some or all of these, but removing the battery would probably be effective.
Once, on the way to the airport, my cell fell out of my pocket in the van on the way to the airport. At first I thought it was somewhere else in my luggage – I ‘lose’ things often and they soon turn up simply mislaid. So I don’t report anything stolen till I’m really sure. In this case, when I got to my destination, I just called the cellphone from a landline and the driver answered and I got it back.
That exactly what the world needs right now, governments being able to switch of peoples phones. LOL.
Revive switch?
Okay, so I misplace my cellphone and decide it’s been stolen from my car. I notify the carrier (or Cyanogenmod Kill, or Sophos services, or whoever) to disable the phone.
The next day I notice the phone on the floor of the car. Can I get the service to revive the phone by presenting my ID and SIM and phone to a convenient office, or have I killed the phone forever.
I have never used a hard disk password because they are so unforgiving. I wouldn’t use a cellphone kill either unless I knew it was reversible upon display of the right credentials AND the services were invulnerable to social engineering.
A hard disk password is only “unforgiving” if you forget it. And any decent full disk encryption system will create a recovery code at install time that you can write down and lock away.
Sometimes what appears to be stolen is actually a case of someone finding lost stuff and not being able to return it. If they are not able to easily figure out who it belongs to it won’t get returned very fast if at all. This is why I put tracker tags on all my stuff. They make it easy for someone to return things quickly. I figure for a couple bucks it’s worth a try and better than wiping my phones data and then getting a call that it has been found a few days later.
This would be great for no knock raids, just turn off all the phones in a building or area, taking out all communication and attack. Great for preventing video of said actions getting out. Bonk bonk bonk on your head. The current method just blocks signal, but doesn’t stop video, lots of problems with that.
I’m watching you. We know who you are and what you do, it’s just that we have priorities.