Monday, 17 February 2014 15:05

Smartphone kill-switches pop up again this time in the Senate

Written by

Reading time is around minutes.

Smartphone and digital device theft is a pretty big deal according to many statistics out there. It is a pretty easy crime when you think about it: grab someone’s phone and run. Even if they wipe all their personal data you can always sell the phone to someone that can reactivate it. There have been many suggestions for how to combat this type of crime, some more effective than others. However, the one that now seems to be rearing its ugly head more frequently is the concept of a kill-switch embedded into all smartphones that would allow a device to be permanently disabled by remote command and all personal data wiped.

 

The idea is this. If thieves know that a device can be rendered inoperable when stolen, they won’t steal them. The Smartphone Theft Protection Act introduced by Amy Klobuchar (D-MN), Barbara Mikulski (D-MD), Richard Blumenthal (D-CT), and Mazie Hirono (D-HI) is meant to provide “important reform and relief” from the threat of having your phone stolen. Well, that is what the four senators sponsoring the bill are claiming. Others are not so confident that requiring a kill-stich in every cellular connected device will be any deterrent while some are saying this might have nothing to do with theft at all.

The first (and most important) concern is that hackers could potentially access the system and shut down groups of mobile users. The current state of security we have seen in the industry only adds credibility to this concern. Imagine if a hostile country were able to get into this system, how much damage could they do before anyone detected it and stopped them. Imagine the monetary losses that would be incurred by individuals, carriers or manufacturers that needed to replace dead phones.

In “asking around” getting the information needed to hack or spoof this type of system would be fairly simple. It could potentially be as easy as having a single device from a carrier and backwards engineering the system built into the phone. Now this might require sacrificing the phone (call in a report it stolen to watch the system at work), but even that would be a small price to pay for the ability to kill phones belonging to millions of mobile users.
One school of through to mitigate the potential disaster that this would cause is to allow the phones to be brought back to life and resorted to operation. Sadly this is also not going to have any effect. If the kill-switch is not permanent then it will quickly be bypassed and thefts will continue. Trust me when I say that there are very few measures, short of making the device explode, that will prevent someone from resurrecting a device.

As for personal data, there are already multiple free systems that will let you do this. Android has this through the play store and Apple has find my phone so wiping data is not the main focus of the bill. It seems to have been thrown in as an afterthought. So why the push to put a mechanism in place to kill cellular phones? Honestly we do not know, it seems as if some people with a limited grasp on technology have been fed a line about what is the best thing to do to prevent phone theft and they have run with it. They are waving a flag that they do not even understand.

To some this would seem to be a method to force a way for the government to have even more control over personal communication and open up avenues for potential abuse. There is already one documented case where a government agency cut off cellular communication in response to a protest. What is to stop them from simply killing a person or persons phone if they are a perceived threat? What is to stop the government from flipping the switch on all phones if they feel the need? Granted this is probably an extremely unlikely event, but there is already an executive order that allows for DHS to take control of national communications in then even of a national security threat. It is not that big of a leap of imagination to put the potential for this closer to reality.

Fortunately it is not just the conspiracy theory guys or the hacking community that think this is dumb idea. CITA, the FCC, and many mobile carriers do as well. They feel the risk of abuse (government or otherwise) is too great to put this in play. Instead they think that a national database of phones reported as stolen is a much better choice. With this they can black list the device globally and prevent someone from activating it on any network. This makes the resale of stolen phones valueless and will do more to prevent theft than a kill switch. It also is much less invasive and has limited potential for abuse.

Sadly, even with the manufacturers, the FCC and CITA against this legislation it is being pushed forward into the senate for debate…

Tell us what you think in our Forum

 

Read 2377 times Last modified on Monday, 17 February 2014 15:09

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.