back to article Anti-theft mobe KILL SWITCH edges closer to reality in California

The Golden State is one step closer to passing a law which would require mobile phone vendors to implement remote bricking capabilities in all handsets. The California Senate has approved SB 962, the bill which mandates a "kill switch" mechanism in phones which could render stolen handsets useless and hopefully deter thieves. …

COMMENTS

This topic is closed for new posts.

Page:

Why a kill switch as opposed to imei blocking on all carriers? Sounds like a govt inspired backdoor for future exploit.

15
2
Silver badge

What? Why the fuck would they go through all the trouble to publicly legislate for a backdoor in one State? If you've missed the news for the last year it has become rather evident that device level backdoors are a tedious waste of money and a security threat because the phones sure as hell won't be built in California, or even the US.

I've never understood what everybody worries about with remote bricking on phones. It's not as if the consumer has ever had control of their handsets. Ever. Your carrier of choice has always had the ability to knock phones offline, and they'll do it across carriers too if you still owe one of them money. It has always been that way.

The threat is in the data centers, not your phone.

4
3
Silver badge

>The threat is in the data centers, not your phone.

Agreed but what is worrying is the change of 'voice' that will be governing the data center.

1
0

Good for the owner

IMEI blocking, or whatever it is that service providers do, makes the handset less valuable to potential buyers who want to use the device as a phone. A kill-switch to brick the phone makes the handset less valuable to potential data thieves.

2
1
Silver badge

Re: Good for the owner

I don't think the legislators give a damn about data thieves. Thieves aren't stealing smartphones to steal their data, they're stealing them to resell out of a car's trunk the next day.

IMEI blacklisting is barely a half measure - more like an eighth measure. Smartphones are pretty darn useful even if you can't connect them to a cell network. Not to mention IMEI blacklisting is not worldwide, so phones stolen in the US would be sold to someone with a contact in China to ship them to for resale there.

That's why it needs to be addressed by the OEM. Then when a phone is stolen it can be made valueless, making them pointless to steal.

6
0

You ask why publicly legislate in one state?

To copy your form of speaking, Where the hell have you been during the past 30 years? The past 10? Five? One? You do know that things such as this always appear first in either California or New York? That's where the "public acceptance marketing balloons get floated before final implementation. Do the research! For example, check out the USG RFPs and Contract Awards that are listed for all the world to read. Not that too many actually do.

And how can you overlook your own words? Such as "publicly"? Given past performance of the U.S. government and its' co-conspirators up north, down south, and across both ponds, what makes you ignore the high probabilities that things are being done "privately"? That's why they call them "black ops". What? Did you miss the Snowden files?

The threat is in data centers, not your phone? Is that so? Damn, I must have been dreaming when I more than once remotely copied then wiped the contents of all those secure Blackberries. Compared to them, the modern computers you think of as "phones" are so easy.

5
1
Anonymous Coward

Your carrier of choice has always had the ability to knock phones offline

Correct, which prompts two questions:

1 - why have they not been able to get their act together? The answer is probably that revenue is revenue, wherever it comes from, the same reason why Western Union still appears to be the main money carrier for Internet scams.

2 - why does the US try to legislate something which will have a global impact? Don't forget that the majority of large scale phone manufacturers have US HQs, and are thus subject to the same shenanigans that Snowden has been busy disclosing. In that respect, Nokia being sold to MS was a VERY bad move for our security because it was one of the last big ones not under US control.

5
1
Anonymous Coward

Re: Good for the owner

That's why it needs to be addressed by the OEM. Then when a phone is stolen it can be made valueless, making them pointless to steal.

The problem is that it enables yet another denial of service vector that is in the hands of a 3rd party - worse, it puts in the hands of that paragon of human rights and fighter of legislative abuse, the US government (yes, I'm being very sarcastic).

If the price of avoiding a LEGALISED control over my phone by US government is a higher risk of theft I'll take it thank you - I want that to remain my choice. I am unlikely to ever go near the US, so I'm not interested in Clipper v2, even with more limited functionality. Personally, I think other governments should get involved because it risks them too. Imagine an ambassador or CEO who is getting in the way of US interests: suddenly, their phone no longer works. What an amazing and unfortunate coincidence. Terribly sorry, you're "collateral damage" - be glad it's at least the non-lethal kind.

Suddenly, Blackberry has become even more attractive.

Bye bye iPhone, it was fun while it lasted.

5
3
Silver badge

Re: Good for the owner

Do you really believe that Blackberry, Android, Windows Phone, FirefoxOS or whatever don't have the ability to brick your phone if they decided to do so? Just because they don't do it in response to a stolen phone doesn't mean they don't have the power!

Do you really believe that carriers don't have the ability to make your phone useless to you within your entire country if they so desire? Or that your government doesn't have the ability to make wireless carriers shut down if they claimed a national emergency (i.e. the people trying to organize a coup against them?)

You live in an insulated world if you think that by saying "bye bye iPhone" you wave bye bye to the only chance that your currently working phone can be made to stop working against your will.

Unless you are using a phone that is 100% open source, from the GUI to the kernel to the firmware, and you check that source yourself or fully believe in those who do (or claim to) you're living in denial, trading a "they tell you they can do this" for a "they can do this but aren't telling you they can".

9
2
Silver badge

Re: Good for the owner

>Not to mention IMEI blacklisting is not worldwide, sold to China

And the remote kill switch is?

This isn't a separate radio controlled bit of plastic explosive. It's requiring the OS to be sent a message over the cell network.

There is no reason for China State Telecom to route US kill messages any more than US carriers would accept requests from the Chinese govt. And any phone that is reflashed with a custom image is safe even at home.

2
1
Silver badge

I don't understand this bullcrap either.

IMEI

Serial number

UID number (SIM card)

Those are readily available to your carrier and only THEIR laziness prevents them from utilizing them to kill a stolen phone

Using those three thing will turn ANY phone into about handful of plastic junk. Forever.

I did this everyday for stolen phones, so I really, REALLY don't understand what this whole dog and pony show is all about except to point out that it appears most carriers have NOTHING in place to kill stolen phones.

2
2
Silver badge

Re: Good for the owner

"...so phones stolen in the US would be sold to someone with a contact in China to ship them to for resale there."

In the US, the local black market is far, FAR more prevalent than the overseas market.

3
0
h3
Bronze badge

Re: Good for the owner

I cannot see what can be done at the moment to stop e.g setool from rebuilding anything. (The bit it uses via the testpoint is in rom. From there you can do a hardware initialisation / full imei rebuild / reflash the rom.

Blowing some type of hardware fuse in the SoC is the only thing I can think of that would work.

1
0
Silver badge

@shovelDriver

Child, I was in California lobbying for changes to their tax incentives for utility easements across private property for research and education networks before you knew what lobbying was. You're far out of your depth.

You never start in California if your goal is nationwide legislation. Tell me, oh great and wise, yet wildly inexperienced, numpty; why don't you start in California? You don't know do you?

You don't go to California because every single time that California legislation moves up here to DC approximately 50% of everybody will vote down even considering the legislation. It's a death sentence to bring California legislation to Capitol Hill.

It's one thing to lobby for legislation in California, the market is enormous all by itself. But if you want national legislation you start here in DC. Doubly so in this case because Metro DC Police Chief Cathy Lanier is the nation's number one advocate for remote phone 'bricking'.

See, if you want something with nationwide impact done here you start with a visit to one of the 17,000 registered lobbyists working in this city. There are two lobbying firms in the same building as my city office. They're not hard to find, or work with you know.

At any rate, there are 'proper' ways to mangle and distort law in this country. You do it the right way, or you don't get to do it at all. You're acting like an ass, thinking that there's some vast conspiracy to do everything backwards with the intent of bricking your phone. You're paranoid because you think someone might, I don't know actually; what are you afraid of?

Well, whatever it is that you're paranoid about, you're looking in the wrong place for it. The funny part is, you're making a scene about it and that's the crux of all this stuff. You're overvaluing the worth of your personal things and while you're out whining about it the actual threats are just rolling along and you don't even glance that direction.

So thanks, I guess. You've reaffirmed the purpose of lobbyists everywhere. You'll buy in to whatever they tell you and you'll stare all slack jawed and weepy eyed when you realize you've wasted so much time being concerned about the wrong things.

1
3
Silver badge

Re: @shovelDriver

The reason you start in California is that, because it's the most populous state in the nation, anything you do in California tends to ripple for the simple reason that it's easier to abide by California's tougher standards universally than to have two lines.

Here's two words that spring to mind: "California Emissions".

3
1
Silver badge

@Yet Another Anonymous coward

This "remote kill switch" isn't some special encoded message sent over the cell network, it is sent via IP. If China wanted to block a kill message from Apple, they'd have to block all IP traffic from Apple.

An Android phone could be reflashed with a custom image that didn't use any Google services, but what's the value of an Android phone that can't access the Google Play store, use Google Maps, or Google Search? Sure, in China, it is worth something since there are millions of such phones sold every month. But in the US? Worthless. And that's only an option for Android, there are no custom firmwares available for the iPhone. Jailbreaking leaves iOS mostly intact, and wouldn't affect Apple's ability to kill it.

2
1
Silver badge

Re: @shovelDriver

For non-legislative issues, yes. California is a good place to start, but legislative issues don't ripple out from California very often. They usually just fall over dead once they're exposed to the noxious cloud of legislative bullshit the rest of the country deals with all the time.

Some issues, Prop 65 for example, do get out of California, but that's only because they made the printing and affixing of the lead disclosure label 100% deductible.

If it helps make it clearer, we treat California like we treat the UK. Kind of like a lost colony where all the rules are weird and overthought. When you do business there, or send products there, you crank your prices up to cover the costs of compliance plus a bit extra to cover the plain old pain in the ass bullshit. California emissions are a great example, you pay a shitload more for California emissions compliance for cars sold in California and take a fuel efficiency hit. Those standards will never leave California, it's cheaper to build separate models for that market.

And that's why national legislation rarely starts in California. Everything that comes out of there is a bureaucratic nightmare that adds costs to consumers. National level politicians won't touch that stuff with a barge pole. It's reelection suicide to vote for those laws.

I'm not saying there's no vast conspiracy, the NSA fiasco shows there is one. But the NSA fiasco also shows why it's just fucking stupid to think the government is trying to get voted onto individual handsets, one state at a time. There's NO SENSE in even fucking around with that when you've got a global surveillance and secret court system that forces carriers and service providers to hand over whatever they want or shut down service to anyone they want.

When you've got a system that works and is immune to pressure you don't go fucking about with hope that a consumer product law gets enough momentum to travel across the country. That's stupid.

0
0
Silver badge
FAIL

Re: Good for the owner

@Flip:

IMEI blocking is useless as they can be replaced with a different number in a 5-minute operation.

I have my cell handset IMEI changed every week or two - last time I took it in to a Samsung Service Centre (we have five in SaiGon) the tech noticed the difference and simply used his laptop to correct it.

If you do change your IMEI and intend to go roaming, visit your Cellco office and ask them if the have the correct IMEI on their computer system.

P.S. It's illegal to change IMEI numbers in Blighty - it makes GCHQ work so much more harder.

1
1
Silver badge

Re: Good for the owner

"I cannot see what can be done at the moment to stop e.g setool from rebuilding anything. (The bit it uses via the testpoint is in rom. From there you can do a hardware initialisation / full imei rebuild / reflash the rom.

Very true, but you give thieves (and their fences) more credit for technical ability than they actually have.

The truth is that all they have to do these days is swap SIM cards at the shady indie shop and they're on their way. Of course that same shop can also do the ROM flash. But again, this is giving thieves more technical credit for even knowing this than they have.

0
0
Silver badge

Why not IMEI blocking? SImple

Because the phones can still be sold then used abroad so its no deterrent. Unless you got EVERY mobile carrier on the entire planet to sign up to some scheme then its worthless.

0
0
Anonymous Coward

Re: Good for the owner

Carriers have no reason to disable phones as a stolen IMEI one from UK can still be used in Nigeria on the same network, income is income.

The manufacturers on the other hand will sell more new sets if stolen ones cannot be resold

0
0
Anonymous Coward

and of course...

any benefit this function has for the political security apparatus is purely coincidental. Thus they can blame "the people" for giving central authority the ability to disable or kill devices individually or in groups.

When all the iDevices shut down at the next #Occupy, who ya gonna blame?

3
3
Silver badge

Re: and of course...

That capability already exists, my paranoid friend.

Has for decades.

3
0
Silver badge

Re: and of course...

Of course it has existed for a long time. The 'political apparatus' doesn't need to go tampering with hundreds of millions of devices so they can skew election results.

People's priorities get so screwed up. They're worried about someone else having control of their phone, but never stop to think about who is controlling the money they pay their phone bill with. If 'the government' wanted to fuck with people they can just cut off access to your money. Or one of a million other things that are cheaper, less intrusive, completely invisible and a whole, whole lot scarier.

2
0
Silver badge
Stop

I still say this is ripe for abuse.

Some enterprising hacker is going to penetrate this system and brick phones for shits/giggles/profit, or jealous lovers at phone company will do it to get back at exs'.

10
1
Bronze badge

Re: I still say this is ripe for abuse.

The big laugh will be when they brick all the politicians phones.

That being said it is also possible for the politicians to stifle descent by ordering the bricking of the phones of those that oppose them - BIG BROTHER is watching you.

0
0
Bronze badge

Re: I still say this is ripe for abuse.

I wonder...

If 1337 h@xx0r were to brick all of a carrier's users phones who would foot the bill?

Removing control from the end user should mean that whoever gains that power should also take responsibility for it's misuse.

IMHO this (money money money mo-ney MO-NEY) will be the determining factor re US wide and/or global adoption.

1
0
Facepalm

Re: I still say this is ripe for abuse.

Abuse? Can you imagine what would happen if a zero-day exploit allowed ALL cell phones in the US to be killed all at the same time? Most people don't keep a land-line anymore, and there are hardly any pay-phones left.

In one day we could be sent back to 1912 as far as our ability to connect, get business done, or call for help. But no California, tell us how it will reduce cell phone theft, what could go wrong?

1
0
Anonymous Coward

Re: I still say this is ripe for abuse.

Bricking somebody's phone is not going to stop them dissenting. People don't die when their phone stops working and you don't need a cellphone to get pissed off at the government. 40 years ago, and for a million before that, nobody had one and there was no shortage of political dissent.

If somebody's phone stops working they can just toss it in the bin and buy another one. The really serious dissenters are all using disposable phones anyway.

There's no big brother aspect to this. It's just an attempt to reduce phone thefts and it's doomed to failure because as usual the people mandating it don't understand technology. Any electronic device can be unbricked and reprogrammed by somebody with the right skill set.

The net result is that stolen phones will be slightly more expensive because they now have to be shipped overseas so that an 8 year old Chinese girl can unsolder and replace a 5cent chip to make it work again.

0
0

Re: I still say this is ripe for abuse.

" People don't die when their phone stops working"

Ever been out with a group of under 30's lately?

3
0
Black Helicopters

Re: I still say this is ripe for abuse.

" Any electronic device can be unbricked and reprogrammed by somebody with the right skill set."

Personally .. id like to see all forms of memory be rigged with on chip self destruct , bricks the phone and kills all data in one shot. The latter part seemingly being of high interest.

0
0
Silver badge

Half the problem

Sure, phone theft is high but it isn't like the scare videos the big cities put out. In reality, like all the prototype iPhones that were stolen, almost half (44%) were left behind somewhere like a bar, a bus or at work and only 11% were actually taken off the victim's person according to a survey conducted by mobile security outfit Lookout

Given how many were left behind and claimed stolen, how many were actually simply lost and tossed or dropped out of a pocket and never seen again? Given I know my homeowner policy covers stolen gadgets but not lost gadgets, I'll go with a fairly high percentage like 3 in 4. Sure, they can feel their missing data is safe but it isn't like the fishes, forklift or landfill was going to use it anyway.

3
0
Silver badge

Re: Half the problem

Plus I'd be interested in seeing a killswitch system that was Faraday-proof.

2
0
Anonymous Coward

Re: Half the problem

They could, of course, make the phones cheaper, that would be less profit per unit.

No, no, don't worry, it was just a joke. I wasn't in any way suggesting phone manufacturers should make less profit.

</sarcasm>

1
0
Silver badge

Re: Half the problem

"In reality, like all the prototype iPhones that were stolen, almost half (44%) were left behind somewhere like a bar, a bus or at work and only 11% were actually taken off the victim's person according to a survey conducted by mobile security outfit Lookout."

Hmm? I've heard of incidents where the owner was killed and the ONLY thing taken was their phone. Statistical outlier or not, that's pretty extreme in my book just to nick a phone.

1
0
Silver badge

Re: Half the problem

The last survey suggested that the majority of "reported stolen" phones were lost or deliberately destroyed to get an upgrade from the carrier or claim on the insurance

0
0
Silver badge

Re: Half the problem @Charles 9

It doesn't have to be 'Faraday proof' if you want to use the phone. The handshake at phone startup is all that needs to take place. If you can't use the phone anyway just save the effort of a screen.

1
0
Silver badge

Re: Half the problem @Charles 9

I'm talking Faraday-proof in the sense a nicker would just stuff the phone into a Faraday bag. Without radio reception, how's the phone supposed to receive the killswitch signal before it's rooted and retooled to not respond to the killswitch?

0
1
Anonymous Coward

Re: Half the problem

"Plus I'd be interested in seeing a killswitch system that was Faraday-proof"

I'd want to see you use the phone whilst in there first :)

0
0
Anonymous Coward

"Nothing less will solve the problem.”

So smooth - like shinny polished turd. They've really got it down to an art now.

4
1
Anonymous Coward

Of course this presumably also means that the authorities obtain the ability to shut down any mobile device remotely at will as well.

That must be nice for them.

1
0
Silver badge

You're assuming they don't have the ability ALREADY.

4
0
Pirate

"Nothing less will solve the problem

hey ho! its back to slate and chalk for me.

0
0
Anonymous Coward

Protect your phone by making it throw away?

It looks like back door protectionism that will makes your own Android phone obsolete far faster.

0
0
Silver badge

Re: Protect your phone by making it throw away?

The sheeple are quite happy to upgrade every year or 2 anyway because of some nebulous "improved" functionality the marketing dept at Apple/Samsung/whoever have persuaded the gullible idiots along with their equally gullible social network friends they really need Right Now or their lives will be little better than a 19th century coal miner, so I don't see this as a major impediment.

0
0
Silver badge

PS. To anyone who thinks this is a way for the government to get a backdoor inserted into your phone...

What makes you think they don't have such a mechanism ALREADY?

Plus, as others have said, there are other ways to stop cell phones in their tracks: taking over the towers, radio sniffing for picocells, etc. Once all networks are down, the plods can just round everyone up and take the phones physically. Plus this has the advantage of also picking up non-networked devices like dedicated cameras. Look what happened in Iran. Not much communication once the towers went down, eh?

1
0
Silver badge

It does already has has since the beginning of cell phones. It's built into the system.

1
0
Bronze badge

Already have it

The proposed law would require no change on Apple's part, because remote wipe/kill capability already exists in iOS devices. The kill is permanent, meaning the device can never be used again under any circumstances. It's something that the user can initiate in the event of a lost or stolen phone. The carrier cannot do it. And, by law, Apple would be prohibited from doing it unless specifically authorised to do so by the phone's owner.

The kill is far more pervasive than blocking the phone from making or receiving calls.

If someone did manage to compromise Apple's security infrastructure and bricked my phone for me – thank you very much – a few things would happen.

1. There would be a massive shit storm

2. I'd demand a replacement handset from the Apple Store

3. I'd restore the new device to its previous state from an iCloud backup

Likely to happen? Nah

Bothersome if it did? A bit, but not the end of the world

2
2
Anonymous Coward

Re: Already have it

"The kill is permanent, meaning the device can never be used again under any circumstances."

Seriously ? Got any information on it ?

This seems to indicate the phone is wiped but can be re-used:

http://support.apple.com/kb/ph2701

0
0
Bronze badge

Re: @AC

Sorry, I'll qualify that by saying the only circumstance under which the wiped iPhone can be brought back to life is if, on the device, you enter your original Apple ID and password.

Activation Lock

2
1

Page:

This topic is closed for new posts.

Forums