back to article UK fuzz want PINCODES on ALL mobile phones

The Metropolitan Police has spent more than two years lobbying phone manufacturers and the government in a bid to introduce mandatory passwords on every new unit sold in Blighty, The Reg has learned. Senior officers from the Met's National Mobile Phone Crime Unit (NMPCU) have met with firms including Apple and Samsung to …

Page:

  1. Anonymous Coward
    Anonymous Coward

    Strange...I already have a lock on my phone. Oh, how odd...I already have tracking on my phone (and additional lock-outs etc).

    We don't need legislation, we need the public to become educated in the tools they are using and what can be installed. We all know to lock our doors and set the alarm (although many people don't know that their locks are inadequate and will void any insurance claim)...so it should be with phones, cars, PCs, anything.

    The current generation is probably a lost cause, we need to help the next and that begins in school teaching critical thought and how to use a computer (not just be an idiotic, Windows-based, button pusher).

    If you are a parent, it's up to you. If you don't understand either learn or pay someone who does. Simple.

    1. Anonymous Coward
      Anonymous Coward

      we need the public to become educated in the tools they are using and what can be installed

      How exactly does selling phones with pin codes stop that?

      1. Anonymous Coward
        Anonymous Coward

        Re: we need the public to become educated in the tools they are using and what can be installed

        > How exactly does selling phones with pin codes stop that?

        Legislating for PIN codes gives people a false sense of security. "If have a PIN, ergo I am safe. Nanny says so." If people have an understanding, then they know the limits of whatever security they are using, and what to not keep on their phone.

        1. Anonymous Coward
          Anonymous Coward

          Re: Legislating for PIN codes gives people a false sense of security

          And a real layer of security against casual theft of personal data.

          Never mind what people should do, what will they do? What do they currently do? Currently 60% don't have a pin on their phones, this might make that number higher. That is not a bad thing.

        2. Jim 59

          Re: we need the public to become educated in the tools they are using and what can be installed

          Unlike El Reg and its commentards, not everybody devotes their whole life to being a tech expert. IMO, pins set by default would help those normal people.

          Saying "people are stupid they should learn" is a bit like saying we should just leave live 240v wires uninsulated and just educate people not to touch them.

          Whether a law is needed is doubtful. Better just have the manufacturers set the unique PIN by agreement. It is what they already do with commercial hardware - eg. HP blade equipment always comes with unique admin passwords already set, and detailed in a paper tag. And the customers for this are usually advanced admins.

          1. Ben Tasker

            Re: we need the public to become educated in the tools they are using and what can be installed

            Unlike El Reg and its commentards, not everybody devotes their whole life to being a tech expert. IMO, pins set by default would help those normal people.

            Normal? Round here we call them muggles....

            In all seriousness, just what is 'Normal'? Pins set by default will help with the current issue, but there are a fair number of other issues in general with your 'normal' people not giving two fucks about security. So that issue still needs to be addressed, which means those 'normal's need to start giving at least half-a-fuck and making the effort to understand some of the tech.

            Knowing why it's a good idea to have a PIN set should absolutely never be the realm of 'tech expert's.

            Whether a law is needed is doubtful. Better just have the manufacturers set the unique PIN by agreement.

            Unique being the key there, if the default PIN is 1234 then we end up worse off than now (as most of those 'normal' users will leave the default).

            I do actually agree with you, just resent your use of the word 'normal' (even though I am not, and never have been 'normal' and proudly so).

            1. heyrick Silver badge

              Re: we need the public to become educated in the tools they are using and what can be installed

              " So that issue still needs to be addressed, which means those 'normal's need to start giving at least half-a-fuck and making the effort to understand some of the tech. "

              This is the main thing, to explain why phones are passworded and why they shouldn't make their first request "turn this off".

            2. dogged

              Re: we need the public to become educated in the tools they are using and what can be installed

              > Normal? Round here we call them muggles....

              I like to think of people who call other people muggles as "wankers".

              1. Ben Tasker

                Re: we need the public to become educated in the tools they are using and what can be installed

                > I like to think of people who call other people muggles as "wankers".

                Humourless nerk.....

                Perhaps my tone was a little too dry, but before anyone points me to http://xkcd.com/1386/, it was a joke, perhaps a bad one, but a joke none-the-less

                1. sabroni Silver badge
                  Happy

                  Re: Humourless nerk.....

                  Well I found the wanker comment much funnier than the muggles one....

            3. Anonymous Coward
              Anonymous Coward

              Re: we need the public to become educated in the tools they are using and what can be installed

              " I am not, and never have been 'normal'". I think all us normal people got that.

          2. Anonymous Coward
            Anonymous Coward

            Re: we need the public to become educated in the tools they are using and what can be installed

            "Unlike El Reg and its commentards, not everybody devotes their whole life to being a tech expert. IMO, pins set by default would help those normal people."

            And not everyone becomes a car mechanic, but we still expect them to be able to change a tyre, replace a fuse/bulb, check pressure/oil/water etc. This is no different.

            "Saying "people are stupid they should learn" is a bit like saying we should just leave live 240v wires uninsulated and just educate people not to touch them."

            That's absurd. We educate people to not leave live wires around, use correct fuses etc. And, here's an amazing concept, hire someone when things are too hard.

            1. Steve Knox

              Re: we need the public to become educated in the tools they are using and what can be installed

              "Unlike El Reg and its commentards, not everybody devotes their whole life to being a tech expert. IMO, pins set by default would help those normal people."

              And not everyone becomes a car mechanic, but we still expect them to be able to change a tyre, replace a fuse/bulb, check pressure/oil/water etc. This is no different.

              Oh goody, the automobile analogy. Let's run with that one:

              Does your auto dealer sell you a car with no door locks and an arcane document telling you how to install your own? 'cos that's essentially what you get with phones today.

              1. Anonymous Coward
                Anonymous Coward

                Re: we need the public to become educated in the tools they are using and what can be installed

                "Does your auto dealer sell you a car with no door locks and an arcane document telling you how to install your own? 'cos that's essentially what you get with phones today."

                No, it has a lock. Is there a *LAW* demanding it has a lock? Nup.

                And for "arcane"...it is a basic setting in the phone that can be found in 5 mins. The other stuff (live tracking etc) does have to be installed, but then so does a car alarm (certain, higher-end models excepted).

                Do try harder.

                The problem with *LAW* is that is moves so slowly. Under EU *LAW*, all phones must use USB2. USB3 is coming, can they use that? NO because the *LAW* says they can't. In 2016 you will be forced to use USB2, even though technology has moved on.

                Do you see what the problem is here? Not the PIN, lock or other security device; but *LAW*. It is often poorly written and detrimental to progress

          3. Toltec

            Re: we need the public to become educated in the tools they are using and what can be installed

            "Saying "people are stupid they should learn" is a bit like saying we should just leave live 240v wires uninsulated and just educate people not to touch them."

            Seems quite workable to me, touching them hurts so there would be pretty strong reinforcement.

            I have learnt this several times myself over the last four decades or so - Oh hang on!

          4. John Brown (no body) Silver badge

            Re: we need the public to become educated in the tools they are using and what can be installed

            "IMO, pins set by default would help those normal people"

            ...and the factory set default PIN will be 1234 or 0000. Most who currently don't use a PIN will most likely either never change it or switch it off because "well, it's a just a hassle, innit"

          5. Vic

            Re: we need the public to become educated in the tools they are using and what can be installed

            pins set by default would help those normal people.

            I'm not so sure.

            If the PIN is non-unique, then all criminals will know that $phone has a 99% probability of having the PIN 1234.

            If the PIN is unique to the phone, you've got a world of tech-support difficulty when the user has forgotten the PIN. And that tech support system is likely to be gamed.

            Additionally, if a phone is stolen for resale[1] in a mugging, the PIN will be extracted from the owner by duress.

            I'm unconvinced that this whole thing will have any beneficial effect. WHich is a shame :-(

            Vic.

            [1] I'm given to understand that the primary reason for stealing a phone in a mugging is to prevent the victim from calling the Plod. But this might have changed...

        3. Julian Taylor
          FAIL

          Re: we need the public to become educated in the tools they are using and what can be installed

          Well, experience has shown us that you are only safe until the plod start selling the master pincodes to the press

      2. VinceH

        Re: we need the public to become educated in the tools they are using and what can be installed

        "How exactly does selling phones with pin codes stop that?"

        Quite - if anything it helps with that, because (based on a massive statistical sample of one - my mother1) I suspect selling phones with PIN codes will result in people realising that their phones support the use of PIN codes!

        Personally, I think passwords (or PINs) should be mandatory on anything of this sort - not just phones, but also tablets, laptops, desktop PCs. Too many people don't bother - so legislate so that the manufacturers (and OS developers as appropriate) have to make password/PIN access compulsory, rather than optional.

        It's a dreaded nanny-state approach, but one that forces people to at least use some form of limited security, and hopefully some will go on to learn why.

        1. technically, I'm talking about a tablet rather than a phone - but she didn't have a PIN or other form of security set up on it. My brother visited her house and used the tablet while he was there, and she was not best pleased to discover he had logged her out of Skype, and she couldn't remember the password to log in again. At which point, yours truly gets asked to sort it out. Sadly, I wasn't asked to set it up in the first place - my nephew did the deed, and couldn't remember the password he used. D'oh! Still - sorted now.

    2. dogged
      Meh

      > The current generation is probably a lost cause, we need to help the next and that begins in school teaching critical thought and how to use a computer (not just be an idiotic, Windows-based, button pusher).

      Because if it uses a command line - or indeed, anything that isn't Windows! - it must be safe. Like Android. Android phones are totally safe. Everyone knows that.

      1. Anonymous Coward
        Anonymous Coward

        "Because if it uses a command line - or indeed, anything that isn't Windows!"

        Windows has a command line (sometimes more than one, depending on the version).

        Schools teach rote-learned, button pushing rather than understanding. They happen to do this on Windows. Hence the pupils become "idiotic, Windows-based, button [pushers]".

        "Like Android. Android phones are totally safe."

        The can be safe (not totally, nothing is) if the user takes a few moments to apply settings/install software. But that would take understanding of the risks they face.

      2. Anonymous Coward
        Anonymous Coward

        Call me a cynic but...

        "Only the defendant knew the pin code your honour, so that call/text/email couldn't have been made by some random stranger who picked up the phone as he suggests."

    3. Danny 5

      And here's silly old me thinking that (intelligent) people had stopped bashing windows, just for the sake of bashing windows, but I guess some people just cannot see past their old gripes.

      I hate Apple in a similar way, but at least I've come to understand that they make some damn good products. Hating products just because of the brand is silly, so the least you could do i admit they actually make decent products.

      1. Anonymous Coward
        Anonymous Coward

        "And here's silly old me thinking that (intelligent) people had stopped bashing windows, just for the sake of bashing windows"

        Where did I bash Windows? I think you'll find that I never expressed any opinion on Windows whatsoever. What I did complain about is what was being taught and the way it was being taught (i.e. unthinking, button pushing). Big difference.

        "you could do i admit they actually make decent products."

        I'll admit that the convicted monopolist manufactures products which encourage lock-in, reducing freedom and choice for the user, actively lobbies against interoperability and has been accused of ballot stuffing international standards bodies.

        As to "decent products"...that's a matter of personal opinion and use case. A hammer is only good for nails.

        1. Caesarius
          Windows

          @AC convicted monopolist ... lock-in, reducing freedom ... accused of ballot stuffing

          Eadon? Is that You?

    4. Aslan

      Herd Immunity

      Rather like vaccines if you vaccinate 95% of the population the effects are nearly the same as 100%. If every phone starts with a pincode lock on it then thieves will know that there's a lock on just about every phone and be forced to act accordingly. That will likely lead to less phones stolen in the short term.

      Longer term 3 months to a year out the question will be how good is the phones security? Will locking a phone with a pin code stop thieves from using the phone and retrieving the data. Given the current state of phone security at this time I'd say the answer is no.

      Security of phones and computers has been improving continually, but we aren't where we need to be with either yet.

    5. Stevie

      Bah!

      "If you are a parent, it's up to you. If you don't understand either learn or pay someone who does. Simple."

      I quite agree with this simple demand made in the most reasonable tone.

      I trust you'll reciprocate my own sensible and reasonable suggestion that anyone wishing to use anything with moving parts be conversant with the operation of a capstan lathe to machine a variety of materials (or pay someone who is to explain it to them).

      Shouldn't drive a car or use a disk drive if you can't make a spindle or a bearing journal in my opinion.

      And don't get me started on why you shouldn't have an internal combustion engine if you can't explain the difference between a magneto and an alternator/points setup.

      1. Anonymous Coward
        Anonymous Coward

        Re: Bah!

        @Stevie - what fatuous load of bollocks.

        If I was to do my own servicing yes, I would know the difference between a magneto and an alternator. As I don't, I *PAY* someone who does.

        If I was planning to make my own HDD I could, of course, mill my our spindle. As I don't, I *PAY* someone who does.

        If I was....you get the idea. In all cases I have either educated myself or paid for someone.

        If you have any actual point to make, you are clearly incapable of doing so.

        1. Stevie

          Re: Bah!

          You won't learn about magnetos and alternators by doing your own servicing.

          You don't "mill" a spindle.

          And as for my point, you just made it for me.

          1. Anonymous Coward
            Anonymous Coward

            Re: Bah!

            "And as for my point, you just made it for me."

            Hardly, I pay people to know/make the things I can't be bothered about or have the time.

            IT is no different. Learn or pay.

            People seem to struggle to grasp that basic concept, you included.

  2. Ian 56

    "Excuse me sir... can you tell me if your shiny new phone is password-locked."

    "It is? Excellent, very important to check that sort of thing you know. Now hand it over immediately, there's a good chap."

    1. Anonymous Coward
      Anonymous Coward

      OR even:

      "Excuse me Sir, can you please pass me your phone and tell me your pin code and before you ask, Sir, yes! I am a thieving barsteward who thinks nothing of a bit of violence before breakfast. Thank you for complying. Cheerio!"

      1. Anonymous Coward
        Anonymous Coward

        And here's my warrant card to prove it ...

  3. Anonymous Coward
    Anonymous Coward

    really?

    A pin code?

    Most people I know have a pin on their phone these days. When a phone is stolen it is usually an opportunistic theft, so they aren't considering if they have a pin or not. In most cases, they can be gotten around in some way, so the most important factor is encryption of a device so the data, at least, is safe. I know there is an argument that if it is harder to re-use a stolen phone then it will, over time, reduce theft, but it won't really stop opportunistic theft, whether it is a wallet, laptop, watch etc etc.

    If they were really bothered, they wouldn't waste resources lobbying on a daft change to default on a pin, they would insist that the mobile operators can block imei codes. But then the operators would insist that phones are not easily firmware overwritten, which will help their bottom line, probably.

    So the knock on effect will be probably be a law making alteration of a phones firmware illegal, which means the criminals will just carry on being criminals and not caring, and plenty of people being criminalised with no real criminal intent.

    All because, and why this kind of lobbying takes place, the Police are saying that the rise in this crime isn't that they are not doing enough, just that it is the public's fault for not setting security on their phone.

    The fact that there are some thieving barstewards with no respect for anything or anyone isn't really focused on.

    Or this could be just me. Grumpiness increases with age. Or maybe tolerance decreases with age. No idea. In a few years I will be at the same IT level as a 6 year old, apparently. Maybe that is it. Understanding just decreases with age so I should leave Government policy with people who *know* better and just let the Government govern, the Police police - after all they know what they are doing, right?

    1. dotdavid

      Re: really?

      "If they were really bothered, they wouldn't waste resources lobbying on a daft change to default on a pin, they would insist that the mobile operators can block imei codes"

      In the UK if you report your phone stolen the IMEI is blocked on all UK (and I think EU) mobile networks. This is why they try and ship the phone abroad to where it might not be blocked. I understand this is not the case in the US for whatever reason.

      The plod in this case are therefore more worried about personal data on the phones, not use of the stolen phones themselves. Stolen handsets can usually be reflashed without having to enter a PIN after all.

  4. Anonymous Coward
    Anonymous Coward

    Give people a complex pin and the ability to change it and they'll set it to something simple.. How many people changed their voicemail pin from 11111 or 12345

    1. Message From A Self-Destructing Turnip

      I would expect that if phones are supplied with the lock on by default, then they will have a default password. So the 60 per cent of phones that currently do not have a password will instead have the password '1234'.

    2. Tom 35

      I think they will need a backdoor

      I'm sure the cops will want a universal pin so they can investigate any evil people they see walking down the street. Maybe 8008 would be a good one.

      Or they can just try 1234 as that will work for 80% of people.

  5. 20legend

    No mention of Google's existing free Android Device Manager service which will let you locate, ring, lock and erase any droid device that is running Google services.

    1. BristolBachelor Gold badge

      That may help in one regard, but how long between you leaving your phone on a table in a Starbucks, walking around a bit, realising that you've lost it and then being able to access said Google service to lock your phone to prevent someone reading it's contents?

      I always have mine locked, and that's mainly to prevent opportunistic reading of its content.

  6. John Smith 19 Gold badge
    Big Brother

    Pheeeeew. For a moment there I thought

    he wanted the pin code of every mobile phone in Britain.

    Although I'd guess that would be the next step.

  7. ukgnome
    Big Brother

    It's simple, what we all need is a DNA lock.

    Then we wouldn't need a PIN, and the thieves would need a vial of blood or summink.

    Oh hang on............I think I have just legitimised police assisting people down the stairs.

  8. g e

    Or maybe...

    Not giving up your PIN Sir? Jail for you, then.

  9. Parax

    Pebble Locker App

    I don't like entering a pin every time I get my phone from my pocket.. so I have found the perfect solution: The Pebble Locker App!

    My phone is unlocked as long as it is connected to my Pebble watch. as soon as my watch goes out of range, the phone is pin locked. No hassle for me and secure if it leaves range of me. A best of both worlds solution!

    1. Alan Brown Silver badge

      Re: Pebble Locker App

      My phone is unlocked as long as it is connected to my Pebble watch. as soon as my watch goes out of range, _or goes flat_, the phone is pin locked.

      There, FTFY. (The latter happens more often than the former)

      1. Parax

        Re: Pebble Locker App

        WTF are you doing to your watch? (Are you using a phone that doesn't support Bluetooth LE?) My pebble easily lasts 5 days between charges. I've never had a Pebble go flat on my wrist ever (since feb 13) I do put the watch and phone on charge at the same time from the same dual port power block.

        That said entering Pin if it is flat is hardly the end of the world though is it?

        The Phone going flat however does happen frequently... but that's a different problem!

    2. Just Enough

      Re: Pebble Locker App

      And no mugger is ever going to steal both your phone and your watch, are they?

      Or maybe not.

  10. Anonymous Coward
    Anonymous Coward

    Protecting your data...

    "...a range of measures we are trying to push to protect personal data.

    All of the industry has been engaged at all levels - and government too."

    I assume that by the "government protecting personal data", he's referring to them slurping all of your personal communications data and storing it for several years. And I don't buy the argument that "it's just metadata" - metadata is still personal and is very easily combined with other sources (or in enough quantity on its own) to give a very complete profile of the user and their activities.

  11. AbelSoul

    All well and good...

    ... but not always the best idea.

    Glastonbury festival, two months ago. My significant other lost her 'phone.

    She chooses not to have PIN or password protection, which in this case turned out to be a good thing. Otherwise the kindly sort who found it would not have been able to send me a text message detailing which bar it had been handed into and she would probably have never seen it again.

    Despite this, I still have a PIN on mine. Make of that what you will.

    1. dotdavid

      Re: All well and good...

      I have a PIN on mine, but also an "owner info" message with my email address and home phone number so good Samaritans can get in touch if they find my phone before it gets remotely-nuked.

      I also have an app that takes a photo and emails me mugshots of people who try to unlock my phone and fail which sounded like a good idea at the time!

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like