Ask Lenovo
They have experience with exploding devices, if memory serves.
It won't surprise you at all to know that the US government is keenly interested in the idea of self-destructing electronics. What it wants, apparently, is to give a phone the ability to detect whether the person carrying it is the right person – for example, by walking style. Since phones are crawling with sensors, there are …
... or the no-nonsense protection built into South African cars.
I was thinking more about the protections built into Judge Dredd's Law Giver
I think it would be just a *tiny* bit OTT to splatter someone's head all over the wall :). Not that that may not be deserved, but it's likely to clash with the interior decorating (which is less of an issue with Judge Dredd on account of typically not leaving much of an interior to start with).
. . . or injure your leg playing sport or get a blister from some new shoes or carry your phone while drunk. Or put it in your backpack or simply wear a different pair of pants with tighter/looser pockets. Maybe they decide to start running at lunch time. The list is endless.
Now, there are indeed lots of sensors on phones and software can be made very clever indeed, but, given the WIDE range of behaviours that would have to be accounted for, two questions spring to mind:
1. How long would the phone need to build a baseline profile?
2. How much anomalous activity would it need to determine that it was being used by someone else?
Surely the software would need to account for oddities like those listed above and so couldn't trigger when it noticed a different gait or a different level of activity or being carried at a different height (say, in cargo shorts rather than suit pants). And, if it's accounting for such oddities, how can it be protecting based on those same behaviours?
Let's take a scenario - that a phone is stolen for the express purpose of gathering information from it. The person stealing it would tuck it away and then take it off to be broken in to. What part of the taking and transporting would alert the phone that it was in a non-authorised backpack or briefcase or sitting on the back seat of an unfamiliar car? How would it know it was sitting on the wrong desk?
Technologies to detect forcible circumvention (whatever they are) might then kick in and decide that the phone was being 'hacked' or disassembled by an unauthorised person and that's fine. But how has that level of security been improved by the addition of sensors to monitor how someone walks? It's not as though someone who has stolen the phone to hack it will walk around with it in their pocket for a week to enable a picture of them to be built up.
Just all seems a bit pointless as it will either be prone to frequent false-positives, which would be more than an idle annoyance, or unable to catch anomalous behaviour in time.
This has conflicting requirements.
1) Detect that the right person is carrying the phone, with 100% reliability.
2) Detect when the wrong person carrying the phone, with 100% reliability.
It's no good if it's, say, 99% reliable. That would mean that it would occassioanlly self destruct on a legitimate user, and sometimes fail to destroy itself in the hands of an unauthorised user.
With any kind of feature, gait, biometric sensor there is a degree of uncertainty as to what they've measured. It can never be 100%. Even us humans sometimes get it wrong (ever been convinced you've seen a friend out and about who turned out not to be? Embarassing when you walk up to them and say "Hi!").
The maths involved in optimising weights for combining unreliable sensors like this are clear. You can bias the system one way or the other, but not in both directions at once.
In short, it won't work well enough to actually be useful. Biased one way it will be too unreliable for legitimate users. Biased the other and it will not be secure enough for the intended purpose.
Incidentally the maths problems underpinning the problems with these sorts of systems and requirements is what killed off the biometric identity card scheme here in the UK. They (finally, and very late) realised that it would be useless at the intended purpose, which was letting UK citizens through passport control at the airport and keeping non-UK citizens out (or queuing up at passport control). It was either going to let people impersonate UK citizens too easily, or deny entry to genuine citizens too regularly.
I would argue that less than 100% "wrong person" detection is acceptable. Even if only 50% of stolen phones destroy themselves, that's better than nothing. It could be combined with other security, after all. But the false positive rate has to be 0, or damn close. Even if you buy your phones with other people's money (like the feds) and back up your data regularly, a phone that randomly suicides is too big a liability.
I'm not entirely sure that it's even possible to detect a "wrong" person without having a database of all persons. Certainly biometrics is going to be very difficult in a situation where a person is bedridden and they ask someone to bring them their phone. The biometrics database would have to be extremely large.
@Old Handle
"Even if only 50% of stolen phones destroy themselves, that's better than nothing."
I agree that 50% is better than nothing but I don't see them achieving even that. Any such system would, if it was to avoid false positives, need to be rather forgiving of different behaviours. How long does anyone believe that someone looking to steal data would carry the phone around for? I doubt it would be long enough for the system to build up a sure enough picture to be convinced it wasn't the original user.
And, while 10% is still 'better' than nothing, that doesn't mean it's worthwhile to do.
Even if only 50% of stolen phones destroy themselves, that's better than nothing.
Not necessarily...
The trouble with such "protection" systems is that people start to rely on them - if the phone is "secure", the users start to become less so. So if it turns out not to be secure after all, you might well have lessened your actual security.
TL;DR: Complacency kills.
Vic.
"Incidentally the maths problems underpinning the problems with these sorts of systems and requirements is what killed off the biometric identity card scheme here in the UK"
They seem to have sorted it out in other countries. When living in Singapore I could breeze through passport control at Changi with an ID card and thumbprint - and that place seemed much more concerned than we are with keeping out the uninvited! What were we (or they) doing wrong?
That is where the backdoor they keep trying to mandate comes in. You really do have to wonder if these guys actually listen to themselves.
"We want everyone to have secure phones that we can access as we wish and if the security system is threatened it will self destruct unless we're the ones threatening the security system. It's really that simple, I don't see why you lot keep saying that's so hard."
There's going to have to be some proper research into different methods of walking because it's going to be like passwords, a normal saunter or even a brisk amble is going to be too easy to copy so there will need to be the equivalent of a password policy, specifying a minimum level of complication.
I'm sure I saw an old training video about this so the idea clearly isn't new and I have to say I am impressed by the foresight of those who produced it.
edit: no 'life imitates art' icon, not even a foot...?
So that's the new biometric, then ?
Meet the new workplace : you can't enter because the fingerprint scanner won't recognize you, and you can't call for help because your phone didn't recognize your fiddling with the badge so it wiped itself.
Then you get fired for being late for the third time that week.
Just a thought: would a secure phone be one that did not actually store any information on the device?
The device downloads the information needed from a server somewhere when the agent switches it on and authenticates.
If a thief obtains the device, it is just an empty shell. Attempts to authenticate will fail as I assume the agents will have good long pass-phrases. A fingerprint swipe as well perhaps.
Coat: I'm off out in a bit.
Many years ago a friend of mine had a project to provide a certain three-letter agency with more secure Palm Pilots (yes, this was a very long time ago). Nothing he delivered satisfied them until one of his colleagues accidentally discovered that if you sufficiently overclocked a Palm you could actually melt it down.
A little coding work to invoke this mode if three successive password attempts failed, and they were ready to go with a demo that won them the business.
"Good morning, Mr. Phelps..."
I got the 7-series box set for my birthday last week and it got me thinking. At the start of each episode (OK, most episodes. Pedants.), Jim goes to a new location, trades code phrases and picks up his mission outline.
But how did he know where to go? They must have contacted him beforehand with the location and password - which was presumably passed on at a secret location after he gave the password which they got to him by...