back to article Anti-theft mobe KILL SWITCH edges closer to reality in California

The Golden State is one step closer to passing a law which would require mobile phone vendors to implement remote bricking capabilities in all handsets. The California Senate has approved SB 962, the bill which mandates a "kill switch" mechanism in phones which could render stolen handsets useless and hopefully deter thieves …

COMMENTS

This topic is closed for new posts.
  1. 20legend

    Why a kill switch as opposed to imei blocking on all carriers? Sounds like a govt inspired backdoor for future exploit.

    1. Don Jefe

      What? Why the fuck would they go through all the trouble to publicly legislate for a backdoor in one State? If you've missed the news for the last year it has become rather evident that device level backdoors are a tedious waste of money and a security threat because the phones sure as hell won't be built in California, or even the US.

      I've never understood what everybody worries about with remote bricking on phones. It's not as if the consumer has ever had control of their handsets. Ever. Your carrier of choice has always had the ability to knock phones offline, and they'll do it across carriers too if you still owe one of them money. It has always been that way.

      The threat is in the data centers, not your phone.

      1. Khaptain Silver badge

        >The threat is in the data centers, not your phone.

        Agreed but what is worrying is the change of 'voice' that will be governing the data center.

      2. shovelDriver

        You ask why publicly legislate in one state?

        To copy your form of speaking, Where the hell have you been during the past 30 years? The past 10? Five? One? You do know that things such as this always appear first in either California or New York? That's where the "public acceptance marketing balloons get floated before final implementation. Do the research! For example, check out the USG RFPs and Contract Awards that are listed for all the world to read. Not that too many actually do.

        And how can you overlook your own words? Such as "publicly"? Given past performance of the U.S. government and its' co-conspirators up north, down south, and across both ponds, what makes you ignore the high probabilities that things are being done "privately"? That's why they call them "black ops". What? Did you miss the Snowden files?

        The threat is in data centers, not your phone? Is that so? Damn, I must have been dreaming when I more than once remotely copied then wiped the contents of all those secure Blackberries. Compared to them, the modern computers you think of as "phones" are so easy.

        1. Don Jefe

          @shovelDriver

          Child, I was in California lobbying for changes to their tax incentives for utility easements across private property for research and education networks before you knew what lobbying was. You're far out of your depth.

          You never start in California if your goal is nationwide legislation. Tell me, oh great and wise, yet wildly inexperienced, numpty; why don't you start in California? You don't know do you?

          You don't go to California because every single time that California legislation moves up here to DC approximately 50% of everybody will vote down even considering the legislation. It's a death sentence to bring California legislation to Capitol Hill.

          It's one thing to lobby for legislation in California, the market is enormous all by itself. But if you want national legislation you start here in DC. Doubly so in this case because Metro DC Police Chief Cathy Lanier is the nation's number one advocate for remote phone 'bricking'.

          See, if you want something with nationwide impact done here you start with a visit to one of the 17,000 registered lobbyists working in this city. There are two lobbying firms in the same building as my city office. They're not hard to find, or work with you know.

          At any rate, there are 'proper' ways to mangle and distort law in this country. You do it the right way, or you don't get to do it at all. You're acting like an ass, thinking that there's some vast conspiracy to do everything backwards with the intent of bricking your phone. You're paranoid because you think someone might, I don't know actually; what are you afraid of?

          Well, whatever it is that you're paranoid about, you're looking in the wrong place for it. The funny part is, you're making a scene about it and that's the crux of all this stuff. You're overvaluing the worth of your personal things and while you're out whining about it the actual threats are just rolling along and you don't even glance that direction.

          So thanks, I guess. You've reaffirmed the purpose of lobbyists everywhere. You'll buy in to whatever they tell you and you'll stare all slack jawed and weepy eyed when you realize you've wasted so much time being concerned about the wrong things.

          1. Charles 9

            Re: @shovelDriver

            The reason you start in California is that, because it's the most populous state in the nation, anything you do in California tends to ripple for the simple reason that it's easier to abide by California's tougher standards universally than to have two lines.

            Here's two words that spring to mind: "California Emissions".

            1. Don Jefe

              Re: @shovelDriver

              For non-legislative issues, yes. California is a good place to start, but legislative issues don't ripple out from California very often. They usually just fall over dead once they're exposed to the noxious cloud of legislative bullshit the rest of the country deals with all the time.

              Some issues, Prop 65 for example, do get out of California, but that's only because they made the printing and affixing of the lead disclosure label 100% deductible.

              If it helps make it clearer, we treat California like we treat the UK. Kind of like a lost colony where all the rules are weird and overthought. When you do business there, or send products there, you crank your prices up to cover the costs of compliance plus a bit extra to cover the plain old pain in the ass bullshit. California emissions are a great example, you pay a shitload more for California emissions compliance for cars sold in California and take a fuel efficiency hit. Those standards will never leave California, it's cheaper to build separate models for that market.

              And that's why national legislation rarely starts in California. Everything that comes out of there is a bureaucratic nightmare that adds costs to consumers. National level politicians won't touch that stuff with a barge pole. It's reelection suicide to vote for those laws.

              I'm not saying there's no vast conspiracy, the NSA fiasco shows there is one. But the NSA fiasco also shows why it's just fucking stupid to think the government is trying to get voted onto individual handsets, one state at a time. There's NO SENSE in even fucking around with that when you've got a global surveillance and secret court system that forces carriers and service providers to hand over whatever they want or shut down service to anyone they want.

              When you've got a system that works and is immune to pressure you don't go fucking about with hope that a consumer product law gets enough momentum to travel across the country. That's stupid.

      3. Anonymous Coward
        Anonymous Coward

        Your carrier of choice has always had the ability to knock phones offline

        Correct, which prompts two questions:

        1 - why have they not been able to get their act together? The answer is probably that revenue is revenue, wherever it comes from, the same reason why Western Union still appears to be the main money carrier for Internet scams.

        2 - why does the US try to legislate something which will have a global impact? Don't forget that the majority of large scale phone manufacturers have US HQs, and are thus subject to the same shenanigans that Snowden has been busy disclosing. In that respect, Nokia being sold to MS was a VERY bad move for our security because it was one of the last big ones not under US control.

    2. Flip

      Good for the owner

      IMEI blocking, or whatever it is that service providers do, makes the handset less valuable to potential buyers who want to use the device as a phone. A kill-switch to brick the phone makes the handset less valuable to potential data thieves.

      1. Anonymous Coward
        Anonymous Coward

        Re: Good for the owner

        I don't think the legislators give a damn about data thieves. Thieves aren't stealing smartphones to steal their data, they're stealing them to resell out of a car's trunk the next day.

        IMEI blacklisting is barely a half measure - more like an eighth measure. Smartphones are pretty darn useful even if you can't connect them to a cell network. Not to mention IMEI blacklisting is not worldwide, so phones stolen in the US would be sold to someone with a contact in China to ship them to for resale there.

        That's why it needs to be addressed by the OEM. Then when a phone is stolen it can be made valueless, making them pointless to steal.

        1. Anonymous Coward
          Anonymous Coward

          Re: Good for the owner

          That's why it needs to be addressed by the OEM. Then when a phone is stolen it can be made valueless, making them pointless to steal.

          The problem is that it enables yet another denial of service vector that is in the hands of a 3rd party - worse, it puts in the hands of that paragon of human rights and fighter of legislative abuse, the US government (yes, I'm being very sarcastic).

          If the price of avoiding a LEGALISED control over my phone by US government is a higher risk of theft I'll take it thank you - I want that to remain my choice. I am unlikely to ever go near the US, so I'm not interested in Clipper v2, even with more limited functionality. Personally, I think other governments should get involved because it risks them too. Imagine an ambassador or CEO who is getting in the way of US interests: suddenly, their phone no longer works. What an amazing and unfortunate coincidence. Terribly sorry, you're "collateral damage" - be glad it's at least the non-lethal kind.

          Suddenly, Blackberry has become even more attractive.

          Bye bye iPhone, it was fun while it lasted.

          1. Anonymous Coward
            Anonymous Coward

            Re: Good for the owner

            Do you really believe that Blackberry, Android, Windows Phone, FirefoxOS or whatever don't have the ability to brick your phone if they decided to do so? Just because they don't do it in response to a stolen phone doesn't mean they don't have the power!

            Do you really believe that carriers don't have the ability to make your phone useless to you within your entire country if they so desire? Or that your government doesn't have the ability to make wireless carriers shut down if they claimed a national emergency (i.e. the people trying to organize a coup against them?)

            You live in an insulated world if you think that by saying "bye bye iPhone" you wave bye bye to the only chance that your currently working phone can be made to stop working against your will.

            Unless you are using a phone that is 100% open source, from the GUI to the kernel to the firmware, and you check that source yourself or fully believe in those who do (or claim to) you're living in denial, trading a "they tell you they can do this" for a "they can do this but aren't telling you they can".

            1. h3

              Re: Good for the owner

              I cannot see what can be done at the moment to stop e.g setool from rebuilding anything. (The bit it uses via the testpoint is in rom. From there you can do a hardware initialisation / full imei rebuild / reflash the rom.

              Blowing some type of hardware fuse in the SoC is the only thing I can think of that would work.

              1. ecofeco Silver badge

                Re: Good for the owner

                "I cannot see what can be done at the moment to stop e.g setool from rebuilding anything. (The bit it uses via the testpoint is in rom. From there you can do a hardware initialisation / full imei rebuild / reflash the rom.

                Very true, but you give thieves (and their fences) more credit for technical ability than they actually have.

                The truth is that all they have to do these days is swap SIM cards at the shady indie shop and they're on their way. Of course that same shop can also do the ROM flash. But again, this is giving thieves more technical credit for even knowing this than they have.

        2. Yet Another Anonymous coward Silver badge

          Re: Good for the owner

          >Not to mention IMEI blacklisting is not worldwide, sold to China

          And the remote kill switch is?

          This isn't a separate radio controlled bit of plastic explosive. It's requiring the OS to be sent a message over the cell network.

          There is no reason for China State Telecom to route US kill messages any more than US carriers would accept requests from the Chinese govt. And any phone that is reflashed with a custom image is safe even at home.

          1. Anonymous Coward
            Anonymous Coward

            @Yet Another Anonymous coward

            This "remote kill switch" isn't some special encoded message sent over the cell network, it is sent via IP. If China wanted to block a kill message from Apple, they'd have to block all IP traffic from Apple.

            An Android phone could be reflashed with a custom image that didn't use any Google services, but what's the value of an Android phone that can't access the Google Play store, use Google Maps, or Google Search? Sure, in China, it is worth something since there are millions of such phones sold every month. But in the US? Worthless. And that's only an option for Android, there are no custom firmwares available for the iPhone. Jailbreaking leaves iOS mostly intact, and wouldn't affect Apple's ability to kill it.

        3. ecofeco Silver badge

          Re: Good for the owner

          "...so phones stolen in the US would be sold to someone with a contact in China to ship them to for resale there."

          In the US, the local black market is far, FAR more prevalent than the overseas market.

        4. Anonymous Coward
          Anonymous Coward

          Re: Good for the owner

          Carriers have no reason to disable phones as a stolen IMEI one from UK can still be used in Nigeria on the same network, income is income.

          The manufacturers on the other hand will sell more new sets if stolen ones cannot be resold

      2. JaitcH
        FAIL

        Re: Good for the owner

        @Flip:

        IMEI blocking is useless as they can be replaced with a different number in a 5-minute operation.

        I have my cell handset IMEI changed every week or two - last time I took it in to a Samsung Service Centre (we have five in SaiGon) the tech noticed the difference and simply used his laptop to correct it.

        If you do change your IMEI and intend to go roaming, visit your Cellco office and ask them if the have the correct IMEI on their computer system.

        P.S. It's illegal to change IMEI numbers in Blighty - it makes GCHQ work so much more harder.

    3. ecofeco Silver badge

      I don't understand this bullcrap either.

      IMEI

      Serial number

      UID number (SIM card)

      Those are readily available to your carrier and only THEIR laziness prevents them from utilizing them to kill a stolen phone

      Using those three thing will turn ANY phone into about handful of plastic junk. Forever.

      I did this everyday for stolen phones, so I really, REALLY don't understand what this whole dog and pony show is all about except to point out that it appears most carriers have NOTHING in place to kill stolen phones.

    4. Anonymous Coward
      Anonymous Coward

      Why not IMEI blocking? SImple

      Because the phones can still be sold then used abroad so its no deterrent. Unless you got EVERY mobile carrier on the entire planet to sign up to some scheme then its worthless.

  2. Anonymous Coward
    Anonymous Coward

    and of course...

    any benefit this function has for the political security apparatus is purely coincidental. Thus they can blame "the people" for giving central authority the ability to disable or kill devices individually or in groups.

    When all the iDevices shut down at the next #Occupy, who ya gonna blame?

    1. ecofeco Silver badge

      Re: and of course...

      That capability already exists, my paranoid friend.

      Has for decades.

      1. Don Jefe

        Re: and of course...

        Of course it has existed for a long time. The 'political apparatus' doesn't need to go tampering with hundreds of millions of devices so they can skew election results.

        People's priorities get so screwed up. They're worried about someone else having control of their phone, but never stop to think about who is controlling the money they pay their phone bill with. If 'the government' wanted to fuck with people they can just cut off access to your money. Or one of a million other things that are cheaper, less intrusive, completely invisible and a whole, whole lot scarier.

  3. Anonymous Coward
    Stop

    I still say this is ripe for abuse.

    Some enterprising hacker is going to penetrate this system and brick phones for shits/giggles/profit, or jealous lovers at phone company will do it to get back at exs'.

    1. Anonymous Coward
      Anonymous Coward

      Re: I still say this is ripe for abuse.

      The big laugh will be when they brick all the politicians phones.

      That being said it is also possible for the politicians to stifle descent by ordering the bricking of the phones of those that oppose them - BIG BROTHER is watching you.

      1. Anonymous Coward
        Anonymous Coward

        Re: I still say this is ripe for abuse.

        Bricking somebody's phone is not going to stop them dissenting. People don't die when their phone stops working and you don't need a cellphone to get pissed off at the government. 40 years ago, and for a million before that, nobody had one and there was no shortage of political dissent.

        If somebody's phone stops working they can just toss it in the bin and buy another one. The really serious dissenters are all using disposable phones anyway.

        There's no big brother aspect to this. It's just an attempt to reduce phone thefts and it's doomed to failure because as usual the people mandating it don't understand technology. Any electronic device can be unbricked and reprogrammed by somebody with the right skill set.

        The net result is that stolen phones will be slightly more expensive because they now have to be shipped overseas so that an 8 year old Chinese girl can unsolder and replace a 5cent chip to make it work again.

        1. micheal

          Re: I still say this is ripe for abuse.

          " People don't die when their phone stops working"

          Ever been out with a group of under 30's lately?

        2. FuzzyTheBear
          Black Helicopters

          Re: I still say this is ripe for abuse.

          " Any electronic device can be unbricked and reprogrammed by somebody with the right skill set."

          Personally .. id like to see all forms of memory be rigged with on chip self destruct , bricks the phone and kills all data in one shot. The latter part seemingly being of high interest.

    2. king of foo

      Re: I still say this is ripe for abuse.

      I wonder...

      If 1337 h@xx0r were to brick all of a carrier's users phones who would foot the bill?

      Removing control from the end user should mean that whoever gains that power should also take responsibility for it's misuse.

      IMHO this (money money money mo-ney MO-NEY) will be the determining factor re US wide and/or global adoption.

    3. MacGyver
      Facepalm

      Re: I still say this is ripe for abuse.

      Abuse? Can you imagine what would happen if a zero-day exploit allowed ALL cell phones in the US to be killed all at the same time? Most people don't keep a land-line anymore, and there are hardly any pay-phones left.

      In one day we could be sent back to 1912 as far as our ability to connect, get business done, or call for help. But no California, tell us how it will reduce cell phone theft, what could go wrong?

  4. Eddy Ito

    Half the problem

    Sure, phone theft is high but it isn't like the scare videos the big cities put out. In reality, like all the prototype iPhones that were stolen, almost half (44%) were left behind somewhere like a bar, a bus or at work and only 11% were actually taken off the victim's person according to a survey conducted by mobile security outfit Lookout

    Given how many were left behind and claimed stolen, how many were actually simply lost and tossed or dropped out of a pocket and never seen again? Given I know my homeowner policy covers stolen gadgets but not lost gadgets, I'll go with a fairly high percentage like 3 in 4. Sure, they can feel their missing data is safe but it isn't like the fishes, forklift or landfill was going to use it anyway.

    1. Charles 9

      Re: Half the problem

      Plus I'd be interested in seeing a killswitch system that was Faraday-proof.

      1. Don Jefe

        Re: Half the problem @Charles 9

        It doesn't have to be 'Faraday proof' if you want to use the phone. The handshake at phone startup is all that needs to take place. If you can't use the phone anyway just save the effort of a screen.

        1. Charles 9

          Re: Half the problem @Charles 9

          I'm talking Faraday-proof in the sense a nicker would just stuff the phone into a Faraday bag. Without radio reception, how's the phone supposed to receive the killswitch signal before it's rooted and retooled to not respond to the killswitch?

      2. Anonymous Coward
        Anonymous Coward

        Re: Half the problem

        "Plus I'd be interested in seeing a killswitch system that was Faraday-proof"

        I'd want to see you use the phone whilst in there first :)

    2. Anonymous Coward
      Anonymous Coward

      Re: Half the problem

      They could, of course, make the phones cheaper, that would be less profit per unit.

      No, no, don't worry, it was just a joke. I wasn't in any way suggesting phone manufacturers should make less profit.

      </sarcasm>

    3. Charles 9

      Re: Half the problem

      "In reality, like all the prototype iPhones that were stolen, almost half (44%) were left behind somewhere like a bar, a bus or at work and only 11% were actually taken off the victim's person according to a survey conducted by mobile security outfit Lookout."

      Hmm? I've heard of incidents where the owner was killed and the ONLY thing taken was their phone. Statistical outlier or not, that's pretty extreme in my book just to nick a phone.

    4. Yet Another Anonymous coward Silver badge

      Re: Half the problem

      The last survey suggested that the majority of "reported stolen" phones were lost or deliberately destroyed to get an upgrade from the carrier or claim on the insurance

  5. Anonymous Coward
    Anonymous Coward

    "Nothing less will solve the problem.”

    So smooth - like shinny polished turd. They've really got it down to an art now.

  6. Anonymous Coward
    Anonymous Coward

    Of course this presumably also means that the authorities obtain the ability to shut down any mobile device remotely at will as well.

    That must be nice for them.

    1. Charles 9

      You're assuming they don't have the ability ALREADY.

  7. jellypappa
    Pirate

    "Nothing less will solve the problem

    hey ho! its back to slate and chalk for me.

  8. Anonymous Coward
    Anonymous Coward

    Protect your phone by making it throw away?

    It looks like back door protectionism that will makes your own Android phone obsolete far faster.

    1. Anonymous Coward
      Anonymous Coward

      Re: Protect your phone by making it throw away?

      The sheeple are quite happy to upgrade every year or 2 anyway because of some nebulous "improved" functionality the marketing dept at Apple/Samsung/whoever have persuaded the gullible idiots along with their equally gullible social network friends they really need Right Now or their lives will be little better than a 19th century coal miner, so I don't see this as a major impediment.

  9. Charles 9

    PS. To anyone who thinks this is a way for the government to get a backdoor inserted into your phone...

    What makes you think they don't have such a mechanism ALREADY?

    Plus, as others have said, there are other ways to stop cell phones in their tracks: taking over the towers, radio sniffing for picocells, etc. Once all networks are down, the plods can just round everyone up and take the phones physically. Plus this has the advantage of also picking up non-networked devices like dedicated cameras. Look what happened in Iran. Not much communication once the towers went down, eh?

    1. ecofeco Silver badge

      It does already has has since the beginning of cell phones. It's built into the system.

  10. Mike Bell

    Already have it

    The proposed law would require no change on Apple's part, because remote wipe/kill capability already exists in iOS devices. The kill is permanent, meaning the device can never be used again under any circumstances. It's something that the user can initiate in the event of a lost or stolen phone. The carrier cannot do it. And, by law, Apple would be prohibited from doing it unless specifically authorised to do so by the phone's owner.

    The kill is far more pervasive than blocking the phone from making or receiving calls.

    If someone did manage to compromise Apple's security infrastructure and bricked my phone for me – thank you very much – a few things would happen.

    1. There would be a massive shit storm

    2. I'd demand a replacement handset from the Apple Store

    3. I'd restore the new device to its previous state from an iCloud backup

    Likely to happen? Nah

    Bothersome if it did? A bit, but not the end of the world

    1. Anonymous Coward
      Anonymous Coward

      Re: Already have it

      "The kill is permanent, meaning the device can never be used again under any circumstances."

      Seriously ? Got any information on it ?

      This seems to indicate the phone is wiped but can be re-used:

      http://support.apple.com/kb/ph2701

      1. Mike Bell

        Re: @AC

        Sorry, I'll qualify that by saying the only circumstance under which the wiped iPhone can be brought back to life is if, on the device, you enter your original Apple ID and password.

        Activation Lock

    2. Charles 9

      Re: Already have it

      "And, by law, Apple would be prohibited from doing it unless specifically authorised to do so by the phone's owner."

      Not even a gagged order from a secret court? There's a way around EVERYTHING if you're a government.

      1. This post has been deleted by its author

  11. surname-you_mean_last_name
    Big Brother

    We love when our government helps us but...

    I could have sworn I had a video of the cops senselessly beating that guy on my phone. Wonder what happened to it?

  12. Radio Wales
    Black Helicopters

    Ah well! A root around in the garage and I'm back to the UK illegal "Breaker 14, Anybody got a copy on me, Break". They didn't manage to wipe it out last time around, so there's still hope.

    I'll be collecting burner vanilla flavour mobile PHONES <Just in case>

  13. Ossi

    You know, having had a bottle broken over my head and two fingers broken to get hold of my mobile, and having discovered that IMEI numbers can be reflashed in a matter of seconds, I'm all in favour of mandatory kill switches.

    This comments page reads like the Daily Express with a Diana story. It's just a good idea from a law-enforcement point of view. Occam would have you leave it at that.

  14. Ubermik

    This is kind of worthless nonsense and I am sure is designed purely to financially benefit "someone" whether its the manufacturers, the vendors or just insurance companies inventing new products to cover you for "bricking" of your phone by accident and other things

    All that is really needed is a number that cant ever be removed or changed which is needed for ALL network interaction so that not only can a phone remain working but can then be used to track it to the new owner and maybe also then onto the thief

    If that cant be done in a way that cant be circumvented then niether can this proposal as they are both at a similar level of complexity and technical security within a device

    So it would suggest that the real reasoning behind a fatal solution rather than one that allows a device to still be used but then tracked is a financial rather than a practical one

    1. Ossi

      @Ubermilk

      'So it...' ('it' meaning what precisely?) '...would suggest that the real reasoning behind a fatal solution rather than one that allows a device to still be used but then tracked is a financial rather than a practical one.'

      -Brilliant logic, except for the fact that the industry has consistently opposed this measure. Obviously they don't know when they're well off.

      I think whatever solution was proposed to reduce phone theft, the comments page here would be full of silly conspiracy theories. I really should just accept it and get back to work.

This topic is closed for new posts.

Other stories you might like