back to article Super Cali signs a kill-switch, campaigners say it's atrocious

California's governor Jerry Brown has signed off on a bill that requires any manufacturer selling smartphones in the Golden State to install a kill switch capable of bricking the handset. Bill SB 962 has been signed into law, mandating all smartphones sold in California to have software in place to brick stolen handsets. The …

  1. Dave, Portsmouth

    Why would authorities need a kill-switch in your mobile? If they wanted to shut you down they'd go straight to the networks and pull the plug!

    Cnn only see benefits, and actually it only needs one or two big markets to do it before manufacturers introduce it by default everywhere.

    1. Charles 9

      Why don't the conspiracy theorist consider that the government can simply order the cell towers shut down? It's a simpler approach, can be achieved with a warrant, and has precedent, both in and out of western civilisation.

      And before you go the "recording atrocities" angle, this law has no effect on dedicated cameras (of the video or still variety).

      1. NP-Hardass

        Once again...

        If you re locked out from a network because a govt chooses to lock you out, you can roll your own mobile networks. This was done using mobile cell sites during tha Arab Spring. If the gov't decides to lock you out using a kill switch, you are SOL.

        There is a major difference between a killswitch and network lockout.

        1. Charles 9

          Re: Once again...

          Roll-your-own networks will likely be unable to beat government-sanctioned jammers. And US cell phones have a restricted number of frequencies it can use, so the government could well have the capability to jam ALL of them.

      2. Yet Another Anonymous coward Silver badge

        Turning off the cell towers doesn't stop the camera

        This also costs you $x100 for a new phone.

    2. Eddy Ito

      It doesn't have to be authorities who go bricking your phone. Given the amount of malicious intent in some people it would be easy to imagine a person gaming the system to brick the phone belonging to their intended victim to ensure the opportunity to call for help was removed. There has to be some check on this system to ensure only the owner can brick the device or allow emergency calls even when "bricked" by disabling the SIM slot. I imagine a few fuses on the SIM data lines could be blown with a simple switch which would brick it quite nicely while still allowing calls to emergency services.

      Real thieves can always carry a Faraday bag they can pick up at Amazon to drop the nicked mobile in and sell it off at their leisure in Tibet. Of course that will just mean that California will pass a law banning the possession of Faraday bags by civilians which will soon lead to bans on metal foil and ultimately the closest someone will be legally able to get will be 00 steel wool pads that are no more than 1/4 inch thick but I digress.

      1. Charles 9

        "Real thieves can always carry a Faraday bag they can pick up at Amazon to drop the nicked mobile in and sell it off at their leisure in Tibet. Of course that will just mean that California will pass a law banning the possession of Faraday bags by civilians which will soon lead to bans on metal foil and ultimately the closest someone will be legally able to get will be 00 steel wool pads that are no more than 1/4 inch thick but I digress."

        Then why aren't they doing it already with the iPhones that have Activation Lock?

        1. Eddy Ito

          Then why aren't they doing it already with the iPhones that have Activation Lock?

          How do we know the smart thieves aren't already doing this? How long before the smart thieves read this article? I think some already have.

          1. Charles 9

            I think this Act prevents the exploit in this case as the bricking is, IIRC, designed to be one-way. Meaning once it's bricked, nothing can be recovered from it. It would basically have to be reflashed from scratch, which wipes out the user data. Who knows? Even this might be disabled, preventing it being cleaned out and fenced.

      2. Anonymous Coward
        Anonymous Coward

        Of course that will just mean that California will pass a law banning the possession of Faraday bags by civilians which will soon lead to bans on metal foil and ultimately the closest someone will be legally able to get will be 00 steel wool pads that are no more than 1/4 inch thick but I digress.

        There go the tinfoil hats then, I guess..

        1. David Pollard

          There go the tinfoil hats then, I guess..

          That's probably the real reason they are introducing this legislation.

        2. Eddy Ito

          There go the tinfoil hats then, I guess.

          If growing wheat isn't beyond government control, what makes you think your tinfoil hat hasn't been foiled long before you put it on?

          1. Anonymous Coward
            Anonymous Coward

            If growing wheat isn't beyond government control, what makes you think your tinfoil hat hasn't been foiled long before you put it on?

            So that would be tinfoiled hats then?

        3. wikkity

          RE: There go the tinfoil hats then, I guess..

          Surely any self respecting tin hat owner has already stocked up on tin foil to last several lifetimes

    3. Anonymous Coward
      Anonymous Coward

      Authorities today, tomorrow?

      >Why would authorities need a kill-switch in your mobile?

      For now its just authorities. And yes, sure, they could kill a tower or network and do everyone en masse (which isnt the same thing at all as targeting an individual phone).

      But if this capability exists, how long before...

      - lobbying from MPAA lets them force a shut down on a phone with 'stolen' content on it?

      - it becomes standard practice to kill the phone of a *suspected criminal?

      - overdue bill payments force a mandatory phone shut down from the network?

      - etc.

      When you buy something you should own it for good, and not have its future existence at the mercy of every legislators whim or corporate overreach.

    4. P. Lee
      Big Brother

      >If they wanted to shut you down they'd go straight to the networks and pull the plug!

      So why don't they do that when a mobile is reported stolen? I don't believe that most stolen phones are shipped out of the country. They could provide the added benefit of allowing 0118 999 881 999 119 725 3 calls anyway. I'm not sure that California is that concerned about privately created phone networks - those are location specific and can be jammed if required.

      Is this just theatre, to preserve the illusion that they can't track phones if the sim card is changed?

    5. James Micallef Silver badge

      But how does the kill switch actually work? Is it done by the user, requiring not only the device ID but also some sort of password*? Or can authorities simply brick phones based on device ID, at their own whim?

      *and what happens if user forgets password? And if it requires the user to go through an operator or police, who is checking that the user actually owns the phone they're asking to be bricked?

  2. Chris Miller

    Nice try

    but you can't quite match the (Scottish) Sun's headline.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Nice try

      One step ahead of you – see the footnote on the story.

      C.

  3. DropBear
    Mushroom

    If I could believe that absolutely no-one but ME would be able to trigger such a switch, I'd welcome it; but as it is there's no way in hell I'd use any device that can be remotely disabled in any sense, unless there's simply no alternative.

    1. Anonymous Coward
      Anonymous Coward

      Really?

      You think that Apple couldn't already brick your phone? That Google can't? That Samsung can't? That your carrier can't (at least for an Android sold through a carrier) This isn't providing any ability that didn't already exist, whether advertised or not.

      Methinks your naivete is showing...

    2. Mike Bell

      @DropBear

      Unless the draft legislation has been changed, it will be illegal for anyone to use the kill switch without the device owner's express permission. Not to say they couldn't, but it would not be legal for them to do so.

      @others

      Blowing SIM lines or disrupting cell communications would not necessarily kill a phone's communication facilities. Just wander into Starbucks and use WiFi to talk to your chums.

      1. James Micallef Silver badge

        As far as I know, smartphones need a SIM to work. You can switch off the radio to airplane mode, but if SIM is not there you can't use camera, WiFi etc. So burning out physical SIM connections WILL brick the phone

        1. The Mole

          All not having a SIM card will do to your average smart phone is stop you authenticating your phone to a phone network, everything else will generally work fine - they just become small tablets..

          1. James Micallef Silver badge

            you're right - i stand corrected

      2. Anonymous Coward
        Anonymous Coward

        Unless the draft legislation has been changed, it will be illegal for anyone to use the kill switch without the device owner's express permission. Not to say they couldn't, but it would not be legal for them to do so.

        Making things illegal has, of course, already been established as extremely successful in stopping criminals from abusing something. I'm always impressed by how crime rates collapse on the back of any new legislation.

        /sarcasm

  4. Anonymous Coward
    Anonymous Coward

    qnd of course

    it will be our "tolerant" Sacramento overlords who find a justification to utilize this first as well, and there will be no serious outcry about it.

    One party gets riots in the streets, the other, a slight news mention. If it wasn't for El Reg, we'd hear almost nothing of Snowden. Now if Snowden had popped 7 years ago...whooooooo!

  5. i like crisps
    Big Brother

    IT'S HARVEST TIME...

    ...Protesters have nothing to fear...their metadata is too precious to the Security Services.

  6. Anonymous Coward
    Anonymous Coward

    There has been more then once

    I wish I had a a way to kill some rude, loud person on their cell phone who thinks everyone within a 20 yard/meter radius wants to hear what they did last night.

    That is what they mean by a kill switch - right? {}>))

  7. Gordan

    Hold on a second... IMEI Blocking?

    Doesn't IMEI blocking effectively already do this? The IMEI block lists are nowdays supposedly more or less globally synchronised. The net effect should be that the stolen phone, once it's IMEI number has been blocked, is going to be useless for more that being used as a tiny WiFi-only fondle-slab.

    1. Eugene Crosser

      Re: Hold on a second... IMEI Blocking?

      Exactly. Why force vendors to install software feature that is difficult to use and easy to abuse when you can force operators to keep track of IMEI last used by a customer, and if the customer reports theft to police, add it to public blacklist?

      Both the argument and counterargument in this debate are just stupid.

    2. Anonymice

      Re: Hold on a second... IMEI Blocking?

      AFAIK, the IMEI can be changed by flashing the phone or some such. I don't know the exact details, but I know it's a very old technique.

      1. Eugene Crosser

        Re: Hold on a second... IMEI Blocking?

        Well, it is much easier to protect IMEI against reflashing than the OS image.

        1. Flocke Kroes Silver badge

          @Eugene Crosser

          Put the IMEI in PROM and no-one can change it. Change the firmware so it does not read the PROM and and the IMEI is whatever the firmware decides it should be. The real danger of this law is it requires UEFI or something equivalent so you cannot jailbreak your phone.

          1. Charles 9

            Re: @Eugene Crosser

            That STILL doesn't prevent the phone being taken to a country where the blacklist isn't honored or kept up to date. The lists tend to differ from country to country, and countries may not talk to each other. With a bricking, once it's bricked, it's bricked everywhere, meaning it's tougher to fence a stolen phone.

            1. Gordan

              Re: @Eugene Crosser

              Such countries are few and getting fewer. If all the stolen phones were only usable there, the supply in those countries would balloon to the point where even the high end phones would become worthless, and thus not worth the risk of stealing in other countries.

              Additionally, some makes of phone (e.g. Motorola, most likely many others) self-erase when the network tells them their IMEI ID is blocked to protect the data (on top of being encrypted), so at least any sensitive data like one's google password is protected for sufficiently long from casual thiefs to change the passwords even if the phone isn't noticed stolen for a while.

              1. Charles 9

                Re: @Eugene Crosser

                "Such countries are few and getting fewer. If all the stolen phones were only usable there, the supply in those countries would balloon to the point where even the high end phones would become worthless, and thus not worth the risk of stealing in other countries."

                Unless that country's phone market is skewed enough (as in the prices are too high and/or supplies too low) that a black market is allowed to thrive there. Turns out that's the case in a lot of southeast Asia. Knick a good phone, fence it overseas, and you stand a good chance of turning something, even if you sell it for cheap. These are also countries where their blacklists are less likely to be up to date (or maybe not even honored because their attitudes toward the West are frosty).

  8. Anonymous Coward
    Anonymous Coward

    US kill switch facility ..

    .. hacked by opposition in 3, 2, 1.

    What an excellent idea. That way they can then start a trade in kill switch free mobiles, because government phones could, of course, not take that risk.

    If that becomes law in general in the US, it effectively means a good boost for Jolla as it is an EU phone provider and even uses its own, probably less compromised Linux derived OS which doesn't require agreeing to dodgy T&Cs to make anything useful work. Well done, it's ever so nice to hand over even more trade to EU companies. Very cool indeed.

  9. Anonymous Coward
    Thumb Down

    Maybe a white hat hacker will do society a favor...

    And brick the legislature's and Jerry Brown's mobile phones, just to show them what they have really passed and how it can be abused.

  10. This post has been deleted by its author

  11. Anonymous Coward
    Anonymous Coward

    From the land of the Fee

    so your $25 to make phone now needs a $50 to implement protection device.

    It certainly looks like those Totalitarians used the iCalc spreadsheet for this !

  12. Anonymous Coward
    Anonymous Coward

    Another benefit to living in the people's republic of California where every non problem can be solved by a group of self serving politicians and real problems can be indefinitely ignored.

  13. Creamy-G00dness

    PAYG??

    How would this work in a PAYG handset scenario?

    I can walk into any supermarket and simply purchase a handset without having to record any of my personal details, at this point I cannot be identified and therefore cannot be bricked by any governing entity unless it is done en masse.

    Throw into the mix accounts that have omitted or incorrect personal details and voila! The new darkphone..........well almost.

    1. Anonymous Coward
      Anonymous Coward

      Re: PAYG??

      (1) They CAN do it en masse. The provider has to know the IMEI codes of every phone they put on the market (ESPECIALLY for PAYG phones).

      (2) They can identify ANY phone, regardless of the owner's identity, through network traffic. If they want to brick every phone using a particular cell tower (because that's where The Man is cracking down), they can get that info, ID all the phones, and work from there.

      Frankly, I'm surprised they haven't done any serious work on a small-scale EMP bomb. That would nail ANY electronic device, including non-networked cameras (to include their contents, hard drives, and memory cards).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like