back to article Anti-theft kill switches in smartphones just got a little less creepy

Some of the largest smartphone vendors and mobile carriers in the US say they have hit a milestone in the use of privacy-friendly anti-theft tools. The 16 members of the Smartphone Anti-Theft Voluntary Committee said Tuesday that as of the end of the month, all smartphones they ship and activate in the US will not only be pre- …

  1. Graham Marsden
    Devil

    "give owners the option to disable those tracking and anti-theft tools if desired."

    And the FBI and NSA et al will, of course *never* suggest that they should be given the option to re-enable tracking and monitoring controls, will they, boys and girls?

    1. Sir Runcible Spoon
      Black Helicopters

      Re: "give owners the option to disable those tracking and anti-theft tools if desired."

      "allow owners the ability to easily disable some options if they choose to"

      Presumably the option to remotely turn the stuff on again won't be one of those 'options'.

  2. Dadmin
    Megaphone

    Is your phone lost, or stolen, or lost, or worse; in an animal's butthole?

    Good! Now you can "upgrade" to a new one!

    This message brought to you by the Smartphone Anti-Theft Voluntary Committee, who also makes phones and do not really mind if you lose it or eat it or shove it into a toilet... you WILL buy another one. And THAT is good for the industry, and for you, little consumer. :)

    Carry on, and upgrade your phones.

    1. Gene Cash Silver badge

      Re: Is your phone lost, or stolen, or lost, or worse; in an animal's butthole?

      Actually this supposed to *reduce* theft by making a stolen phone just a useless brick and not worth stealing.

      Of course of you lose it, then you're just a dumbass that deserves to pay for a new phone.

      1. leexgx

        Re: Is your phone lost, or stolen, or lost, or worse; in an animal's butthole?

        phones do get stolen you know

        think your talking about lost and left in random location (pub as i find the pub i am at right now has 2 iphones and 3 android phones behind the bar lol + the one that was dropped on the floor or left on tables and been stolen that we are not aware of)

        1. Anonymous Coward
          Anonymous Coward

          Re: Is your phone lost, or stolen, or lost, or worse; in an animal's butthole?

          I hope the manufacturers are 100% sure that this remote lock and wipe facility can never be triggered by miscreants.

  3. Gene Cash Silver badge

    Effective?

    Now is this an actual lock, or can you get around them by resetting to factory defaults? In my experience, this gets around the Google "lost/locked phone" bit. Is this something more, because my Nexus 6P doesn't have anything better.

    What about blacklisting the IMEI?

    1. Anonymous Coward
      Anonymous Coward

      Re: Effective?

      The idea is that any personally identifiable information on the phone is lost on the wipe (meaning less identity theft). Sure, the phone can be fenced elsewhere, but where's the money in that these days?

      1. leexgx

        Re: Effective?

        no it means the phone should be permanently blocked anywhere in the world as its the device itself that is blocked not just network block where most would sell it abroad

        like a IOS or OSX device can be with Find my {device} enabled or like samsung devices with the Reactivation lock enabled (it's a brick until you enter the correct email and password, even a full firmware reload does not remove the Reactivation lock/find my iphone lock Flag in the phone as when it talks to the servers to unlock it you need email/password)

        why i find bit silly nowadays to steal a apple product as very high chance that find my iphone is enabled (even ipads and apple desktops and laptops use it as well, as to why it's extremely important you secure your apple account, or you end up like gawker with all devices locked or encrypted)

        if google would make Android Device Danager more an requirement for device lock (as at the moment all it can do is ring, lock and erase but no Lost/stolen marker on the device so they can still sell it to another country after factory reset) if google would put a lost/stolen marker like apple do and limited degree samsung soon as the device gets past the mobile data/wifi setup stage the device would lock it self like samsung and apple do if the phone lock marker is set (or at least make it so google Play/services will never work on the device and constantly pop up with this is a lost/stolen device, if they can't use google play the phone will be a nuisance to use)

        1. Charles 9

          Re: Effective?

          "if google would make Android Device Danager more an requirement for device lock (as at the moment all it can do is ring, lock and erase but no Lost/stolen marker on the device so they can still sell it to another country after factory reset)"

          Google can't ensure that because they don't control the hardware channels sufficiently. Apple and Samsung control their own hardware channels so can ensure this. Google could do it for their Nexus line.

          But then again, haven't the fences gotten smart and skilled enough to unbrick iPhones by switching out whatever chip does the lockout, which also changes the serial, IMEI, and everything resulting in an untraceable phone?

          1. Anonymous Coward
            Anonymous Coward

            Re: Effective?

            You can't "switch out whatever chip does the lockout" because this is controlled by the secure enclave, which is part of the SoC, which is microsoldered onto the logic board. You'd need to swap out the entire logic board, and even then I'm not sure that would work (if the code checks to see if other hardware has mysteriously changed)

    2. Joe Gurman

      Re: Effective?

      Don't know about the gamut of Android phones, but with an iPhone equipped with Touch ID, the run of the mill thief would have had to prepare pre-theft by copying your fingerprints on a gummi bear. As for government spooks, it's yet to be proven they can get around Touch ID/limited PIN guessing, but one suspect's it will happen eventually.

      1. Lord Elpuss Silver badge

        Re: Effective?

        "...with an iPhone equipped with Touch ID, the run of the mill thief would have had to prepare pre-theft by copying your fingerprints on a gummi bear"

        TouchID (fingerprint) doesn't allow you to disable remote lock/wipe; you need the Apple ID and password for that. And if you lock your iPhone remotely you can even choose a new password/code at time of lock which has to be entered on the phone before any other functions are enabled.

  4. Adam 1

    > allow owners who so desire to disable some or all of those options if they don't like the idea that their smartphone could be remotely tracked or accessed.Accessed? OK, I grant you that this is at least technically possible. There is that tiny problem of about 2/3s of active phones can be pwned by a malicious MMS, and let's not even get into the vulnerabilities inside the baseband chips. But is at least on paper achievable if security is taken seriously.Remote tracking though? Uh do they know how a mobile phone network operates? The operator knows damn well where your phone is because your phone talks to its towers, negotiates handovers and so on. That is why your phone actually rings when your number is called. The network isn't blindly broadcasting to every tower around the world to make your phone ring on the off chance that you are there. They actively track you (technically you dob yourself in). So you can't opt out of tracking. You can minimise the number of parties who track you but not opt out totally. Oh and if the tracking worries you, it might be an idea to switch off your WiFi. Even if your iPhone randomises your MAC address, you can still be tracked by your ssid hello messages.

    1. leexgx

      your phone rings because its connected to the local mast location does not really have anything to do with it

      unless the phone sends its active GPS or Wifi geolocation to your network operator won't know where your phone is only have an approx range of 1-2 mile of where your phone is (or active GPS/Wifi Geo) without Active pinging from the 3 masts the network operators won't know where your phone is exactly

      it would require network resources to track every one (tracking one off people is likely not really that hard as long as there are 3 masts in range of the phone and the phone has them passively on standby)

      some phones (like iphones, it even says it will force enable it) when you dial 112 999 or 911 the location services are automatically forced enabled and sent with the call if your country emergency services supports it (even if it's disabled on your phone)

      1. Anonymous Coward
        Anonymous Coward

        "it would require network resources to track every one (tracking one off people is likely not really that hard as long as there are 3 masts in range of the phone and the phone has them passively on standby)"

        Don't they have to track them ANYWAY in order to deal with handoffs? Each tower would know the strength of each phone's signal as a matter of course, which the phone company can poll and then triangulate as needed.

        1. fuzzie

          As I understand it, your phone at any time tracks and monitors around (rather up to) six cells, but it's only connected to one at a time. Depending on latency and signal strength the handset initiates and manages handover, e.g. switching to a new cell. The network only knows about the currently-connected cell. If you're stationary, their best location guess is the coverage area of that cell, possibly sized according to signal strength. The mobile network is hierarchical, so this is local knowledge and only propagates up the stack when requested, e.g. a device is being tracked.

  5. Sparks_

    Lower level than OS

    The protection is already built into the last few families of mobile SoCs (e.g from Qualcomm, Apple, etc), operating at a lower level than OS and application software. Its down in the radio/DSP firmware. The benefit is that as soon as the device is powered on, even without booting, it can be locked, preventing data/ID/financial theft. This is a good thing.

    1. Charles 9

      Re: Lower level than OS

      But what's to say those hardware protections don't have hidden killswitches?

      1. Joe Gurman

        Re: Lower level than OS

        Given the. business with the FBI and a pre-Touch ID iPhone last year, I rather doubt Apple has built one in.

  6. Joe Harrison

    Simple to turn off tracking

    By default the total surveillance tracking mode will be on, for your security and convenience.

    No privacy problem though because all end users will have the choice to turn it off via a simple method of reflash with new ROM (instructions freely available in Chinese) then sideload a tty app to open a console window and enter a few 64-hex-digit codes plus one or two simple unix commands.

    1. Charles 9

      Re: Simple to turn off tracking

      Of course, doing that will disable more and more apps that are becoming root- and custom-aware.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like