Prosecutors Push For Anti-Phone-Theft Kill Switches 257
New submitter EdPbllips writes "Law enforcement officials nationwide are demanding the creation of a 'kill switch' that would render smartphones inoperable after they are stolen, New York's top prosecutor said Thursday in a clear warning to the world's smartphone manufacturers. Citing statistics showing that 1 in 3 robberies nationwide involve the theft of a mobile phone, New York Attorney General Eric Schneiderman announced the formation of a coalition of law enforcement agencies devoted to stamping out what he called an 'epidemic' of smartphone robberies. 'All too often, these robberies turn violent,' said Schneiderman, who was joined at a news conference by San Francisco District Attorney George Gascon. 'There are assaults. There are murders.'"
Apple described a system like this in their presentation about iOS 7 at WWDC.
What a great idea! (Score:5, Insightful)
Re: (Score:3, Interesting)
Re:What a great idea! (Score:5, Funny)
I thought Windows 8 was a kill switch.
Re: (Score:3)
No, it's just a clever way to make sure nobody will want to steal it in the first place.
Re:What a great idea! (Score:5, Insightful)
Microsoft has always supported the effort. They were the ones who called law enforcement to work about stolen phones. They really cared for customers, imo.
They may have always supported the effort, but they were far from the first in calling for fixes to stolen phones.
The universal IMEI/MEID blocking, long in effect in most of the world has been fought tooth and nail by the carriers.
Because they they earn additional revenue when you come in and buy a new phone after you get mugged, they had no
interest in setting up and maintaining such a database. It was less than a year ago [engadget.com] that they finally agreed to build such a blacklist. This plan could work for existing phones, even dumb phones.
Rather than give that time to work, they now contrive to call it a failure, and they now want to launch a whole new requirement, and get everyone to buy a new phone in order to be included in the "protected group".
There are those that insist that you can simply and easily flash a new IMEI on a phone, but it is not as simple as some would have you believe, that the guy in the hoodie who knocks you down and grabs your phone doesn't have the skill set to do so.
With a blocked IMEI you can unblock it if it is recovered if you can prove to the carrier that you are the rightful owner. With a kill switch, you are screwed. There is little incentive to report a lost or stolen phone, since it ruins any chance of recovery. It will still require replacement once you report it, even if you find it at your friends house where you left it after the party.
Re: (Score:2)
Re: (Score:2)
I don't get it. Why would the government want a kill switch? Your phone company can already block your phone from the network at any time. The government could just tell them to do it.
You should be worried about the government listening in, not killing your phone.
Re: What a great idea! (Score:5, Informative)
A lot of stolen phones are shipped outside the USA. A kill switch would render them useless
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Technically in terms or realistic policing, blocking attempts to connect to the phone network is far better than bricking the phone. Each attempt at connecting to the network represents an opportunity to identify and apprehend the thief. In fact the connection could be allowed and monitored with the specific intent of investigating and prosecuting the receiver of stolen property in order to further track it back to the thief. Brick the phone and you purposefully, stupidly create a legal prosecution dead en
Re: (Score:2)
Nope.
If the government knows who they are then I'm sure they'd rather listen in than kill the phone.
Re:What a great idea! (Score:5, Insightful)
No, of course not. Eric Holder and Barak Obama, the FISC, Congress, the CIA, the FBI, the NSA, etc are all COMPLETELY TRUSTWORTHY. All they want is to make us all nice and safe. Promise! Nobody would EVER turn off the phones of people they didn't agree with, just as they were organizing a protest? Nah, that could never happen!
Re: (Score:3)
Having a kill-switch offers no benefit to the government, nor to the carriers. It only benefits the users, aka t
Re: (Score:3)
You're trying to spoil our OUTRAGE DUDE! ;)
Re: (Score:2)
Cheer up, we'll be gone soon enough. I guess in all fairness nobody NEEDS phone bricking to turn off our service, but it has the nice side-effect of being permanent and expensive to undo.
Re: (Score:2)
If the 'kill' needs a PIN, and that PIN is on a scratch card in the box then who can abuse it...?
Apple's scheme doesn't go far enough. Software will be hacked, it needs to blow a fuse in the CPU and destroy it.
Re: (Score:2)
Apple's scheme is sufficient. An iOS device is of pretty limited functionality if you cannot update it ever from Apple. And once it is locked that is what you have regardless of your carrier does with the IMEI.
In theory thieves could root them, but the market value for that type of stolen phone will be much lower.
Re:What a great idea! (Score:5, Interesting)
"I'm sure that with everything we've learned recently regarding the Government and phones, there's no way this could -possibly- be abused!"
I agree with the sarcasm. Kill switches are a horrible idea. And completely unnecessary.
For example, have a look at The Prey Project [preyproject.com]. This is a good example of a secure means by which an OWNER can track, and even get screenshots and camera shots from, a stolen device.
Why "kill" a device when you stand a good chance of getting it back? Killing it does nobody any good, and has lots of quite horrible abuse potential.
Re:What a great idea! (Score:5, Insightful)
Because Prey wont actually help you get your phone back. Eliminating the stolen phone market will prevent your phone from being stolen in the first place.
Im also not getting the concern over govt abuse. How / why would gov't use a kill switch? If you want to track someone, isnt that the LAST thing they would do? Its not exactly subtle, you would immediately know if it was used.
Re: (Score:2)
And if you and everyone else in a certain radius say a block or two had their phones killed, what would you think? Possibly that the government wants to hide activity or prevent any collateral damage from being able to get word out who it was that came in the black helicopters? Nah, it would probably just be some hacker.
Re: (Score:2)
Re: (Score:2)
You can use VOIP apps instead where wifi is available. They'd rather kill the phones.
Re: (Score:2)
Re: (Score:2, Troll)
Remind me, which party was it that disenfranchised voters by skin colour in the 2000 election? Oh yet, I remember, it was the Republican party. The same party that had a brother of one of the candidates deliver the key state.
You have no room to be playing the victim. Your party is evil.
Re: (Score:2)
Actually the government has shown it will attack a particular political group. ( IRS scandal)
Yes, but that generally only works when theres plausible deniability and you arent sure you've been targetted.
What would your general thought process be if the kill switch was hit on your phone? "Gee, I must have done that accidentally, surely nothing suspicious here"?
Re: (Score:3)
Re: (Score:3)
For a kill switch to work:
-A phone's serial number has to be embedded such that it can't be changed in any cost-effective way.
-A network needs to be able to unambiguously identify a phone's serial number in a way that the phone's software/firmware can't block or alter.
-A network needs to be able to send a kill message in a way that the phone's software/firmware can't block or alter.
Basically the kill functionality will need access to the radio that is independent from the res
Re: (Score:2)
In regards to Prey, the big difference is people CHOOSE to install it, knowing the risks and concerns. Making a kill switch mandatory is just stupid. Prey is even available for smartphones: http://preyproject.com/blog/tag/mobile [preyproject.com] .
Corporate - Government Synergy (Score:3)
The companies get new sales and the government gets a stealthed system to quickly kill organized protests and evidence of police brutality with the push of a button. Win-Win!
Re: (Score:2)
The companies get new sales and the government gets a stealthed system to quickly kill organized protests and evidence of police brutality with the push of a button. Win-Win!
If you think that shutting down cell phone communications to a specific area is difficult and requires new software, you are deluded. Sorry.
Re: (Score:3)
Why "kill" a device when you stand a good chance of getting it back?
No you haven't. Even if you know where it is, what are you going to do? Really...?
Besides, you're in charge of whether or not it's killed. You have to report it stolen.
Killing it does nobody any good, and has lots of quite horrible abuse potential
Yes it does. Read the summary - people are being mugged and murdered for their phones. A kill switch makes them worthless to thieves.
Re: (Score:3, Insightful)
Consider this: Mugger demands your phone, but knowing that you may just kill it when he runs away with your phone, kills you instead and takes your phone.
Re: (Score:2)
> Why "kill" a device when you stand a good chance of getting it back?
Because you don't actually stand a good change of getting it back. You can already track iPhones to within a meter if it has line-of-sight to the open sky. Or you can track an indoor iPhone or a Macintosh to within half a block or so via wifi triangulation. But if your iPhone, iPad, Macbook, or whatever is stolen; just try calling the police and telling them "My iPhone was stolen and the thief is $here.". Unless your name is Apple
Re: (Score:2)
Killing it does nobody any good
Your libertarian paranoia is stopping you from seeing the reality of the situation again. Denying a criminal the benefits of his crime is a good in itself. And if the knock on effect is to reduce the numbers of crimes, which it will be, then there's a universal good too.
Re: (Score:2)
Re: (Score:2)
While that's true, do you think Grandma or Grandpa would be able to unbrick the phone that some script kiddie decided would be fun to lock up? No, which means either going to a different phone (luckily they still have a land line) to call the phone company to ask that it be unbricked or buying a new phone, whichever is less hassle.
Re: (Score:2)
A system of which is only effective if more than a certain threshold of devices actually utilize it... since a would-be thief is not likely to know ahead of time whether or not your device has a kill switch in it.
Sure, you might be able to render *YOUR* device unusable to a thief, but as a general discouragement against theft in the first place, it's only effective if it actually is generally practiced among more than perhaps at least half of all devices, so that a thief will have no particular reason to
Re: (Score:2)
Of course it's better if all phones have a kill switch. But it's still useful if only iPhones do, as they are often specifically targeted by thieves. If thieves know iPhones can't be resold because they'll be bricked, they won't bother stealing them.
A less well known and identified brand would be a different story.
Re: (Score:2)
Too bad phone mimicry is legally discouraged : /
Re: (Score:3)
I'm going to paint bright orange-red stripes on my phone, to make thieves think it's poisonous.
Better yet out a Windows logo on it.
Re: (Score:2)
I'm sure that with everything we've learned recently regarding the Government and phones, there's no way this could -possibly- be abused!
1. You mean "what we were told", not "what we learned". Just like the MSR scare a few years ago, when millions of idiot mothers believed one doctor and couldn't be convinced by anything the government said, and it turned out that doctor had actually been paid to produce the results that he did produce. Why do you believe one man and his claims? (I think Apple's reply was "we have never ever heard of Prism, and nobody gets any data without court issued subpoena).
2. So how could this be abused? The feature
Re: (Score:2)
Re: (Score:2)
I think Apple's reply was "we have never ever heard of Prism, and nobody gets any data without court issued subpoena
Just wanted to point out...
Apple wouldn't need to be aware of Prism, Prism goes after the network providers, Verison, AT&T, etc.
Its a smaller vector of attack, if they had to go after every single phone manufacturer they'd have a much harder time getting everything.
Google is aware of it because Google is not just involved in Android, they're also the largest internet search provider on the planet. Again, small vectors, they dont go after the ISPs, they go after the search providers.
Re: (Score:2)
I'm sure that with everything we've learned recently regarding the Government and phones, there's no way this could -possibly- be abused!
Oh piss off with your libertarian paranoia. It's boring. Law enforcement are urging MANUFACTURERS to disable stolen phones. It's not the government demanding a kill switch that they operate.
Libertarians are like luddites that would keep the benefits of technological improvement away from people because of their stupid fears.
If my mobile phone is stolen, I want it disabled. And heck I don't want there to be an incentive to steal it anyway. You're a moron if you don't see this as a positive.
Re: (Score:2)
Funny, I always considered myself a Liberal... could it be that your prejudice against a particular group is forcing you to see a Libertarian where there is none?
What you posted was libertarian paranoia, regardless of what you consider the sum total of your belief set to be. If it's not your nature to come up with libertarian paranoia, then you might consider who's propaganda has been working on you.
Unintended uses (Score:3, Insightful)
The IRS/etc. would NEVER use this to disable someone's communications ability because they were doing something the government didn't like. No sirree. Not ever. Pure as the driven snow, this design is.
It's like people can't think past the next episode of their favorite TV show.
Re:Unintended uses (Score:5, Interesting)
On the other hand, you could use it to nuke your own phone if the police had seized it and were using it to find evidence against you...
Re:Unintended uses (Score:5, Funny)
On the other hand, you could use it to nuke your own phone if the police had seized it and were using it to find evidence against you...
Yeah, right. You really believe the police won't have a kill-switch kill-switch?
Re: (Score:2)
Yeah, right. You really believe the police won't have a kill-switch kill-switch?
If you use two-factor authentication, even Apple won't have a kill-switch kill-switch. Anyway, what the feature does is it first wipes the phone (which takes a tenth of a second because it only needs to wipe the encryption keys which are only ever kept on the phone), _then_ activates this locking feature. If the police has a kill-switch kill-switch, then worst case a happy policeman got a new iPhone without paying.
Re: (Score:2)
I think you mean you got a new obstruction of justice charge. That can even be used to suggest that you are guilty, since you made an effort to cover up that guilt.
Re: (Score:2)
Of course you'd get obstruction charges if used during an active case, same as if you smashed your phone.
Not getting how thats an argument against the feature.
Re: (Score:2)
On the other hand, you could use it to nuke your own phone if the police had seized it and were using it to find evidence against you...
Um, no. Nuking the phone means making it unusable, not actively zeroing out the flash card. Besides, anything that is "nuked" can be replace with new parts, re-flashing the ram, etc. So it would cut down on the casual thief stealing a phone to use, I guess, but not stop theft completely.
Re: (Score:2)
Too bad it cannot work.
Worst case from the thieves point of view the phones are now only valuable as parts. More likely he will just have to accept a little less for it since now someone will be paid to get around this lockout.
The police prefer to not focus on real crime, real criminals are dangerous.
Don't we already have this? (Score:5, Informative)
Something similar has been available for YEARS- all you need do is ask the phone company to invalidate the IMEI number.and/or activate the memory wipe software built into Android, iOS, and Windows phones.
Has Symbian and Blackberry been left out of this feature? I would have thought consumer demand for it would have produced it on those platforms as well long ago.
Re: (Score:3)
So, I think this system has potential for abuse, both by governments and by some random hacker/disgruntled employee killing off phones.
But, the IMEI thing is not really a fix.
1) The phone can still be used as an ipod or tablet.
2) IMEI can be changed.
In addition, IMEI record keeping is rather poor.
Re: (Score:2)
By what dark magic do you propose to do that?
There is no reason the phone OS ever has to report that number burned into hardware vs one it made with a random number generator if that is what the owner decides to do. Just like spoofing MAC addresses this would quickly become trivial.
Re: (Score:2)
Mac Adresses are spoofed all the time. It is trivial to do.
They do have IMEI numbers that are unique, but again can be changed or spoofed.
There is no need to change hardware to spoof an id, just have the software lie about what the hardware id is.
Re: (Score:2)
I hereby, formally request you turn in your
Re: (Score:2)
It exists, it's called the IMEI and it's internationally unique (international mobile equipment identity). In that one number exposes a serial number and the model and submodel of the phone (it's how the carriers know what kind of phone you're using).
The
Re:Don't we already have this? (Score:5, Informative)
There's still no nationwide database in the US of all stolen IMEI numbers. Even if you tell your carrier that your phone was stolen and they bother to invalidate the number, AFAIK there's nothing stopping the theif from using the phone on a different carrier (assuming the phone is compatible, obviously.)
Re: (Score:2)
There's still no nationwide database in the US of all stolen IMEI numbers. Even if you tell your carrier that your phone was stolen and they bother to invalidate the number, AFAIK there's nothing stopping the theif from using the phone on a different carrier (assuming the phone is compatible, obviously.)
Well *clearly* this is why networked locked phones are in the public's best interest!
Re: (Score:2)
Actually there is [cnet.com]. The two major GSM carriers, T-Mobile and AT&T, share a database. Sprint and Verizon will be joining that database by the end of the year; though not that stealing a CDMA phone does you much good on a GSM network and vice versa at the moment. In any case the problem is that the IMEI database is not enough;
Re: (Score:2)
Now, I don't know how that's going to work, but I can easily forsee a case of Google (for example) seeing a non-Google-approved android device showing up at the Play Store and the kill code being sent out... not saying Google would do that, but can you imagine the fun of a malicious app that lets you do something wonderful, for
Re: (Score:2)
IMEI is almost entirely useless. Few carriers care about IMEI block lists, and it's easy enough to export the phones to a place which doesn't care anyway. In addition you can sometimes change IMEI numbers, but that is unnecessary.
Re: (Score:3)
Where was this?
The police where I live do not care. They will not retrive phones if you give them the location and photos of the crooks.
If you're robbing someone... (Score:4, Insightful)
you will take their phone regardless of whether it is any good to you. Why? because it can be used to call the police as soon as you leave.
most phones swiped on the run (Score:3)
A phone that is being used one-handed is a really easy target for someone to grab on the run...much easier than trying to get someone's wallet or purse.
Re: (Score:3)
True, thieves want whatever they can get, but right now, phones are the most valuable piece of property your typical pedestrian is carrying. Robbing someone is a pretty risky business and if you cut down the expected profit from $200 phone sale (I've never tried, but I assume that's what you get from a hot iPhone), to the $30 your average pedestrian carries, you'd get a lot more people turning to pan handling, drug dealing, or whatever they do when your out of other options.
I don't know any (admitted) thiev
Unintended consequences (Score:3)
The problem is that the lack of a kill-switch gives incentive to steal a nice phone, no matter what it takes.
The response is to make the stolen phone remote-brickable, even after a factory-clean wipe.
The counter-response is to make sure the theft of the phone is never reported. And dead men tell no tales.
Of course, this means that the trackable live phone is in the hands of a murderer or an accessory-after-the-fact, so law enforcement has both incentive and means to pursue justice... so it's self-correcting, except for the whole "original victim is dead" part.
Re: (Score:2)
The pool of people who are willing to steal is dramatically smaller than the pool of people who are willing to (intentionally) commit murder. Usually the robber does not start the robbery with the intention of killing the victim. If we cut robberies down to only intentional murders, the police will have lots of resources to deal with much fewer cases, and that should take those murderers out of circulation fairly rapidly.
As an extra bonus, if a fenced phone is likely to come from a murder victim, a lot more
Okay then (Score:4, Insightful)
Who's going to inform all of the would-be muggers that the world of cell phones suddenly changed? Bad muggers! Stop mugging! That'll show em! They know they can still sell the phones for parts and make more money than they would just selling a phone. It's not going to deter them from stealing the phone. Besides, JTAG and such will continue to render inoperable phones operable, not to mention that it may be possible to bypass the kill function if you get into the phone fast enough.
Look at Egypt and Turkey and wherever else. This is an excellent way for a government to say "No more smartphone for you, protestor!" Even if they don't use it in the USA, who WILL use it? The hardware will be built to allow it, so the next nation to have unrest will simply broadcast the kill bits en masse, and the protestors will be censored. Sounds quite delicious from a dictatorship's standpoint.
Re: (Score:3, Informative)
Who's going to inform all of the would-be muggers that the world of cell phones suddenly changed?
The fence they use to offload their stolen phones.
Re: (Score:2)
Huh. Today I learned that a fence isn't just a wall without a ceiling.
Re: (Score:2)
Besides, JTAG and such will continue to render inoperable phones operable
If you put a fuse on the die in the some important place (voltage regulator, memory controller, CPU) or even on package in the bonding with a way to allow the CPU to blow the fuse, you can render the device completely inoperable short of the thief replacing the SoC (which is unlikely to be worthwhile)
Re: (Score:2)
They know they can still sell the phones for parts and make more money than they would just selling a phone.
I doubt that. Phone parts are relatively cheap because few people buy original parts. The only ones who do buy official parts are the official repair shops, and they are unlikely to buy parts from thieves.
Its about time. (Score:2)
Re: (Score:2)
Short of magic how would that work?
If I control the OS how exactly do you prevent me from uninstalling/deleting this software? How do you prevent me from patching around this?
This is just another ruse to get you to beg for trusted computing.
Re: (Score:2)
If I control the OS how exactly do you prevent me from uninstalling/deleting this software? How do you prevent me from patching around this?
Apple controls the firmware. That will make it very, very hard to install a different OS, and impossible to boot into it.
Re: (Score:2)
Jailbreaking will occur, just as it has in the past.
Also this is not being proposed just for Apple. I will not buy a device I am not allowed to own.
Re: (Score:2)
So what's the real motivation? (Score:2)
ridiculous (Score:2)
By the way, what's going to stop people from stealing the screen glass, screen, and battery from a smartphone and ebaying it? Do they have a killswitch for that?
Shouldn't cell phone thefts help police? (Score:5, Insightful)
If 1 in 3 robberies involve stealing a tracking device that can lead police back to the culprit, shouldn't that be making the job of police much easier?
Instead of a "kill-switch", shouldn't law enforcement be asking for a tracking beacon that can be turned on to help track down all of these stolen phones? (I know Apple's kill-switch does enable GPS tracking, but that doesn't seem to be what the Attorney General is asking for). It's not like criminals are going to say "Oh geeze, I can't sell a stolen cell phone anymore, guess I should finish up my degree and get a real job" -- They are still going to be committing crimes, but will steal cash and expensive purses instead of cell phones.
Anti-Phone-Theft Kill Switch (Score:2)
Is that how now is called an enforced remote backdoor? What ensures you that it won't be used to i.e. track everyone, where they are, what they use, what they write or how licensed is the media they are playing? Will be outlawed (or at least, not offered by the companies) the "non-approved" phones because of this?
Probably "think on the children" and "or the terrorist will win" were too used this week, and they had to invent something else. But i would had waited a few weeks so the massive awareness on how
Re: (Score:2)
Instead of creating a vulnerable rootkit... (Score:2)
...why not just issue a CCW with every smartphone purchased, under the condition that the purchaser passes the required training and background checks?
If thieves knew that smartphone owners might be armed and dangerous, they just might stop thieving.
Kill switch? Why? (Score:2)
Why would the phone need special support? Every phone has a burned-in IMEI. So the subscriber registers the IMEI to their subscriber ID (IMSI) when they activate their phone. It can even be automated: when a SIM's issued to a subscriber, the first time it's put in a phone the carrier associates that phone's IMEI with the IMSI. Then, when the subscriber reports his phone stolen, the carrier publishes the IMEI to a database. All carriers check that database, and when an IMEI that appears in the database tries
requires cooperation between *all* carriers (Score:2)
While it's an interesting idea, many phones can be used in multiple countries so you're talking a global database of valid IMEI numbers. Good luck getting that organized.
Also, a workable kill-switch would make it totally useless. If all we do is block cell connectivity it's still essentially an ipod or equivalent, so not entirely without value.
In other news... (Score:2)
There has been a recent uptick in sales of Faraday Bags [faradaybag.com]...all cash sales, of course.
Why? (Score:2)
Why kill the phone? (Score:2)
It's prefectly fine and self-regulative... (Score:2)
Two thoughts (Score:2)
Two: If the phone is deactivated accidentally (or intentionally as a prank or malice against the owner), how much would you trust your mobile carrier to be reasonable in their process to reactivate the phone?
Re: (Score:3)
One: Can we expect petty criminals to be up on this latest news and be aware of this feature BEFORE they have already mugged you and tried to fence the phone?
Yes. Criminal communications are good. I would be surprised if it took as much as a month for robberies targeting a protected model to stop.
Two: If the phone is deactivated accidentally (or intentionally as a prank or malice against the owner), how much would you trust your mobile carrier to be reasonable in their process to reactivate the phone?
This is a kill switch. The carrier should not be able to fix the phone afterwards. The phone manufacturer might be able to fix it, but not if the kill switch is properly implemented.
Re: (Score:2)
You've obviously missed the stories about the police wanting kill switches in cars so they don't have to chase them any more.
The problem with argument by absurdity is that the government has probably already come up with the idea.
Re: At what level (Score:2)
Doesn't have to be 100% effective
Just enough to make it unprofitable to resell stolen phones. Thieves have bills and expenses so if you make it hard enough that they can't sell enough phones to live on, they will stop selling phones
Not all thieves are worthless scum either. The nypd busted some college kids last month who were running a stolen iPhone ring for extra cash
Re: (Score:2)
Today people get robbed for 3 things: money, passports, and phones. Cash is going away, so you have to bring the victim to an ATM to get the money out, and most people do not carry passports so you have to be really careful selecting your victim. Phones are easy to spot, so you know that there is something to rob, and they are extremely easy to fence.
If we take phones out of the equation, the criminals are likely to switch to other types of crime. Hopefully types which are less devastating to the victims.
Re: (Score:2)
All of which is extremely easy to accomplish today. Yet even in Turkey or Egypt it does not happen. Well they do shut off cell phone towers completely of course.