US Carriers Said To Have Rejected Kill Switch Technology Last Year 197
alphadogg writes "U.S. cellphone carriers were offered a technology last year that supporters say would dramatically cut incidents of smartphone theft, but the carriers turned it down, according to sources with knowledge of the proposal. The so-called 'kill-switch' software allows consumers to remotely wipe and render their phones useless if stolen. Law enforcement and politicians believe the incentive for stealing a smartphone or tablet would be greatly reduced if the technology became standard, because the devices could quickly be rendered useless. A proposal by Samsung to the five largest U.S. carriers would have made the LoJack software, developed by Canada's Absolute Software, a standard component on many of its Android phones in the U.S. The proposal followed pressure from the offices of the San Francisco District Attorney and the New York Attorney General for the industry to do more to prevent phone theft."
So full of nope: Bruce Schneier on this (Score:5, Informative)
Right here [schneier.com]:
And this, ultimately, is the problem with those who keep repeating that we should just trust the government. It implies we should also disengage our brains.
LoJack, talk about money lobbying (Score:4, Informative)
I'd say no too if I had to pay all those royalty fees because only one tech was allowed by law.
Just do what Europe has been doing for decades. A shared and standard registry of IMEI and other serial number components of stolen/lost devices.
None of this remote wiping or other stuff. If someone wants that they can buy their own software/mobile solution for it.
Just require the phone to state on its screen: IMEI banned due to reported lost/stolen device. That cuts the resell theft down right there.
Not 100% but a noticeable difference.
Re:That's a great plan... (Score:5, Informative)
... until someone hacks into a carriers network, and deactivates and wipes EVERY PHONE on the carriers registry.
Not going to happen for two reasons.
1. There are multiple HLR's (Home Location Registers) in almost every carrier's network. This is where the subscriber information is kept and they are fully redundant (i.e. have multiple copies in the network). In order to kill everybody in a carrier's network, you are going to have to disrupt multiple HLR's and all of the redundancy built into the network.
2. The configuration interface of an HLR is very isolated and allowed transactions are limited to a single handset at a time. There is no way to bulk erase the database from the public interface of the HLR, you are going to have to get access INSIDE of the HLR. Trying to disrupt a network one handset at a time will take a LONG time and I'd bet they'd figure out what was happening and shut down the public HLR interface before you get very far.
But even if you did manage to break into multiple HLR's and their redundant backups and bulk erase their subscriber data, you have the problem of the VLR (Visitor Location Register) which is what the network *actually* uses when dealing with your handset. The local MSC (Mobil Switch Center) which runs the cell your phone is in only consults the HLR when it first sees your handset or you receive a call, loads the data from the HLR into the VLR. MSC's usually cover fairly large geographic areas, so even if the HLR's are trashed, most people's handsets will still work great for making calls. Receiving calls and voice mail might be more of an issue but how do you know you didn't receive a call or a voice mail didn't get collected?
Then there is the problem with backups. You KNOW that they keep backups of the HLR data. I've seen an HLR that used Oracle as it's back end. They kept *hourly* snapshots to disk and *daily* complete backups. Plus they copied off the transaction logs as soon as they where written by Oracle. If you managed to corrupt their on disk data in the HLR, they could get the HLR restored to within an hour of your attack in less than an hour, then recover the HLR to exactly what it should be by inspecting the transaction logs and just taking out the bogus deletes. It would be a pain, but the bulk of the disruption would be short lived.
Good luck, you are going to need it.
Re:That's a great plan... (Score:4, Informative)
You're looking at the wrong level. The proposal was for software embedded in the phone (not the HLR) so that it would brick if it received the right command. So no need to corrupt the HLR at all, just send the brick yourself command to the phones.
Comment removed (Score:4, Informative)