Slashdot Mirror
US Carriers Said To Have Rejected Kill Switch Technology Last Year
alphadogg writes "U.S. cellphone carriers were offered a technology last year that supporters say would dramatically cut incidents of smartphone theft, but the carriers turned it down, according to sources with knowledge of the proposal. The so-called 'kill-switch' software allows consumers to remotely wipe and render their phones useless if stolen. Law enforcement and politicians believe the incentive for stealing a smartphone or tablet would be greatly reduced if the technology became standard, because the devices could quickly be rendered useless. A proposal by Samsung to the five largest U.S. carriers would have made the LoJack software, developed by Canada's Absolute Software, a standard component on many of its Android phones in the U.S. The proposal followed pressure from the offices of the San Francisco District Attorney and the New York Attorney General for the industry to do more to prevent phone theft."
... until someone hacks into a carriers network, and deactivates and wipes EVERY PHONE on the carriers registry.
Which has more power: the hammer, or the anvil?
If I'm a carrier, why would I NOT want to sell service to whomever stole your phone?
Since the carriers have no culpability in the theft of your device, the legal fiduciary obligation to the shareholders trumps any perceived moral obligation to you.
Right here:
And this, ultimately, is the problem with those who keep repeating that we should just trust the government. It implies we should also disengage our brains.
Dog is my co-pilot.
You can still part out a phone and make at least a hundred bucks off it. I'm sure they would continue to be stolen just for that amount of money alone.
Better known as 318230.
Each stolen phone that they make the victim pay to replace or make them eat the remaining contract with no phone. that gets hooked back up to their network should gain them a fine and jail time for participating in the laundering of stolen goods.
That's exactly what's going on -- they are dragging ass because they profit, knowingly and deliberately, from participating in this cycle. Some interstate criminal conspiracy charges on executives would also be welcome.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I don't get why I would want my ISP to have a say in whether or not (or how!) I disable my personal computer. But I also don't get why I'd want my government to have a role in that discussion either.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
This is the government wanting more intrusive access into your phone. This doesn't have a damn thing to do with theft. Android already has a "where the ****" is my phone, as well as wiping features exposed through Google's device manager service. If you want another party to have access to such functionality you can make that party administrator of your phone such as is often done when connecting your phone to your company's Exchange server.
Two of my imaginary friends reproduced once
Apple already ships remote kill software with iPhones. Why can't Samsung just do the same with Android phones it sells?
I do see value in being able to tell a carrier that a phone it stolen and they should not allow its use on a network. But remote kill, I don't see as being something that should go through a cellular provider.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I'd say no too if I had to pay all those royalty fees because only one tech was allowed by law.
Just do what Europe has been doing for decades. A shared and standard registry of IMEI and other serial number components of stolen/lost devices.
None of this remote wiping or other stuff. If someone wants that they can buy their own software/mobile solution for it.
Just require the phone to state on its screen: IMEI banned due to reported lost/stolen device. That cuts the resell theft down right there.
Not 100% but a noticeable difference.
the MF reason is profit of somebody selling insurance for cellphone theft - probably the carriers themselves...
Would there somebody be to clean up this mess?
Can't you just imagine this tool when it comes to mass protests? Especially when things turn violent as they have in plenty of countries over the year. The primary way news is getting out is cell phone cameras and videos.
Wouldn't any freedom loving government just die to have access to a kill switch?
I can already imagine how many times someone will lose their phone, then remotely break it only to find it later and hassle customer service to fix it.
Putting that aside, I just can't see this kind of security being useful or reducing actual thefts very much. I can't imagine there won't be a way to disable, remove, or otherwise bypass this remote wipe in some way.
Do you lose your wallet all the time or do you know where it is at all times? Maybe we need a kill switch just in case someone steals your wallet, maybe a die pack or something that goes boom then we could hook it up to the phone so we have a way to send the kill signal. Maybe just don't walk around with your fancy phone in your hand putting down constantly with earphones sticking out of your head on the subway late at night.
One switch to rule them all...
One switch to silence them.
The cellphone protocol HAS the kill switch built in... That's the database CTIA keeps referring to
Apple already ships remote kill software with iPhones.
That statement sent a chill down my spine as an iPhone user. Is there any way to disable this? I'm far, far less worried about my phone getting stolen from my pocket or house (the only two places it resides) than I am about a hacker bricking it.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Phones are litterally like cars.
You can't sell a stolen car. So you chop up the parts since they're not IDed and sell them.
Go on Ebay, check for repair parts. LCD is 150$, camera module, ect ect are all there and can bring in a good amount of money.
Carriers already have white list phones for CDMA. I'm sure there's an equivalent to a bad esn for GSM phones. The repair parts probably already come straight from these phones. A kill switch won't fix anything not already in place, just gives more room for abuse.
A proposal by Samsung to the five largest U.S. carriers would have made the LoJack software, developed by Canada's Absolute Software, a standard component on many of its Android phones in the U.S.
Standardize on protocols, not implementations.
Does anyone have the text of the US Senate bill to see how it defines the kill switch?
That statement sent a chill down my spine as an iPhone user. Is there any way to disable this?
It's disabled by default, you have to enable "FindMyIphone" for it to work.
I'm not sure why it would "send a chill down your spine" to have the ability for you to find your phone if it was lost, which is very useful. It's not like anyone can trigger it without your iCloud account login.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
They are framing this as something for theft prevention, but the main reason they want it is because they want to make sure that if shit starts to go down here, the federal government can simply shut off all the phones in an area so no one can tweet/sms about it.
Do we trust that media companies won't kill phones it decided were sharing copyrighted materials? Do we trust that phone companies won't kill phones from delinquent customers?
OK, Bruce Schneier gives a wonderful case for why corporations shouldn't have the kill switch. But if it gives them so much more power, then why did they reject it?
And this, ultimately, is the problem with those who keep repeating that we should just trust the government. It implies we should also disengage our brains.
I'm confused. So we shouldn't trust Governments because corporations may abuse their power?
Why would anybody favor such an expensive and ineffective option (with so many shortcomings) when the carriers could just be required to keep a database of unique identifiers (don't quote me--I think they're called IMEI numbers) of phones reported stolen and simply blacklist those phones from their networks.
Then, a person can report their phone stolen and the carriers make it useless because none of them are allowed to service it while it is in the "stolen" database.
No "kill-switch" required.
Who did what now?
Something like Apple's Find my iPhone, where it's entirely customer activated, is the only way to go.
Remember about the recent hacks on Mat Honan? Made possible in part by our friend auto-wiping. Ever seen Tom Scott's video on what would happen if someone hacked into Google and shut off password checking? Note the part where everyone's Android phones get wiped. This is the government saying that's a good idea and needs to be required by law.
-Nathan2055
While I agree with others worried that a kill switch could be abused (by carriers / government / MPAA / RIAA / etc), I'm now wondering if it would be a handy way to counter (un)lawful search and seizure of a device by various authorities? Say you're transiting through the US and a TSA agent decides they want to confiscate (and presumably search) your smartphone. If the kill switch is easy to activate (maybe a number you call and enter a code, or via your laptop or friend's smartphone), you could wipe your device before they get the contents.
A recursive sig
Can impart wisdom and truth
Call proc signature()
Kindles come with a kill switch, at least they used to, and it caused no end of headaches to the second-hand market. You could (with some difficulty) verify that the device hadn't been reported stolen before buying it, immediately link it to your own Amazon account (after flashing it to stock firmware of course), and *still* get surprised several weeks later when your device suddenly bricked itself after the previous owner reported it stolen. Granted a lot of that came down to implementation details, but I would want solid evidence that such shenanigans aren't possible before I ever again buy a device with a kill switch in it.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
I wish I could come up with some software, and have governments force people to buy it. What a rack.
A proposal by Samsung to the five largest U.S. carriers would have made the LoJack software, developed by Canada's Absolute Software, a standard component on many of its Android phones in the U.S.
Steal phone.
Power off phone/remove battery.
Take phone home, boot into bootloader.
Install Cyanogenmod.
Only nerds do this. But when criminals find that their phones are stolen, they will resort to Google. It's think up a new way to make hundreds of dollars at a time, get a job, or figure out a quick way to get around this Lobe-Jacks software. There is no expedient to which a man will not go to avoid the labor of thinking, thus someone will think "there has got to be something online to un-kill this phones".
I've seen ghetto retards do the most complicated shit they don't even understand. "No NO!!! Fool! You gots ta gets in da bootloader! Try volume! Gimme dat! Wut... hold on shits... oh power and volum, datz did it...okay so puts the cable... run dat, yeah... yeah try dat, da phone... okay now you reboot it! Okay so you copied the file on da card right? Okay hit install, on the menu!"
They scream and strain, but they eventually get it done, with little enough effort.
Support my political activism on Patreon.
who in their right mind would steal an android phone thats practically given away new? Junk!
Not a Kill switch per se but..
If you owe money or have a phone stolen with Sprint, they will flag your ESN and you can not get service on that phone. I call Sprint and check to see if the "ESN is clear" before buying any Sprint based phone. I don't actually trust Sprint CSR's so I call twice to verify, if not yes both times, I won't buy that used phone. Some of them will just yes it is clear, without even checking and when you actually buy it and try to activate it, you'll find out they lied.
the immediate response on /. is always "But what about the hackers!" as if there's a group of malicious hackers just waiting for the technology to appear so they could exploit it
That would be because there IS a group of malicious people looking to exploit technology, some of them merely because they can. The topic gets brought up because it usually is insufficiently considered in the beginning. If something can be exploited you can be pretty sure that sooner or later it will be exploited.
. Most systems get hacked because there's some profit to be made out of it or someone is trying to put a message out there.
You think there is no profit to be made in wiping people's cell phones? Ever hear of blackmail? How about terrorism? Think there is no profit to be made in selling technology to mass kill cell phones to terrorist groups who might want to cause problems? There is profit to be made in exploits if you really think about it hard enough.
One mechanism that most immediately occurs to me would be that a device with a remote-brick feature would have a password, created and assigned by the user of the device, which would not get reset by wiping the firmware or installing a new sim card.
People are demonstrably TERRIBLE at remembering passwords. I know people who have to look up passwords for things they use daily.
I'm not likely to ever lose my iPhone (except in my bedroom, at which resolution I'm sure its of no use)
It's not just location and the ability to remote wipe you get, but also to have the iPhone emit a sound on demand (which works even if you have it on silent). I've used it a few times when I've lost it somewhere in the house.
I'm far more worried about hackers from somewhere random in the world deciding to to disable phones for the lulz.
Since tens of millions of people use it and we've never heard of that happening, I'd rather be able to find my phone easily or wipe it myself remotely... it's not impossible but very, very unlikely. Most hackers these days are not doing things for amusement, but for profit - and there's no profit in siping someone's phone.
Besides, if you have iCould set up you'd just restore from backup so what would be the point?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Is so the next time there's something like the Occupy movement and they want to use police brutality again, this time they can just shut down everyone's phones so no video gets out. Nobody hears a word.
Or in any other case where the gov't is trying to keep it's dirty secrets.
What's the carrier got to do with it? They should offer their app to the customers.
... wipe phones of protestors witnessing/recording police brutality due to their location (couple location metadata with request to kill all phones in the area).
We've gone WAY past what the Nazi state was capable of, yet people are too ignorant to realize the same stuff is being done here on a greater scale.
The ability to disable cell phones is already there and used in most of the rest of the world. All the carriers have to do is to ban the IMEI number of the phone when it is reported stolen and the phone can't be activated on the network. Yes, the phone isn't wiped, but it removes the primary cause of phone theft, which is selling them (since people will not be able to activate and use the stolen phone). This is used to great success almost everywhere except for the US where the carriers refuse to do it. We don't need something new, we just need the carriers to do the same thing carriers all over the world are already doing.
My guess is that carriers don't want to halt phone theft since it is a money boon for them. If someone's phone gets stolen, then they have to buy a new one from the carrier at full price, and the carriers make more money that way. If they start banning IMEI numbers and phone theft goes down, they don't get than extra money in their pocket. All the government has to do is mandate that the carriers not allow stolen phone's IMEI numbers on their network and everything takes care of itself.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
These carriers have seen that it reduces theft in the rest of the world. And I mean reduce, not 'completely stop it'.
So these companies know it will work and reduce the demand for phones. So why would they be against it? Oh right, money.
Don't fight for your country, if your country does not fight for you.
Misread and thought: "Not even the military can be so dumb to actually consider a kill switch on an aricraft carrier"
Following a future terrorist attack, executed by conspirators using cell phones, the government will gain access to the database of kill codes 'in order to protect our freedom'. Police will also want to have access to the codes so they can brick suspects' phones on demand. "Appropriate legal safeguards" will be put in place to prevent then from using it against people who criticize the government, exes, union leaders, rival politicians and their campaigners, etc.
These safeguards will of course be inadequate or outright abused, resulting in the bricking of the phones of activists, journalists, and other individuals whom individuals in the government or the government itself doesn't want communicating.
don't carry around a $500+ hand-held computer that has a telephony function.
You know what you call an iPhone whose cellular radio no longer works? "iPod touch". People still buy those.
What do you think MPEG and Dolby did when they got the MPEG-2 and AC3 codecs into ATSC?
You don't live in that kind of a society right up until the moment when you do live in that kind of a society, at which point it is rather too late to do anything to prevent it. Trust someone who lived behind the iron curtain - you don't WANT to know what society will be like if we keep heading in that direction. However small those steps are, they are not reversible.
There is a network block feature that allows a phone itself to be blocked from the network by an internal identifying number. (no, not based on the SIM card). This is typically done when the phone is reported stolen. Of course, the thief could still use it as an iPod touch type device. However some phones, like those from Sharp, will detect the block and prevent all use until it is removed by the carrier. It's very effective, but it sucks if you buy a phone from someone who stops paying their bill.
All the carriers have to do is to ban the IMEI number of the phone when it is reported stolen and the phone can't be activated on the network.
I realize people can't be bothered to do a Google search, but the USA has had a national IMEI blacklist since October 31st, 2012. See this CTIA press release. It's also not difficult to check if a phone is blacklisted, this site is one place that does ESN/IMEI checks for free.
We've lived with this situation long enough to know what the outcome has been. People still steal phones because they have value as parts. Also, they're bought up by scammers that re-sell them to people on Craigslist who don't know any better. It's also worth mentioning not all of these phones are stolen, it's generally a mix of phones that were lost, traded in without disabling the phone's lock, insurance fraud and some that are blocked by the carrier for a defaulted payment plan or wireless contract.
There's absolutely nothing stopping a criminal from forcing the person they're mugging to sign out/disable a phone's locking feature. Apple even has a helpful guide (ostensibly for people looking to give away, trade-in or resell their old iDevice) explaining the process. Are you really going to tell a criminal "no" when they've got a gun pointed at you? If your city has a mugging problem, then something needs to be done about the crime. If it's not cell phones, it will be good, old fashioned wallets, purses and jewelry.
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
The way to go as others have said above is to let owner of the phone set a bricking password to be used if the owner thinks it's neccesary, not a generic network command that can be misused by [ evil gubment | evil operators | evil hackers ].
The owner still has full responsibility to set the password and to issue the command.
[off topic]
This week I saw a lecture by a criminologist who stated that the decline in crime in the western world was probably caused for a large part by two simple things: better locks in houses and better locks and switches in cars.
These security measures stopped starting crimininals becoming full blown ones.
We might need smartphone security to stop young people advancing in a criminal career.
[/off topic]
Only a problem in countries where the government censors and restricts the public. We're talking about the US, so ..... oh, nevermind.
Like the feature incorporated in iOS' Find iPhone app? The app that enables one to lock the phone and post brief text message to call owner and sound an alarm? The feature that got a finder of my wife's iPhone to call almost immediately after I set it to do the above?
Guess what? My carrier has nothing to do with that app.
So blaming the carriers for killing the kill switch (sorry) is bullshit. Samsung, theoretically, can create an app. Google/Android could if they cared.
But, of course, the not-Apple OEMs don't sell to anyone except carriers, with rare exceptions. So I guess if the true customers don't want such an app, people are just SOL.