US Carriers Said To Have Rejected Kill Switch Technology Last Year

← Back to Stories (view on slashdot.org)

US Carriers Said To Have Rejected Kill Switch Technology Last Year

Posted by samzenpus on Monday February 24, 2014 @06:07AM from the shut-it-down dept.

alphadogg writes "U.S. cellphone carriers were offered a technology last year that supporters say would dramatically cut incidents of smartphone theft, but the carriers turned it down, according to sources with knowledge of the proposal. The so-called 'kill-switch' software allows consumers to remotely wipe and render their phones useless if stolen. Law enforcement and politicians believe the incentive for stealing a smartphone or tablet would be greatly reduced if the technology became standard, because the devices could quickly be rendered useless. A proposal by Samsung to the five largest U.S. carriers would have made the LoJack software, developed by Canada's Absolute Software, a standard component on many of its Android phones in the U.S. The proposal followed pressure from the offices of the San Francisco District Attorney and the New York Attorney General for the industry to do more to prevent phone theft."

19 of 197 comments (clear)

Min score:

Reason:

Sort:

That's a great plan... by Lab+Rat+Jason · 2014-02-24 06:10 · Score: 5, Insightful

... until someone hacks into a carriers network, and deactivates and wipes EVERY PHONE on the carriers registry.

--
Which has more power: the hammer, or the anvil?
1. Re:That's a great plan... by joaommp · 2014-02-24 06:17 · Score: 3, Interesting
  
  It's not like it couldn't be done already, at least up to some point. Don't forget that the baseband chip on the cellphone "blindly" trusts the cells.
  
  --
  Onda Technology Institute
2. Re:That's a great plan... by mark-t · 2014-02-24 06:48 · Score: 4, Insightful
  
  There are, theoretically, quite secure ways of implementing this... although I would not be surprised if nobody bothers.
  One mechanism that most immediately occurs to me would be that a device with a remote-brick feature would have a password, created and assigned by the user of the device, which would not get reset by wiping the firmware or installing a new sim card. To brick a device would require transmitting not only the unique code that physically identifies that particular piece of hardware, but also the password that is supposed to be associated with it. The physical device, if it received an intent-to-brick signal that was actually intended for it, would compare the pasword in the signal to that which was set for the device, and if they matched, the device would be bricked at a level that is irrevocable. The phone could only be used to call 911, and that's it. Legitimately selling a phone would require the user to reset that password to a default state... but doing that, in turn, would require that the old password be entered first.
  
  --
  File under 'M' for 'Manic ranting'
3. Re:That's a great plan... by bobbied · 2014-02-24 07:05 · Score: 4, Informative
  
  ... until someone hacks into a carriers network, and deactivates and wipes EVERY PHONE on the carriers registry.
  Not going to happen for two reasons.
  1. There are multiple HLR's (Home Location Registers) in almost every carrier's network. This is where the subscriber information is kept and they are fully redundant (i.e. have multiple copies in the network). In order to kill everybody in a carrier's network, you are going to have to disrupt multiple HLR's and all of the redundancy built into the network.
  2. The configuration interface of an HLR is very isolated and allowed transactions are limited to a single handset at a time. There is no way to bulk erase the database from the public interface of the HLR, you are going to have to get access INSIDE of the HLR. Trying to disrupt a network one handset at a time will take a LONG time and I'd bet they'd figure out what was happening and shut down the public HLR interface before you get very far.
  But even if you did manage to break into multiple HLR's and their redundant backups and bulk erase their subscriber data, you have the problem of the VLR (Visitor Location Register) which is what the network *actually* uses when dealing with your handset. The local MSC (Mobil Switch Center) which runs the cell your phone is in only consults the HLR when it first sees your handset or you receive a call, loads the data from the HLR into the VLR. MSC's usually cover fairly large geographic areas, so even if the HLR's are trashed, most people's handsets will still work great for making calls. Receiving calls and voice mail might be more of an issue but how do you know you didn't receive a call or a voice mail didn't get collected?
  Then there is the problem with backups. You KNOW that they keep backups of the HLR data. I've seen an HLR that used Oracle as it's back end. They kept *hourly* snapshots to disk and *daily* complete backups. Plus they copied off the transaction logs as soon as they where written by Oracle. If you managed to corrupt their on disk data in the HLR, they could get the HLR restored to within an hour of your attack in less than an hour, then recover the HLR to exactly what it should be by inspecting the transaction logs and just taking out the bogus deletes. It would be a pain, but the bulk of the disruption would be short lived.
  Good luck, you are going to need it.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
4. Re:That's a great plan... by VortexCortex · 2014-02-24 07:39 · Score: 3, Insightful
  
  the immediate response on /. is always "But what about the hackers!" as if there's a group of malicious hackers just waiting for the technology to appear so they could exploit it.
  They're called the NSA, you idiot, and they have a long history of silencing activism.
  This is device kill switch just a more targeted version of the Internet Killswitch. What, you think they aren't planning on needing such device killing tech? Because that's what the Pentagon says.
  This is just the first step. The next step will be to not allow the device to function unless it pings government approved systems and authenticates with your valid citizen ID. They'll turn the blacklist into a whitelist. Black boxes are mandeded into cars already, and Intel has demonstrated their capability for remote wireless PC kill switches too.
  Every time they say: "Trust us, this is good for you", or "It stops Terrorism!" or "It' stops Theft" or "Think of the Children" your red flag should go up. Another red flag? The bill proposed in California would make this Mandatory. That's not Capitalism. We should let the people decide if they want this feature in their hardware. Mandatory is a huge red flag.
5. Re:That's a great plan... by sjames · 2014-02-24 07:41 · Score: 3, Informative
  
  You're looking at the wrong level. The proposal was for software embedded in the phone (not the HLR) so that it would brick if it received the right command. So no need to corrupt the HLR at all, just send the brick yourself command to the phones.
So full of nope: Bruce Schneier on this by Scareduck · 2014-02-24 06:11 · Score: 5, Informative

Right here:

... given what we now know, do we trust that the government wouldn't abuse this system and kill phones for other reasons? Do we trust that media companies won't kill phones it decided were sharing copyrighted materials? Do we trust that phone companies won't kill phones from delinquent customers? What might have been a straightforward security system becomes a dangerous tool of control, when you don't trust those in power.
And this, ultimately, is the problem with those who keep repeating that we should just trust the government. It implies we should also disengage our brains.

--
Dog is my co-pilot.
1. Re: So full of nope: Bruce Schneier on this by AudioEfex · 2014-02-24 07:06 · Score: 3
  
  On the other hand, the constant paranoia makes people sound as if we are living in a society where people just disapear off the streets and no one asks questions because they are afraid they will be next to be abducted and never heard from again. They act like the US is some police state or that we are in constant danger. I don't commit crimes, I don't associate with known criminals, I pay my taxes, and I drive safely. And you know what? The authorities and government leave me alone. Yes, we need to guard our privacy, the NSA thing (while slightly overblown, most people think that they actually have recordings of all the calls as opposed to just records of them because of all the hype), and hold them accountable, but this laughable notion that the "gubment is out to get all of us" just takes away from the real issues and is the same reason those scared folks in the Bible Belt stock up on 100's of weapons for when they "come to get 'em". Folks watch too many movies.
  Could stuff happen? Sure. The sun could also have some heretofore unknown random chemical reaction and explode instantly killing us all. But people act so paranoid that they detract from the actual atrocities that go on - being one of the only first-world countries where getting cancer can make you go bankrupt, that we rank in the double digits for things like education, and the dangers of all the chemicals we ingest, breathe, clean, and live with being absorbed into every pore that we really know nothing about the long term effects of are. But oh yeah, be scared that Obama is gonna send some henchmen to rip you out of your house in the middle of the night and block your phone off and your family will never see or hear from you again. Because that happens every day, right?
Parts by Dan+East · 2014-02-24 06:15 · Score: 4, Interesting

You can still part out a phone and make at least a hundred bucks off it. I'm sure they would continue to be stolen just for that amount of money alone.

--
Better known as 318230.
1. Re:Parts by Joce640k · 2014-02-24 06:49 · Score: 3, Funny
  
  http://www.dilbert.com/fast/20...
  
  --
  No sig today...
Phone not-a-friend plan by Impy+the+Impiuos+Imp · 2014-02-24 06:16 · Score: 4, Insightful

Each stolen phone that they make the victim pay to replace or make them eat the remaining contract with no phone. that gets hooked back up to their network should gain them a fine and jail time for participating in the laundering of stolen goods.
That's exactly what's going on -- they are dragging ass because they profit, knowingly and deliberately, from participating in this cycle. Some interstate criminal conspiracy charges on executives would also be welcome.

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
How are ANY of these people getting involved? by Sloppy · 2014-02-24 06:17 · Score: 4, Interesting

I don't get why I would want my ISP to have a say in whether or not (or how!) I disable my personal computer. But I also don't get why I'd want my government to have a role in that discussion either.

--
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
LoJack, talk about money lobbying by Anonymous Coward · 2014-02-24 06:21 · Score: 4, Informative

I'd say no too if I had to pay all those royalty fees because only one tech was allowed by law.
Just do what Europe has been doing for decades. A shared and standard registry of IMEI and other serial number components of stolen/lost devices.
None of this remote wiping or other stuff. If someone wants that they can buy their own software/mobile solution for it.
Just require the phone to state on its screen: IMEI banned due to reported lost/stolen device. That cuts the resell theft down right there.
Not 100% but a noticeable difference.
+1 from Iran, Venezuela and the Ukraine by PackMan97 · 2014-02-24 06:22 · Score: 3, Insightful

Can't you just imagine this tool when it comes to mass protests? Especially when things turn violent as they have in plenty of countries over the year. The primary way news is getting out is cell phone cameras and videos.
Wouldn't any freedom loving government just die to have access to a kill switch?
Re:Why not just add it Samsung? by JohnFen · 2014-02-24 06:32 · Score: 3, Interesting

There's no need for Samsung to do it -- this capability is already in every Android phone that uses Google Apps. It's enabled by default, although users can disable it. You can even disable the two things independently of each other: phone location and phone wiping.
I, for one, would absolutely object to this capability being included if I didn't know about it or I couldn't disable it. I don't want my carrier -- or anybody else -- to be able to locate my phone and disable it. The inclusion of this ability with no way to turn it off would prevent me from buying the phone.
Re:Well duh? by DarkOx · 2014-02-24 06:33 · Score: 5, Insightful

To use a car analogy, demanding carriers implement a kill switch would be like demanding SUNOCO keep a registry of stolen vehicles and verify license plates at all their filling stations before selling anyone gas. Not that most US cellular operators don't deserve to be spend to 'that special hell', its still not fair to burden them with problems which are not their own.
You are responsible for your own property. If you can't hold on to your phone buy some theft insurance for it. As others have stated there is a huge risk to consumers posed by remote wipe and kill switch technology. What happens when your angry girlfirend falsely reports your phone stolen? What happens if the carrier's network get breached and someone sends the kill commands to all devices. What if its just a leak like Verizon's text portal awhile back and someone just spams the system with tons of false reports?
These guys don't have the track record to properly manage this kind of power. They also don't have any moral obligation to you in the first place.

--
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
People WILL exploit it by sjbe · 2014-02-24 07:16 · Score: 4, Insightful

the immediate response on /. is always "But what about the hackers!" as if there's a group of malicious hackers just waiting for the technology to appear so they could exploit it
That would be because there IS a group of malicious people looking to exploit technology, some of them merely because they can. The topic gets brought up because it usually is insufficiently considered in the beginning. If something can be exploited you can be pretty sure that sooner or later it will be exploited.

. Most systems get hacked because there's some profit to be made out of it or someone is trying to put a message out there.
You think there is no profit to be made in wiping people's cell phones? Ever hear of blackmail? How about terrorism? Think there is no profit to be made in selling technology to mass kill cell phones to terrorist groups who might want to cause problems? There is profit to be made in exploits if you really think about it hard enough.
We don't need new tech, just use what is there by dirk · 2014-02-24 08:00 · Score: 4, Insightful

The ability to disable cell phones is already there and used in most of the rest of the world. All the carriers have to do is to ban the IMEI number of the phone when it is reported stolen and the phone can't be activated on the network. Yes, the phone isn't wiped, but it removes the primary cause of phone theft, which is selling them (since people will not be able to activate and use the stolen phone). This is used to great success almost everywhere except for the US where the carriers refuse to do it. We don't need something new, we just need the carriers to do the same thing carriers all over the world are already doing.
My guess is that carriers don't want to halt phone theft since it is a money boon for them. If someone's phone gets stolen, then they have to buy a new one from the carrier at full price, and the carriers make more money that way. If they start banning IMEI numbers and phone theft goes down, they don't get than extra money in their pocket. All the government has to do is mandate that the carriers not allow stolen phone's IMEI numbers on their network and everything takes care of itself.

--

"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
It works in the rest of the world by houghi · 2014-02-24 08:03 · Score: 3, Informative

These carriers have seen that it reduces theft in the rest of the world. And I mean reduce, not 'completely stop it'.
So these companies know it will work and reduce the demand for phones. So why would they be against it? Oh right, money.

--
Don't fight for your country, if your country does not fight for you.