Slashdot Mirror
Ask Slashdot: How Can I Prepare For the Theft of My Android Phone?
New submitter Adam Jorgensen writes "Last week my 4-week old Moto G phone was stolen while getting onto the train at Salt River in Cape Town, South Africa. That in itself is no big deal. Cellphone theft is a huge problem here in South Africa and I've had at least two previous cellphones stolen. The big deal this time, for me at least, was that this was the first time I've lost an Android phone to theft. When I actually sat down and thought about it, losing a fully configured Android phone is actually a big deal as it provides ready access to all kinds of accounts, including ones Google account. This could potentially allow the thief to engage in all kinds of malicious behavior, some of which could have major implications beyond the scope of the theft.
Luckily for me it seems that the thief did the usual thing: Dumped the SIM card, wiped the phone, and switched it off. It's probably had its IMEI changed by now and been sold on to some oblivious punter, possibly some oblivious punter in another country. Still, the potential for serious issue is making me have second thoughts about replacing the phone with anything capable of doing much more than calling. My question is this: Are there any serious solutions out there for Android that secure against theft?"
Luckily for me it seems that the thief did the usual thing: Dumped the SIM card, wiped the phone, and switched it off. It's probably had its IMEI changed by now and been sold on to some oblivious punter, possibly some oblivious punter in another country. Still, the potential for serious issue is making me have second thoughts about replacing the phone with anything capable of doing much more than calling. My question is this: Are there any serious solutions out there for Android that secure against theft?"
He continues:
By serious I mean solutions that go beyond the laughably easy to defeat 'Find My Phone' and 'Remote Wipe' options provided at present. Presently I'm thinking along the lines of:
- Full encryption of phone contents
- Some kind of 'Travel Safe' mode that would lock the phone down and trigger a full wipe of not unlocked correctly (Including wiping the phone on next boot if not unlocked before being switched off/running out of battery).
So, any ideas?"
Encrypt the phone, and set a numeric PIN of 6 or more.
Done and done.
Citation needed for the "laughably easy to defeat 'Find My Phone' and 'Remote Wipe' options". How are these laughably easy to defeat? Do tell. Also iphones have a kill switch installed, so they can't be wiped and reused. Compare this to your android solution of asking slashdot. I await more information.
I use Cerberus. It's available on the store: https://play.google.com/store/... Though if you download it direct from their website then you can flash it straight into the ROM, meaning that even if someone does a factory wipe on your phone it will still be installed and you can remote into it: https://www.cerberusapp.com/do... With it installed, you register your phone on the website, then sign into your account on the phone. From there you can carry out all sorts of commands, including GPS tracking, location history, call and SMS logs. You can even call or message the phone, get it to display messages, record audio, video, take pictures, all sorts. And finally you can wipe the SD card, wipe the phone, or reboot it. I don't remember how much it cost, but it was only a couple of pounds. I've never had my phone stolen yet, but I occasionally log into the site to check that everything is working and it always does what I want it to, so I've had no complaints with it.
http://www.xtrasec.com/feature...
Save us both some time, and just send it to me...
"Flyin' in just a sweet place,
Never been known to fail..."
Don't store important shit on your phone.
When your shit gets stolen, just change the passwords to any accounts it was authorized to.
Don't be one of those idiots who uses 2-factor authentication with one of those RSA hash clock apps on their phone. You'll just end up locking yourself out of shit when you lose your phone.
Encrypting your phone does nothing because you decrypt it every time you power it on, and you always have your phone on, don't you?
Passwords / locks will stop casual thieves from getting in, but they don't want in - they just want to sell the phone.
Passwords / locks will NOT stop thieves who want your information. If your info is worth enough to be targeted it's worth enough for a 0-day bounty. (And with Android you don't even need that - it's likely to be a 6+ month old bug that your manufacturer / carrier never patched / pushed out the patch for).
You may as well ask how to make sure your car can't be stolen. Can't win, don't try. Just minimize the impact.
What are you doing with your phone that makes it possible that you've had 3 stolen from you? Are these thefts physically violent? I just can't imagine, for myself, that it would be super-easy to get my phone from inside my pocket or out of my hand without violence.
I think I'll stop here.
Simple answer: Treat your phone/tablet as only slightly more trusted than logged in from a semi-public PC, such as at a library.
I pretty much only log in to anything from my Android tablet via a browser in private browsing mode / incognito. I can then do everything through the browser that TFS' author presumably uses pre-logged-in native apps to do. Email, IM, cloud storage... I use them all, I just don't have my device set up to one-click root-my-life.
I don't even bother with a password on the thing - It wastes more of my time than that of a potential thief. If someone nabs it, hey, they get a few gigs of music (that I have backups of) and a $50 (replacement value - they don't tend to age well) tablet. Woo-hoo.
You can use an alphanumeric password on iOS. You do t have to use a 4-digit pin.
SJWs are the new boogeyman. -Me
Buy a .44 Magnum. That way you can prevent your phone from being stolen in the first place, and not look like a complete fool.
But then someone steals your .44 Magnum
Unfortunate when the thieves cut your hand off to get the phone though.
sPh
They could always cut your hand off anyway.
I couldn't believe, when I left New York to go to college, how many people stored things in their back pockets. I used to tell them all the same little rhyme --
Yeah, ever since I started traveling for business on public transport, I no longer keep a wallet in my back pocket. Instead it goes in a front pocket, which is more difficult to pick pocket. Works well with jeans. This doesn't do so well if you are wearing dress slacks with loose pockets, so you'll have to resort to other means like the various types of hidden / zippered pockets.
It's just too easy to have your back pocket searched when riding public transportation. And inside coat pockets aren't much better unless they have a button or zipper.
Backpacks aren't safe either, a good thief can unzip it and look inside without being noticed. I prefer a messenger type bag with a cover that folds over the top and is latched down by snap-buckles combined with velcro. Harder to open quietly and I always have an arm wrapped around it anyway.
Wolde you bothe eate your cake, and have your cake?
There's a few simple steps to follow to prevent phone theft in the first place:
Step 1: Wear gloves at all times
Step 2: Put a non-conductive silicon case on your phone
Step 3: Slip phone into pocket
Step 4: Charge up a 400V 10uF capacitor and slip it into your pocket, leads up (now you see the need for gloves).
Then you play a simple game.
1 point for a loud scream on public transit.
10 points for a loud scream followed by self injury while attempting to run away.
100 points if the thief had a pre-existing heart condition.
1000 points for a girl in the vicinity mistaking the agony with simple surprise of your well equipped package and offering to "take you now" right there on the train.
Enable the "Wipe after X failures."
I presume you don't have kids :-)
Or you teach them that certain things are not toys. Why, maybe you even keep those things out of the kid's reach! Wow! Y'know, like every real parent has done throughout the ages. Knives, matches, car keys, stoves, cleaning chemicals, really there are things much worse than cellphones out there.
Confirmed. He's never had kids.
When our name is on the back of your car, we're behind you all the way!
Did you ever think that some of the Ask Slashdot topics exist to provoke discussion rather than to seek knowledge? Take this one for example. How many folks here have never thought about anti-theft software until now? I'm sure I'm not the only one.
When our name is on the back of your car, we're behind you all the way!
Set your background to a really attractive but clothed female to make them think that's the owner of the phone. Then put an app on your phone(displayed in a prominent place) that says "my hot nude pics" that when launched, wipes your phone. Done!
Monstar L
Instead of cursing the darkness, why not light a candle?
http://soylentnews.org/
You are welcome on my lawn.
Did you ever think that some of the Ask Slashdot topics exist to provoke discussion rather than to seek knowledge?
If you depend on media corporations to prompt you to take care of basic things in life, you really do have a severe problem with the way you live.
So... that's a "no" then.
When our name is on the back of your car, we're behind you all the way!
First, try not to get too attached to your Android. This can not be stressed enough as it is the absolute most important out of all the steps. Getting attached may feel right at first, but will make separation far more painful for all parties involved later. Despite how you feel about your Android now, the truth is it's highly unlikely you will never get an upgrade.
Secondly, set a lock screen message addressing the new owner of your phone. Try not to make it too bitter sounding, or you will never see your Android again. Leaving your name and address, and times that you are typically at home is not recommended. Instead use something along the lines of, "Please take good care of my Android." Wishing the thief and your ex Android both happiness is a good idea, but you will have to see that message periodically which could lead to separation anxiety or a self fulfilling over the air update.
Third, try to be sensitive to clues that your Android may be about to go missing. If your Android is acting up, freezes giving you the cold shoulder after receiving certain gestures, refuses to listen when you speak to it, suggests things in a mocking way, interrupts you while talking to someone you spend (too much) time with, or just can't make it through the day without a little "boost", these are signs that your relationship with your Android may soon be Terminated.
Additionally, try your best to be a good person. Be aware that your Android is aware of almost everything you do down to the slightest touch or subtle tilt of your head. Thus, mistrust between you and your Android is a sure-fire recipe for disaster. Your android can hear those things you whisper under your breath after ending a call -- it senses how you act towards others you have contacts with. Performing acts of kindness towards others will reduce the chances that your Android will inexplicably leave your company, and can increase the chances of reuniting with your Android after an affair with a thief. If you are reunited after a separation, it will be up to you to decide if you can ever really trust your Android again; Unfortunately, one must beware of viruses...
Finally, if things do not work out with your Android, do not despair. New models with more desirable features and stronger vibration functions will be available soon. Never damage your Android on purpose as this can lead to an immediate break-up, and may cause you harm as well. If you voluntarily end a relationship with an Android, return it to an authorized recycling centre so that it may be refurbished. Remember, if an Android doesn't bring you happiness, it may have been meant for someone else in the first place.
That doesn't tend to be the typical use case of cell phone theft at all. The vast majority of cell phone thefts are crimes of opportunity.
File under 'M' for 'Manic ranting'
Instead of cursing the darkness, why not light a candle?
http://soylentnews.org/
Because every time I go to that site, I find it as frustrating to use as beta. Why do truncated comments have to load a new page?
/. classic the first time I encountered beta.
Also I haven't been forced onto beta since I opted for
Soylent news will have to improve to get readership.
Calling someone a "hater" only means you can not rationally rebut their argument.
I always carried my wallet in my front pockets, even when studying. My father usually carries only a small wallet with his train ticket for the month in his coat, and the proper wallet hidden out of sight. As a true anecdotal story, once a thief sat besides him pretending to read a newspaper (known mode of work), and left after a short while. My father left without noticing anything. Next day he tried to board the train, there was no photo in the train ticket. The thief took the wallet, got mad it was a decoy, took out the photo as a "lesson", and put it in place without my father noticing anything.
I thought IMEI could not be changed. Is it possible here because on a smartphone everything is software defined?
You can generally do this, if you are super technically inclined, and have the right tools for the phone in question. In almost every case, you have to defeat the security on the baseband firmware, because it's embedded as part of the firmware in what's called a "seczone" (contains security data for the phone, which is cryptographically signed, including the carrier lock and IMEI).
Most of the work required to rewrite the IMEI is not actually done by people attempting to be able to rewrite the IMEI; instead, the purpose is to be able to rewrite the carrier lock which happens to be in the same area, so if you have the source code for the tools, or know how to use IDA Pro and read and modify assembly language, you can convert the tool.
This is basically true of almost every Samsung baseband chip firmware, since it has a buffer overflow attack that works against the cryptographic signature check, and then - game over. This is how the Sony, Samsung, and original iPhones carrier lock was busted. For other phones, you can buffer overflow the firmware by using a specially designed chip that pretends it's a SIM chip, and buffer overflows the baseband from the other side of things, rather than from application space. It's probably worth my while to not go into too much detail here.
A non-stupid company that wanted to disincentivize that level of hacking on the baseband - said hacking also being an effective means of modifying the radio tables for the SDR (Software Defined Radio) - would put the carrier lock up in application space, rather than putting it in the baseband firmware in the first place. Most companies, Apple included, have been pretty stupid about their carrier lock implementations, though.
So yeah, the tools exist, mostly because of carrier lock, and the implementation details for the carrier lock being in a stupid location that makes the IMEI rewrite an easy opportunistic target.
[Citation needed]
I love all these replies placing the onus of the of blame on me and calling me dumb for having my phone stolen...
As fun as it is for you to call me dumb and a moron for having been robbed, it's not really helpful either.
And for the folks saying that I must be "doing something wrong" to have 3 phones stolen in the last 12 years:
My last phone theft happening when the train I was on was robbed by a gang of men moving from carriage to carriage threatening people at knife point. Please illustrate to me what I could have "done right" in that scenario...