Slashdot Mirror
Industry-Wide Smartphone "Kill Switch" Closer To Reality
mpicpp (3454017) writes "The 'kill switch,' a system for remotely disabling smartphones and wiping their data, will become standard in 2015, according to a pledge backed by most of the mobile world's major players. Apple, Google, Samsung and Microsoft, along with the five biggest cellular carriers in the United States, are among those that have signed on to a voluntary program announced Tuesday by the industry's largest trade group. All smartphones manufactured for sale in the United States after July 2015 must have the technology, according to the program from CTIA. Advocates say the feature would deter thieves from taking mobile devices by rendering phones useless while allowing people to protect personal information if their phone is lost or stolen. Its proponents include law enforcement officials concerned about the rising problem of smartphone theft."
Now they won't need to backdoor devices when they want to erase evidence.
...This is really the time to put even more big brother into our devices. So, how is that open source baseband development going?
They cant realistically kill the line ( "you cant stop the signal" ), but if you disable every access device known to man it would have the same effect... Killing every phone ( and soon tablets ) in one swoop would go a long way towards that goal.
This also gets around adhoc and private mesh networks that the feds have no real access to control.
---- Booth was a patriot ----
If all phones have to have a remote kill switch, then anyone with sufficient power and motive can flip the switch on a phone they don't own, or all the phones belonging to a group they don't like...
Smartphones already have a fucking kill switch - it's up to the networks to provide service. If the networks wanted (or a law required them), they could make it so phones are disabled immediately at the request of the user who OWNS the phone.
The only point to making this a law (and industry standard) is to be able to quell widespread protest.
--- We need more Ron Paul!
Why are you foisting this on us if we don't want it?!?!
One step closer to reality.
This whole idea is unnecessary if the wireless carriers would just set up a database of stolen IMEI information. And while ESNs can be wiped, if a questionable ESN is discovered, like all zeros you can block the phone from being provisioned. If you did that stolen cell phones would be worth zero and we wouldn't have to introduce another tool that can be used by governments to lock us out of communicating. With mobile traffic increasing faster than any other sector on the Internet, this gives the governments of the world an effective Internet Kill Switch.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
...I'd love a Smartphone kill switch, oh sweet...the revenge!
What this world is coming to - is for you and me to decide.
If it lets me kill the phone if the wanker in front of me driving at 20mph, I'll be happy.
Whatever they do, I hope they make the disablement reversible, for those who think they've had their phone stolen, only to find that it was just misplaced - or if the phone is later recovered from the thief.
Deal with reality - the world as it is - rather than ideality - the world as you would like it to be.
Because right after big pharma and gov, marketing needs to diaf.
Will the companies start killing phones if there is an overdue or disputed bill? If you unlock or jailbreak a phone? If this bill is passed without really strong consumer protections built in, it could be a disaster.
If someone steals my phone, I am fairly certain they will not be able to access the data (encrypted, PIN, etc). However, they can easily flash it, install the rom of their choice and sell it. So my main concern regarding theft is that the hardware is worth several hundred $. When will there be some form of access control for recovery mode?
What would the govt of some place like Egypt have given for a phone kill switch?
Real programmers use "copy con program.exe"
Just because no carrier will provide a cellular signal to a smartphone doesn't mean it's useless on the black market. Is it really that hard for a thief to fence an iPhone as if it were an iPod touch?
"and wiping their data"... Yes, I can understand why police would want the ability to remotely wipe the data - data would include all those "awkward" videos of police that keep getting on youtube. Back to the pre-Rodney King days where it was just the upstanding policeman's word against the nefarious 'criminal' trying to slander him.
We can't have the citizens able to record the police now, can we?
besides, the police can monitor themselves
http://yro.slashdot.org/story/14/04/09/1545251/la-police-officers-suspected-of-tampering-with-their-monitoring-systems
Or, authoritarian governments who don't like protesters organizing trigger the kill switch in a town where an ongoing protest is occurring anyone unlucky enough to be around when it happens no longer has a smartphone and cannot tweet/facebook/etc any longer. Alternatively, that same government triggers the kill switch and it accidentally gets routed to the u.s. and an entire state or states also gets disabled. We saw something similar happen recently when Venezuela was hijacking DNS to bring down sites they didn't like but they had intended only to do it locally but it triggered in the u.s. and elsewhere as well.
In addition, it might be used by an enemy state, e.g. usa v.s. russia before an attack to wipe out the enemy's communications and trigger chaos and social unrest during an invasion or ballistic attack.
Basically, this needs to be given a lot more thought.
Idle speculation, but if people can exploit the *entire* Target POS system across the nation, it doesn't seem farfetched to imagine it would be possible to engage a carrier-wide (or multi-carrier) attack to wipe/deactivate countless phones at once via kill-switch.
Of course, if we are imagining a breach of the carrier, then an attack could cause a wide scale DoS even today. A mass kill-switching would just make it harder to restore service once the breach had been terminated.
If it lets me kill the phone if the wanker in front of me driving at 20mph, I'll be happy.
Unless the guy behind you has one too and thinks it's your fault..
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
When someone else controls your stuff, it's not your stuff. Look at Germany's gold! Where is it? It's in the US. They want it back, it's supposed to be on its way over... slowly. Net result, it's not Germany's gold. And if this tech makes it into our phones? Yeah, same thing. We "give up" our phones in order to prevent them from being stolen. Nice trade.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
If the government or the phone company has it, then it is not okay.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Or, authoritarian governments who don't like protesters organizing trigger the kill switch in a town where an ongoing protest is occurring anyone unlucky enough to be around when it happens no longer has a smartphone and cannot tweet/facebook/etc any longer.
Some protesters could have older phones without the kill switch. So, the more appropriate method is to ask (nicely, or send some guys with guns) the cell service providers to shut down all towers in the required area. This method works on all phones.
Cellphones are short range devices - if the government wants to, it can shut all of them down. Same with the internet.
What you need is a satellite phone and ham radio if you want to evade the government's attempts to silence you, for a while anyway.
from tfa.. emphasis mine.
so.. the data is either just encrypted or obfuscated on the device (in other words, not really 'wiped' as promised), or (the scary and very real possibility) is wiped from the deivce but only after being uploaded to "somewhere" for possible retrieval by the verified owner (and whoever else has or hacks access to it).
glad we got dumb phones, nobody wants those.
Did you really think Big Brother was going to tolerate Little Brother and his embarrassing cell phone videos? Forever? And of course it's because of theft. Right.
From my interpretation of what's actually in the CITA program, this is no different than what's currently available in Apple's Find My iPhone capability. Allow the user to remotely lock (i.e. set a PIN) or wipe a device, and remove the pin and/or /restore the device if it's recovered.
It seems to me that all the armchair conspiracy theorists here are over-reacting.
when the cops start shooting.
So, someone, other than the owner, will be able to remotely disable and wipe a smartphone? Yeah, that can't possibly go wrong.
Smartphones, Really? They would have to kill the providers, and they make cell phone modules that a gerbil could interface to... or just tether a burner phone via USB to your actual Smart device and back up to that.
Do politicians care about your phone being stolen, probably not. Would they like the ability to selectively destroy video of an abuse committed by the state, or
the ability of protesters to organize? Probably yes.
This kill switch is at *my* discretion, and nobody else's (not phone carrier, manufacturer, nor government) then I won't have any issue with it.
I believe this is merely a show piece for consumer consumption. There may be some beneficial side-effects (such as forcing cellular providers to be more responsive to consumer complaints about stolen devices), but beyond that I just don't see anything changing here - except the addition of some amount of government oversight (I hope).
This is an attempt by the mobile phone industry (carriers and manufacturers) to enact voluntary guidelines for disabling phones. What's not mentioned is that huge underground industry for stolen phones benefits the carriers and manufacturers. They sell more phones and more plans. This voluntary kill switch agreement is worthless. You can blacklist phones by IMEI but what's to stop someone from changing the IMEI? You can go out and download free software to change the IMEI of a phone [ https://www.youtube.com/watch?v=GsguWeB_fVo ]. What the carriers don't want to do which would be the most effective solution is to hard code the IMEI so that it can't be altered. Any voluntary agreement that will enable the stolen phone industry to continue operating is pure industry self interest and a veiled attempt at avoiding real government regulation that will cost them money.
And dangerous. Just make IMEI be on read-only memory so that it is not over-written, and then, instead of rejecting stolen phones you can even pinpoint them and send a cop to pick them up along with the thief... All the technology is already there, the only problem is that there are no rules that make carriers tell you (or even the police) where your stolen phone is and who has it (in many countries SIM cards are not anonymous by law).
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
If it lets me kill the phone if the wanker in front of me driving at 20mph, I'll be happy.
Or maybe he kills the phone of the wanker tailgating him...
Yeah, Maybe let's not go down this road, so to speak.
You post that, like it's a bad thing.
Frankly, if someone was able to switch off a significant number of devices, say 100,000, I'd be glad. It'd prove this type of implementation, and the gatekeepers for it, are just as consistent with lack security, as they are with ipad owner phone numbers and email addresses. I.e, they'll blame the 'bad guy' rather than secure the gates.
Now, switch off say, 10,000,000 mobile devices? Perhaps they would take this 'feature', as a bad idea.
Damm right. Cops beat a pregnant woman in the street and shoot her 6 year old son. Blood splatters everywhere, woman is screaming while cop is on top of her and choking her to death. Civilians are filming the important police work with their cell phones. Officer X picks up his radio and calls in 'Dispatch, need a 10-09'. A few seconds later the dispatcher comes back with '10-09 is confirmed'.
All the dispatcher did was click on the current incident tab on her screen and then on the 10-09 button, but under the hood the backend application sent a command to a hub that connects all cell networks. That command included the officer's exact location. Each cell network in turn received the request and then proceeded to determine what phones were within a 300ft radius of the officer's location 10 minutes before and 10 minutes after the timestamp in the request. The software doing that queued purge requests to a message queue with an application on the other end that communicates with the individual device agents on the cell phone. The device agents received the purge command and the mobile phones locked up for about a minute while the purge was underway. Those that were smart enough to turn off their phones were surprised when their phones were wiped the next day when the application again picked their purge-request off the message queue and passed it on to the device agent.
While all this was underway, also another application running in a data center somewhere in Utah received the same information and increased individual security risk scores on all individuals involved.
The woman ended up giving birth in prison, charged with assaulting police officers with deadly intent and a slew of other charges. Her child will grow up in a foster home. The people who were bystanders had their phones wiped and no further action was taken against them.
All except for one person who had been protesting police brutality for a number of years. He was on a watch list. When the police department automatically received an NCIC message from that data center in Utah advising them of his presence at the scene they knocked one evening at his door. He didn't open, so they kicked in the door and shot him in the face.
Well, they at least were the first popular phone manufacturer that had this baked right into the handsets, Been in the phones for years, perhaps a decade.
Surprised to see the others still playing catchup to this feature.
So, the more appropriate method is to ask (nicely, or send some guys with guns) the cell service providers to shut down all towers in the required area.
They are not going to do that because a cell tower covers a lot more area than any protest.
Consider the protest in Nevada recently over the Bundy Ranch cattle being taken by armed federal agents. If you shut down cell access for that group, you are shutting down cell access for a potentially very large area of I-15. That's just not going to happen.
The reason why the kill switch would be used is that it cuts off video/image feeds from newer devices, the older phones that still might work would not be as much of a concern. As long as the government can prevent video and images escaping real time they have a lot more latitude in dealing with civilians.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
This is how liberty dies ... with thunderous applause.
This will be abused. This will be used to shut down protests and stifle dissent. This will get hacked.
There's no way this toy ends up in the hands of anybody without eventually becoming a Really Bad Thing.
Lost at C:>. Found at C.
Each cell network in turn received the request and then proceeded to determine what phones were within a 300ft radius of the officer's location 10 minutes before and 10 minutes after the timestamp in the request.
Yeah, that will work great the first time someone with money or influence happens to have been driving through or near by such an area. Even some really crappy areas in some cities are close enough to places of business that doing that would piss off the wrong people. Not to mention not actually deleting recordings of events by people who save their video and images directly to a web service, because they were afraid a cop might walk up to them and take their phone or ask to watch them delete the file.
I thought this was something we could use to exterminate all those smug bastards yakking on phones while driving or in line at Starbucks.
Have gnu, will travel.
I've been able to nuke from orbit every smartphone and laptop I've ever owned. Its only become easier with greater mobile network availability, longer battery life, multiple radios etc. Not having this has always been a choice so don't blame it on the lack of a law requiring it. Mandating it and giving the keys to another entity does nothing but open you up to risk of abuse. Period.
Any way to disable that feature? I am not to worried about phone theft myself mostly because I get the cheaper smart phones and not an iPhone or other really popular models. So how would I disable having my phone disabled remote because I just don't want that crap on my device.
... if and only if it involves me having the option to generate a public-private key pair when I get the phone, putting the public key on the phone, and telling it "melt yourself if someone gives you the private key". Then I can guard that private key however I like -- I can give it to the police, to the cellphone company, or to nobody.
I am fine if *I* have a killswitch. I'll be damned if I'm going to give someone else one.
Now the parties can call for bricking of unwanted competition phones - or let hackers do the deed.
One week all Samsung phones in service are bricked, the next all Apple phones, the loop will continue until only old Nokia 3310 phones are left.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Not seeing the issue. It very specifically says that the *user* can remotely kill the device, not law enforcement. This feature is already present on iPhones as a personal security feature.
I only read here about possible abuses of the government of this system. But what out the following scenario: I get arrested and the cops seize my phone. Some buddy non the lookout sees this and bricks/formats my phone so the cops don't get to see my contact list and textsecure messages. Wouldn't the government demand an undo option for themselves? Of course they'll sell it as "you got your phone back and want to use it again".
Camera 360 là phn mm chp và chnh sa nh hot nht hin nay trên in thoi di ng. Camera 360 ngày càng thu hút nhiu ngi s dng, nó c chng minh khi nhìn vào mng xã hi khng facebook, bn s thy hu ht các bc nh c ng lên u qua phn mm camera 360 chnh sa. Vy ti sao mà phn mm camera 360 li c yêu thích n vy ch? Cùng tìm hiu nhé! tai camera 360
Cool story bro. Yeah, they block them. But that does nothing, because thieves change the IMEI numbers. So yeah. Cool story.
From CTIA's site, it appears to be an addon software tool, NOT part of the O/S or hardware:
Each device manufacturer and operating system signatory of Part I of this "Smartphone Anti-Theft Voluntary Commitment" agrees that new models of smartphones first manufactured after July 2015 for retail sale in the United States will offer, at no cost to consumers, a baseline anti-theft tool that is preloaded or downloadable on wireless smartphones that provides the connected capability to:
Remote wipe the authorized user's data (i.e., erase personal info that is added after purchase such as contacts, photos, emails, etc.) that is on the smartphone in the event it is lost or stolen.
Render the smartphone inoperable to an unauthorized user (e.g., locking the smartphone so it cannot be used without a password or PIN), except in accordance with FCC rules for 911 emergency communications, and if available, emergency numbers programmed by the authorized user (e.g., "phone home").
Prevent reactivation without authorized user's permission (including unauthorized factory reset attempts) to the extent technologically feasible (e.g., locking the smartphone as in 2 above).
Reverse the inoperability if the smartphone is recovered by the authorized user and restore user data on the smartphone to the extent feasible (e.g., restored from the cloud).
In addition to this baseline anti-theft tool, consumers may use other technological solutions, if available for their smartphones.
Source: http://www.ctia.org/policy-ini...
Some protesters could have older phones without the kill switch. [...]
What you need is a satellite phone and ham radio if you want to evade the government's attempts to silence you, for a while anyway.
Making illegal the phones without the kill switch will be the norm. The second option is the more feasible.
Once again the nanny state rises to save the day! God forbid people take responsibility for their own property. Leave your phone in the bar (or anywhere else)? Is this some how different than leaving your wallet? purse? camera? laptop? Is it different than a purse snatching? Someone grabbing your tote bage or backpack with your laptop in it?
What this really is about is governement asserting more authority over your possessions and your life. And if you are so naive as to think the government will not use this to their advantage I guess you are all ok with RICO too.
If there is some segment of the market for phones that really, really wants this, it will be served. Without government involvement and without forcing it upon everyone.
I'm pretty scared that this post is actually more right than it is crazy. There was a time when things like this could be decried as the rantings of a loon, but more of this post is solid, actually realistic than otherwise. It's a sad day that a country that used to be the standard bearer for truth and justice has fallen so far.
Mesh networks still work with the towers shut down. The towers being shut down just prevents the kill switch from working. You need to kill the phones then shut down the networks.
You can't run, Denton. Even if you escape, your killswitch is counting down. You'll be dead in twenty-three hours. Another fifty billion dollars down the drain.
Verizon/ATT kill switch in retribution for their information highway robbery.
I only have one thing to say to the fuckfaces that did this: FUCK YOU!
You have not made me more safe and you have given another person a way to render my phone useless. Again, FUCK YOU! I am NOT you fucking slave and I WILL chop off your fucking heads you bitches.
"Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen