Why don’t we have kill switches in smartphones?

by: Simon HillMarch 4, 2014

emergency kill switch

Credit: dumbledad

Smartphones pack an impressive range of functionality into a pocket-sized package. They are highly desirable items, they have a high resale value, and we visibly carry them around with us. That’s why smartphone theft has reached frightening proportions. This isn’t a new problem, though the scale of it has been growing, but a major proposal designed to tackle it head on is beginning to build up steam.

Kill switches for smartphones may be closer than you think. The basic idea is that a stolen smartphone could be irreversibly bricked from afar, effectively rendering it pointless to steal in the first place. California Senate Bill 962 will require every smartphone sold or shipped in California to have a kill switch installed by 2015, if it gets passed. Hot on the heels of that comes news of The Smartphone Theft Prevention Act, supported by four U.S. Senators, and designed to roll out similar requirements for a kill switch nationally.

You may well wonder why we don’t have kill switches in smartphones already, but when we start getting into it, you’ll realize that it’s far from clear cut.

There’s definitely a problem

What we can all agree on is that there is a serious problem with smartphone theft. An FCC report from almost two years ago suggested that 30 to 40% of all robberies in major cities involved cell phone theft. Consumer Reports suggested that there were 1.6 million victims of smartphone theft in the U.S. in 2012.

There’s every indication that this problem is growing. This Huffington Post piece cites police figures showing significant increases in thefts of smartphones and tablets in major cities like San Francisco and New York over the last year. Both the proposed bills suggest an annual cost of $30 billion for victims of mobile device theft.

The fact that these thefts are potentially violent personal robberies that take place on the streets makes them more worrying. You wouldn’t walk round the city center waving $600 in the air, but we all use our smartphones or tablets without thinking. It would obviously be good if we could deter criminals from stealing them.


Smartphone theft is a permanent and pervasive problem.


Why existing solutions don’t work

There have been various attempts at tackling smartphone theft, but none of them is perfect. The functionality is often flawed, it’s easy to bypass for experienced thieves, and the alliance necessary to enforce policies usefully is lacking.

IMEI numbers

Cell phones are all supposed to have unique IMEI (International Mobile Station Equipment Identity) numbers. The idea is that stolen cell phones are reported to carriers and they can then block the IMEI number from connecting to their network. This system relies on a blacklist and willingness for carriers to share that blacklist, which has been slow to come. It is a criminal offence in many countries to change the IMEI number, but it is possible and people do it all the time. It doesn’t seem to be strictly speaking illegal in the States right now.

Whether this system really reduces cell phone theft is debatable. It can help users who report stolen phones to recover them in some instances, but even if the IMEI is blocked on one network it can often be used on another, sold abroad, or unlocked with certain restrictions.

In the age of smartphones, it’s also worth considering that blocking network access hardly renders something like a Galaxy S4 useless. You still have a host of functionality to enjoy and you could use popular VoIP apps for calls and messaging.

Android Device Manager screenshot

Apps like Android Device Manager help, but they are far from a cure for the problem.

Anti-theft apps and solutions

Whether developed by third parties or pushed out by Google, like Android Device Manager, or Apple, like Find My iPhone and Activation Lock, these solutions rely on a lot of additional factors. If the user doesn’t combine them with PIN or other phone locking security measures then they’re virtually useless. Even if they do, the first thing that most thieves will do on stealing a smartphone is put it in airplane mode, so that it can’t be remotely wiped or located.

Often criminals can find ways to root or jailbreak, and wipe the devices. There are various methods of cracking lock screens and even things like TouchID can be spoofed if you know what you’re doing. Access to email can then enable them to hijack an Apple ID and get a reset before the remote wipe command is received.

Most third-party anti-theft apps offer less security than this. The longer it takes you to notice that it’s gone and act, the greater the chance that your phone has already been wiped. In short, unless the thief is an idiot, there’s very little chance that a third-party anti-theft app is going to recover it for you. Of course, many thieves are idiots, and all these security measures are better than nothing, they definitely make it harder for the criminals and that’s a good thing. But you just can’t rely on them 100%.

Blocking kill switches

Carriers are obviously focused on making profits and they make a lot of money from smartphone insurance policies and replacement handsets. That could be behind their apparent lack of urgency in tackling smartphone theft. The California bill points out that the four largest carriers made around $7.8 billion in 2013 from theft and loss insurance products. A kill switch plan, or even proper enforcement of IMEI blocking, could reduce their potential profits, so what’s in it for them?

The CTIA, The Wireless Association, is also opposed; it even published a paper entitled Why a “Kill Switch” Isn’t the Answer, which is largely focused on the idea of misuse. The concern is that details of how to kill smartphones would leak into the wrong hands. They also highlight the fact that it would be useless if it was reversible and that would inevitably mean some consumers discovering their bricked device at a later date and being unable to do anything about it.

There are different conceptions of what “kill switch” means

The California bill appears to be more detailed and far-reaching than the federal proposal, as published by the Washington Post. Both make it clear the decision about killing a smartphone will rest with the owner. However, the federal bill talks about the ability to remotely wipe data and to render the device unusable on networks. It includes a waiver for “low-cost, voice-only mobile devices” and doesn’t mention other functionality.

The California bill goes further, stipulating that “Essential features” such as “the ability to use the device for voice communications and the ability to connect to the Internet, including the ability to access and use mobile software applications commonly known as apps” be rendered inoperable.

It’s also worth pointing out that The Smartphone Theft Prevention Act is talking about a solution that will be reversible if the phone is recovered.

samsung galaxy s5 smartphones color options 9

The demand for smartphones, and the motivation for thieves to steal them, shows no signs of dwindling.

Conspiracy theories

If we were to cast a cynical eye over the proposals we could point out a couple of potential concerns.

One obvious area where problems are going to crop up is the legitimate second-hand market. What’s to stop someone from selling their smartphone and then reporting it stolen to claim insurance? Imagine you bought a smartphone and the IMEI was blocked, or worse the phone was remotely bricked? What legal recourse would you have? The same security that prevents thieves from removing the option for the owner to remotely wipe or lock the device causes serious problems for anyone buying second-hand. Killing the second-hand market would definitely benefit manufacturers.

You know who else would love to have a tracking system and kill switch option that couldn’t be turned off built into every device? The government could definitely potentially abuse a system like this, but then so could a capable criminal gang. Are the people pushing the legislation genuinely doing it out of concern for consumers?

NSA Building

Some fear that the NSA and other government entities could use kill switch infrastructure for monitoring purposes.

Would kill switches work anyway?

It would definitely be good if we could find a way to deter mobile device theft, but are kill switches the right answer? Are they really going to stop violent crime and smartphone theft?

For this to truly work as a deterrent it has to be ubiquitous. The kill switch must work across the board on every device, and it must be resistant to resets and wipes that thieves can perform. If it’s not going to be irreversible, then it had better require a method that thieves can’t emulate. It also has to be a decision that only the owner can make, not carriers, manufacturers, governments, or law enforcement. Even taking all of that into consideration, if you don’t block more than just cell service and data network connections the device will still have resale value. Even if you brick it entirely and irreversibly thieves could sell it for parts.

Will this really deter thieves? Despite the flaws and concerns, do you think it’s a step in the right direction? Sound off in the comments and let us know what you think.

  • RarestName

    iOS activation lock?

  • Pantech, a South Korean mobile manufacturer, has become the first to introduce this feature in to mobile phones. Through which we can privately secure messages and photos. Mobile manufacturing companies like Samsung and LG are exploring the option of installing a killer switch in their handsets (Smartphones and Tablets) to make them non operable if stolen.

  • Blue

    As long as I’m the one who held the kill switch for my phone, then I don’t mind.
    I don’t like the notion of other 3rd party also have ability to remote kill my phone.

  • MasterMuffin

    My inner conspiracy theorist doesn’t like this. I hope there will an option to not have the switch if this ever comes to Europe

  • Groud Frank

    Have every phone built with a small dirty bomb inside that can be remotely triggered. No one is going to steal a pocket Chernobyl :P

    • Winston Purnomo

      Yeah, then someone hacks the network and triggers the bomb in a plane or your pocket.

      • MrMLK

        Good job, Winston. You really showed Groud why his joke idea wouldn’t be practical in real life.

    • Jason Yuen

      Shall we extract water from inside Fukushima and inject it directly into our testicles as well?

      • Groud Frank

        It’s a joke bro, chill :D

        • Jason Yuen

          So was my comment lol

          • Mohammd Ashraf

            What was he thinking when he told you to chill o_O

      • Jayfeather787

        Laughing so hard from that comment. The funny thing is, is that that is actually possible because the pocket is located very close to the the testicles. That would prevent me from stealing a phone.

    • Craig Trunzo

      They did this on Arrow this week. Apparently, hackers can make any and all electronic devices (computer and cell phones at least) instantly detonate in massive explosions.

      • Ty McNulty

        however, things can be overclocked so that they overheat and a minor boom could happen, tricky, not a huge explosion and improbable but possible none the less

    • How_delightful

      When I suggested undercover police carry wallets that explode when a pickpocket thieves them, they incarcerated me in a mental institution in the UK. That was 20+ years ago. Even though at the time in South Africa some case were fitted with flamethrowers to stop nasty brown carjackers.

  • Brendon Brown

    Kill switches on a phone is a bad idea. You.Will. get hackers that just turn phones off.

  • apfwebs

    Does this also mean the vendor could brick your phone when you miss a bill payment? Or a “software glitch” makes the vendor think you have done so?

  • Jason Yuen

    In order to protect the second hand market, remotely bricking your own phone needs to come with some caveats. For one, if one chooses to remotely brick their own phone, they should no longer be eligible to claim insurance. It should also be irreversible. That makes the decision to brick your phone a serious matter to think about before doing it. That is not to say they cannot wipe their phone. That should be widely implemented.

  • MrMLK

    The Kill Switch as a means of stopping theft is a stupid idea. Unless every phone is automatically killed on theft (which is clearly not possible), thieves are still going to steal the phones and hope for the best.

    The Kill Switch as a means of stopping access to private data is overkill for a problem that already has better solutions.

  • venkat

    Sammy may set up a master kill switch in their HQ, which when pressed should activate the individual kill switch in all their previous model smartphones and force users to buy their new model. Lol

  • toboev

    “Killing the second-hand market would definitely benefit manufacturers.”
    Would it? Why? If true, why then do car manufacturers support the second hand market for their brands? Surely a manufacturer can charge more for a product with a known high resale value, and less for one known for holding little (or zero) used value. Car manufacturers understand this.

    • Simon Hill

      The logic is that you’ll buy a new phone instead of a second-hand one and they make no money directly from second-hand sales, but the car industry parallel is an interesting one, the iPhone clearly has the best resale value and retains it for longer in the market now and Apple does charge a premium, so maybe there’s something in that. On the other hand car manufacturers can’t stop cars being sold second-hand and they have a much longer life than phones, there’s also a servicing industry that can continue to make money from them.

  • Anonymous
  • KingofPing

    Make a kill switch/don’t make a kill switch. Whatever.

    …just don’t bring the feds into it. When are we going to stop running to the Government to fix every single problem we imagine we have?

    Giving them a remote kill-switch gives them a remote kill-switch. How is this even remotely worth the trade-off?

    Some make-believe increased sense of security (that will no doubt be hacked/blocked/removed faster than it was ever dreamed possible during conception and implementation)?? Please…

  • mrjayviper

    doesn’t apple have something like this?

  • Dave Weinstein

    Rediculous. New multi-band LTE phones are coming out in Asia that can be used in the US. Anyone that wants to avoid the “kill switch” can easily do it.

    This will be used against consumers to increase profit by selling more handsets. Who want’s to bet that the US carriers will NOT give you an 2nd subsidy after they irreversibly brick your phone?

  • Ross

    Does any technology exist that can ‘guarantee’ that criminals or governments (foreign or domestic) wont be able to abuse such a system?

  • Mohamed Elkastawy

    The government and tech companies should be able to place a tracking system that is immune to device reset or recovery, root, jailbreak, etc. and let the device owner have access to this system as long as they show proof of purchase and identification. I have took more steps to secure my phone.
    1: using Android Wear, letting me know if the phone is out of range, and could walk around till I get connection and make the phone ring.
    2: Buy phones that its battery needs to be removed by a technician, and the sim card is removed with a tool.
    3: using third party app that prevents access to lock screen menu so that it won’t be shut down or put on airplane mode.
    4: Rooted my phone so I can install a tracking system that survives hard reset and recovery mode.
    This is still not very strong but it will decrease the chance of the phone theft. Though, manufacturers and the government must act.