Why don’t we have kill switches in smartphones?

March 4, 2014
147
76 57 14

emergency kill switch

Credit: dumbledad

Smartphones pack an impressive range of functionality into a pocket-sized package. They are highly desirable items, they have a high resale value, and we visibly carry them around with us. That’s why smartphone theft has reached frightening proportions. This isn’t a new problem, though the scale of it has been growing, but a major proposal designed to tackle it head on is beginning to build up steam.

Kill switches for smartphones may be closer than you think. The basic idea is that a stolen smartphone could be irreversibly bricked from afar, effectively rendering it pointless to steal in the first place. California Senate Bill 962 will require every smartphone sold or shipped in California to have a kill switch installed by 2015, if it gets passed. Hot on the heels of that comes news of The Smartphone Theft Prevention Act, supported by four U.S. Senators, and designed to roll out similar requirements for a kill switch nationally.

You may well wonder why we don’t have kill switches in smartphones already, but when we start getting into it, you’ll realize that it’s far from clear cut.

There’s definitely a problem

What we can all agree on is that there is a serious problem with smartphone theft. An FCC report from almost two years ago suggested that 30 to 40% of all robberies in major cities involved cell phone theft. Consumer Reports suggested that there were 1.6 million victims of smartphone theft in the U.S. in 2012.

There’s every indication that this problem is growing. This Huffington Post piece cites police figures showing significant increases in thefts of smartphones and tablets in major cities like San Francisco and New York over the last year. Both the proposed bills suggest an annual cost of $30 billion for victims of mobile device theft.

The fact that these thefts are potentially violent personal robberies that take place on the streets makes them more worrying. You wouldn’t walk round the city center waving $600 in the air, but we all use our smartphones or tablets without thinking. It would obviously be good if we could deter criminals from stealing them.

eset-harris-device-theft-942

Smartphone theft is a permanent and pervasive problem.

ESET

Why existing solutions don’t work

There have been various attempts at tackling smartphone theft, but none of them is perfect. The functionality is often flawed, it’s easy to bypass for experienced thieves, and the alliance necessary to enforce policies usefully is lacking.

IMEI numbers

Cell phones are all supposed to have unique IMEI (International Mobile Station Equipment Identity) numbers. The idea is that stolen cell phones are reported to carriers and they can then block the IMEI number from connecting to their network. This system relies on a blacklist and willingness for carriers to share that blacklist, which has been slow to come. It is a criminal offence in many countries to change the IMEI number, but it is possible and people do it all the time. It doesn’t seem to be strictly speaking illegal in the States right now.

Whether this system really reduces cell phone theft is debatable. It can help users who report stolen phones to recover them in some instances, but even if the IMEI is blocked on one network it can often be used on another, sold abroad, or unlocked with certain restrictions.

In the age of smartphones, it’s also worth considering that blocking network access hardly renders something like a Galaxy S4 useless. You still have a host of functionality to enjoy and you could use popular VoIP apps for calls and messaging.

Android Device Manager screenshot

Apps like Android Device Manager help, but they are far from a cure for the problem.

Anti-theft apps and solutions

Whether developed by third parties or pushed out by Google, like Android Device Manager, or Apple, like Find My iPhone and Activation Lock, these solutions rely on a lot of additional factors. If the user doesn’t combine them with PIN or other phone locking security measures then they’re virtually useless. Even if they do, the first thing that most thieves will do on stealing a smartphone is put it in airplane mode, so that it can’t be remotely wiped or located.

Often criminals can find ways to root or jailbreak, and wipe the devices. There are various methods of cracking lock screens and even things like TouchID can be spoofed if you know what you’re doing. Access to email can then enable them to hijack an Apple ID and get a reset before the remote wipe command is received.

Most third-party anti-theft apps offer less security than this. The longer it takes you to notice that it’s gone and act, the greater the chance that your phone has already been wiped. In short, unless the thief is an idiot, there’s very little chance that a third-party anti-theft app is going to recover it for you. Of course, many thieves are idiots, and all these security measures are better than nothing, they definitely make it harder for the criminals and that’s a good thing. But you just can’t rely on them 100%.

Blocking kill switches

Carriers are obviously focused on making profits and they make a lot of money from smartphone insurance policies and replacement handsets. That could be behind their apparent lack of urgency in tackling smartphone theft. The California bill points out that the four largest carriers made around $7.8 billion in 2013 from theft and loss insurance products. A kill switch plan, or even proper enforcement of IMEI blocking, could reduce their potential profits, so what’s in it for them?

The CTIA, The Wireless Association, is also opposed; it even published a paper entitled Why a “Kill Switch” Isn’t the Answer, which is largely focused on the idea of misuse. The concern is that details of how to kill smartphones would leak into the wrong hands. They also highlight the fact that it would be useless if it was reversible and that would inevitably mean some consumers discovering their bricked device at a later date and being unable to do anything about it.

There are different conceptions of what “kill switch” means

The California bill appears to be more detailed and far-reaching than the federal proposal, as published by the Washington Post. Both make it clear the decision about killing a smartphone will rest with the owner. However, the federal bill talks about the ability to remotely wipe data and to render the device unusable on networks. It includes a waiver for “low-cost, voice-only mobile devices” and doesn’t mention other functionality.

The California bill goes further, stipulating that “Essential features” such as “the ability to use the device for voice communications and the ability to connect to the Internet, including the ability to access and use mobile software applications commonly known as apps” be rendered inoperable.

It’s also worth pointing out that The Smartphone Theft Prevention Act is talking about a solution that will be reversible if the phone is recovered.

samsung galaxy s5 smartphones color options 9

The demand for smartphones, and the motivation for thieves to steal them, shows no signs of dwindling.

Conspiracy theories

If we were to cast a cynical eye over the proposals we could point out a couple of potential concerns.

One obvious area where problems are going to crop up is the legitimate second-hand market. What’s to stop someone from selling their smartphone and then reporting it stolen to claim insurance? Imagine you bought a smartphone and the IMEI was blocked, or worse the phone was remotely bricked? What legal recourse would you have? The same security that prevents thieves from removing the option for the owner to remotely wipe or lock the device causes serious problems for anyone buying second-hand. Killing the second-hand market would definitely benefit manufacturers.

You know who else would love to have a tracking system and kill switch option that couldn’t be turned off built into every device? The government could definitely potentially abuse a system like this, but then so could a capable criminal gang. Are the people pushing the legislation genuinely doing it out of concern for consumers?

NSA Building

Some fear that the NSA and other government entities could use kill switch infrastructure for monitoring purposes.

Would kill switches work anyway?

It would definitely be good if we could find a way to deter mobile device theft, but are kill switches the right answer? Are they really going to stop violent crime and smartphone theft?

For this to truly work as a deterrent it has to be ubiquitous. The kill switch must work across the board on every device, and it must be resistant to resets and wipes that thieves can perform. If it’s not going to be irreversible, then it had better require a method that thieves can’t emulate. It also has to be a decision that only the owner can make, not carriers, manufacturers, governments, or law enforcement. Even taking all of that into consideration, if you don’t block more than just cell service and data network connections the device will still have resale value. Even if you brick it entirely and irreversibly thieves could sell it for parts.

Will this really deter thieves? Despite the flaws and concerns, do you think it’s a step in the right direction? Sound off in the comments and let us know what you think.

Comments

Load More