Anti-theft mobe KILL SWITCH edges closer to reality in California The Golden State is one step closer to passing a law which would require mobile phone vendors to implement remote bricking capabilities in all handsets. The California Senate has approved SB 962, the bill which mandates a "kill switch" mechanism in phones which could render stolen handsets useless and hopefully deter thieves …
What? Why the fuck would they go through all the trouble to publicly legislate for a backdoor in one State? If you've missed the news for the last year it has become rather evident that device level backdoors are a tedious waste of money and a security threat because the phones sure as hell won't be built in California, or even the US.
I've never understood what everybody worries about with remote bricking on phones. It's not as if the consumer has ever had control of their handsets. Ever. Your carrier of choice has always had the ability to knock phones offline, and they'll do it across carriers too if you still owe one of them money. It has always been that way.
The threat is in the data centers, not your phone.
You ask why publicly legislate in one state?
To copy your form of speaking, Where the hell have you been during the past 30 years? The past 10? Five? One? You do know that things such as this always appear first in either California or New York? That's where the "public acceptance marketing balloons get floated before final implementation. Do the research! For example, check out the USG RFPs and Contract Awards that are listed for all the world to read. Not that too many actually do.
And how can you overlook your own words? Such as "publicly"? Given past performance of the U.S. government and its' co-conspirators up north, down south, and across both ponds, what makes you ignore the high probabilities that things are being done "privately"? That's why they call them "black ops". What? Did you miss the Snowden files?
The threat is in data centers, not your phone? Is that so? Damn, I must have been dreaming when I more than once remotely copied then wiped the contents of all those secure Blackberries. Compared to them, the modern computers you think of as "phones" are so easy.
Child, I was in California lobbying for changes to their tax incentives for utility easements across private property for research and education networks before you knew what lobbying was. You're far out of your depth.
You never start in California if your goal is nationwide legislation. Tell me, oh great and wise, yet wildly inexperienced, numpty; why don't you start in California? You don't know do you?
You don't go to California because every single time that California legislation moves up here to DC approximately 50% of everybody will vote down even considering the legislation. It's a death sentence to bring California legislation to Capitol Hill.
It's one thing to lobby for legislation in California, the market is enormous all by itself. But if you want national legislation you start here in DC. Doubly so in this case because Metro DC Police Chief Cathy Lanier is the nation's number one advocate for remote phone 'bricking'.
See, if you want something with nationwide impact done here you start with a visit to one of the 17,000 registered lobbyists working in this city. There are two lobbying firms in the same building as my city office. They're not hard to find, or work with you know.
At any rate, there are 'proper' ways to mangle and distort law in this country. You do it the right way, or you don't get to do it at all. You're acting like an ass, thinking that there's some vast conspiracy to do everything backwards with the intent of bricking your phone. You're paranoid because you think someone might, I don't know actually; what are you afraid of?
Well, whatever it is that you're paranoid about, you're looking in the wrong place for it. The funny part is, you're making a scene about it and that's the crux of all this stuff. You're overvaluing the worth of your personal things and while you're out whining about it the actual threats are just rolling along and you don't even glance that direction.
So thanks, I guess. You've reaffirmed the purpose of lobbyists everywhere. You'll buy in to whatever they tell you and you'll stare all slack jawed and weepy eyed when you realize you've wasted so much time being concerned about the wrong things.
The reason you start in California is that, because it's the most populous state in the nation, anything you do in California tends to ripple for the simple reason that it's easier to abide by California's tougher standards universally than to have two lines.
Here's two words that spring to mind: "California Emissions".
For non-legislative issues, yes. California is a good place to start, but legislative issues don't ripple out from California very often. They usually just fall over dead once they're exposed to the noxious cloud of legislative bullshit the rest of the country deals with all the time.
Some issues, Prop 65 for example, do get out of California, but that's only because they made the printing and affixing of the lead disclosure label 100% deductible.
If it helps make it clearer, we treat California like we treat the UK. Kind of like a lost colony where all the rules are weird and overthought. When you do business there, or send products there, you crank your prices up to cover the costs of compliance plus a bit extra to cover the plain old pain in the ass bullshit. California emissions are a great example, you pay a shitload more for California emissions compliance for cars sold in California and take a fuel efficiency hit. Those standards will never leave California, it's cheaper to build separate models for that market.
And that's why national legislation rarely starts in California. Everything that comes out of there is a bureaucratic nightmare that adds costs to consumers. National level politicians won't touch that stuff with a barge pole. It's reelection suicide to vote for those laws.
I'm not saying there's no vast conspiracy, the NSA fiasco shows there is one. But the NSA fiasco also shows why it's just fucking stupid to think the government is trying to get voted onto individual handsets, one state at a time. There's NO SENSE in even fucking around with that when you've got a global surveillance and secret court system that forces carriers and service providers to hand over whatever they want or shut down service to anyone they want.
When you've got a system that works and is immune to pressure you don't go fucking about with hope that a consumer product law gets enough momentum to travel across the country. That's stupid.
Your carrier of choice has always had the ability to knock phones offline
Correct, which prompts two questions:
1 - why have they not been able to get their act together? The answer is probably that revenue is revenue, wherever it comes from, the same reason why Western Union still appears to be the main money carrier for Internet scams.
2 - why does the US try to legislate something which will have a global impact? Don't forget that the majority of large scale phone manufacturers have US HQs, and are thus subject to the same shenanigans that Snowden has been busy disclosing. In that respect, Nokia being sold to MS was a VERY bad move for our security because it was one of the last big ones not under US control.
I don't think the legislators give a damn about data thieves. Thieves aren't stealing smartphones to steal their data, they're stealing them to resell out of a car's trunk the next day.
IMEI blacklisting is barely a half measure - more like an eighth measure. Smartphones are pretty darn useful even if you can't connect them to a cell network. Not to mention IMEI blacklisting is not worldwide, so phones stolen in the US would be sold to someone with a contact in China to ship them to for resale there.
That's why it needs to be addressed by the OEM. Then when a phone is stolen it can be made valueless, making them pointless to steal.
That's why it needs to be addressed by the OEM. Then when a phone is stolen it can be made valueless, making them pointless to steal.
The problem is that it enables yet another denial of service vector that is in the hands of a 3rd party - worse, it puts in the hands of that paragon of human rights and fighter of legislative abuse, the US government (yes, I'm being very sarcastic).
If the price of avoiding a LEGALISED control over my phone by US government is a higher risk of theft I'll take it thank you - I want that to remain my choice. I am unlikely to ever go near the US, so I'm not interested in Clipper v2, even with more limited functionality. Personally, I think other governments should get involved because it risks them too. Imagine an ambassador or CEO who is getting in the way of US interests: suddenly, their phone no longer works. What an amazing and unfortunate coincidence. Terribly sorry, you're "collateral damage" - be glad it's at least the non-lethal kind.
Suddenly, Blackberry has become even more attractive.
Bye bye iPhone, it was fun while it lasted.
Do you really believe that Blackberry, Android, Windows Phone, FirefoxOS or whatever don't have the ability to brick your phone if they decided to do so? Just because they don't do it in response to a stolen phone doesn't mean they don't have the power!
Do you really believe that carriers don't have the ability to make your phone useless to you within your entire country if they so desire? Or that your government doesn't have the ability to make wireless carriers shut down if they claimed a national emergency (i.e. the people trying to organize a coup against them?)
You live in an insulated world if you think that by saying "bye bye iPhone" you wave bye bye to the only chance that your currently working phone can be made to stop working against your will.
Unless you are using a phone that is 100% open source, from the GUI to the kernel to the firmware, and you check that source yourself or fully believe in those who do (or claim to) you're living in denial, trading a "they tell you they can do this" for a "they can do this but aren't telling you they can".
I cannot see what can be done at the moment to stop e.g setool from rebuilding anything. (The bit it uses via the testpoint is in rom. From there you can do a hardware initialisation / full imei rebuild / reflash the rom.
Blowing some type of hardware fuse in the SoC is the only thing I can think of that would work.
"I cannot see what can be done at the moment to stop e.g setool from rebuilding anything. (The bit it uses via the testpoint is in rom. From there you can do a hardware initialisation / full imei rebuild / reflash the rom.
Very true, but you give thieves (and their fences) more credit for technical ability than they actually have.
The truth is that all they have to do these days is swap SIM cards at the shady indie shop and they're on their way. Of course that same shop can also do the ROM flash. But again, this is giving thieves more technical credit for even knowing this than they have.
>Not to mention IMEI blacklisting is not worldwide, sold to China
And the remote kill switch is?
This isn't a separate radio controlled bit of plastic explosive. It's requiring the OS to be sent a message over the cell network.
There is no reason for China State Telecom to route US kill messages any more than US carriers would accept requests from the Chinese govt. And any phone that is reflashed with a custom image is safe even at home.
This "remote kill switch" isn't some special encoded message sent over the cell network, it is sent via IP. If China wanted to block a kill message from Apple, they'd have to block all IP traffic from Apple.
An Android phone could be reflashed with a custom image that didn't use any Google services, but what's the value of an Android phone that can't access the Google Play store, use Google Maps, or Google Search? Sure, in China, it is worth something since there are millions of such phones sold every month. But in the US? Worthless. And that's only an option for Android, there are no custom firmwares available for the iPhone. Jailbreaking leaves iOS mostly intact, and wouldn't affect Apple's ability to kill it.
@Flip:
IMEI blocking is useless as they can be replaced with a different number in a 5-minute operation.
I have my cell handset IMEI changed every week or two - last time I took it in to a Samsung Service Centre (we have five in SaiGon) the tech noticed the difference and simply used his laptop to correct it.
If you do change your IMEI and intend to go roaming, visit your Cellco office and ask them if the have the correct IMEI on their computer system.
P.S. It's illegal to change IMEI numbers in Blighty - it makes GCHQ work so much more harder.
I don't understand this bullcrap either.
IMEI
Serial number
UID number (SIM card)
Those are readily available to your carrier and only THEIR laziness prevents them from utilizing them to kill a stolen phone
Using those three thing will turn ANY phone into about handful of plastic junk. Forever.
I did this everyday for stolen phones, so I really, REALLY don't understand what this whole dog and pony show is all about except to point out that it appears most carriers have NOTHING in place to kill stolen phones.
any benefit this function has for the political security apparatus is purely coincidental. Thus they can blame "the people" for giving central authority the ability to disable or kill devices individually or in groups.
When all the iDevices shut down at the next #Occupy, who ya gonna blame?
Of course it has existed for a long time. The 'political apparatus' doesn't need to go tampering with hundreds of millions of devices so they can skew election results.
People's priorities get so screwed up. They're worried about someone else having control of their phone, but never stop to think about who is controlling the money they pay their phone bill with. If 'the government' wanted to fuck with people they can just cut off access to your money. Or one of a million other things that are cheaper, less intrusive, completely invisible and a whole, whole lot scarier.
Bricking somebody's phone is not going to stop them dissenting. People don't die when their phone stops working and you don't need a cellphone to get pissed off at the government. 40 years ago, and for a million before that, nobody had one and there was no shortage of political dissent.
If somebody's phone stops working they can just toss it in the bin and buy another one. The really serious dissenters are all using disposable phones anyway.
There's no big brother aspect to this. It's just an attempt to reduce phone thefts and it's doomed to failure because as usual the people mandating it don't understand technology. Any electronic device can be unbricked and reprogrammed by somebody with the right skill set.
The net result is that stolen phones will be slightly more expensive because they now have to be shipped overseas so that an 8 year old Chinese girl can unsolder and replace a 5cent chip to make it work again.
" Any electronic device can be unbricked and reprogrammed by somebody with the right skill set."
Personally .. id like to see all forms of memory be rigged with on chip self destruct , bricks the phone and kills all data in one shot. The latter part seemingly being of high interest.
I wonder...
If 1337 h@xx0r were to brick all of a carrier's users phones who would foot the bill?
Removing control from the end user should mean that whoever gains that power should also take responsibility for it's misuse.
IMHO this (money money money mo-ney MO-NEY) will be the determining factor re US wide and/or global adoption.
Abuse? Can you imagine what would happen if a zero-day exploit allowed ALL cell phones in the US to be killed all at the same time? Most people don't keep a land-line anymore, and there are hardly any pay-phones left.
In one day we could be sent back to 1912 as far as our ability to connect, get business done, or call for help. But no California, tell us how it will reduce cell phone theft, what could go wrong?
Sure, phone theft is high but it isn't like the scare videos the big cities put out. In reality, like all the prototype iPhones that were stolen, almost half (44%) were left behind somewhere like a bar, a bus or at work and only 11% were actually taken off the victim's person according to a survey conducted by mobile security outfit Lookout
Given how many were left behind and claimed stolen, how many were actually simply lost and tossed or dropped out of a pocket and never seen again? Given I know my homeowner policy covers stolen gadgets but not lost gadgets, I'll go with a fairly high percentage like 3 in 4. Sure, they can feel their missing data is safe but it isn't like the fishes, forklift or landfill was going to use it anyway.
"In reality, like all the prototype iPhones that were stolen, almost half (44%) were left behind somewhere like a bar, a bus or at work and only 11% were actually taken off the victim's person according to a survey conducted by mobile security outfit Lookout."
Hmm? I've heard of incidents where the owner was killed and the ONLY thing taken was their phone. Statistical outlier or not, that's pretty extreme in my book just to nick a phone.
The sheeple are quite happy to upgrade every year or 2 anyway because of some nebulous "improved" functionality the marketing dept at Apple/Samsung/whoever have persuaded the gullible idiots along with their equally gullible social network friends they really need Right Now or their lives will be little better than a 19th century coal miner, so I don't see this as a major impediment.
PS. To anyone who thinks this is a way for the government to get a backdoor inserted into your phone...
What makes you think they don't have such a mechanism ALREADY?
Plus, as others have said, there are other ways to stop cell phones in their tracks: taking over the towers, radio sniffing for picocells, etc. Once all networks are down, the plods can just round everyone up and take the phones physically. Plus this has the advantage of also picking up non-networked devices like dedicated cameras. Look what happened in Iran. Not much communication once the towers went down, eh?
The proposed law would require no change on Apple's part, because remote wipe/kill capability already exists in iOS devices. The kill is permanent, meaning the device can never be used again under any circumstances. It's something that the user can initiate in the event of a lost or stolen phone. The carrier cannot do it. And, by law, Apple would be prohibited from doing it unless specifically authorised to do so by the phone's owner.
The kill is far more pervasive than blocking the phone from making or receiving calls.
If someone did manage to compromise Apple's security infrastructure and bricked my phone for me – thank you very much – a few things would happen.
1. There would be a massive shit storm
2. I'd demand a replacement handset from the Apple Store
3. I'd restore the new device to its previous state from an iCloud backup
Likely to happen? Nah
Bothersome if it did? A bit, but not the end of the world
Sorry, I'll qualify that by saying the only circumstance under which the wiped iPhone can be brought back to life is if, on the device, you enter your original Apple ID and password.
This post has been deleted by its author
You know, having had a bottle broken over my head and two fingers broken to get hold of my mobile, and having discovered that IMEI numbers can be reflashed in a matter of seconds, I'm all in favour of mandatory kill switches.
This comments page reads like the Daily Express with a Diana story. It's just a good idea from a law-enforcement point of view. Occam would have you leave it at that.
This is kind of worthless nonsense and I am sure is designed purely to financially benefit "someone" whether its the manufacturers, the vendors or just insurance companies inventing new products to cover you for "bricking" of your phone by accident and other things
All that is really needed is a number that cant ever be removed or changed which is needed for ALL network interaction so that not only can a phone remain working but can then be used to track it to the new owner and maybe also then onto the thief
If that cant be done in a way that cant be circumvented then niether can this proposal as they are both at a similar level of complexity and technical security within a device
So it would suggest that the real reasoning behind a fatal solution rather than one that allows a device to still be used but then tracked is a financial rather than a practical one
'So it...' ('it' meaning what precisely?) '...would suggest that the real reasoning behind a fatal solution rather than one that allows a device to still be used but then tracked is a financial rather than a practical one.'
-Brilliant logic, except for the fact that the industry has consistently opposed this measure. Obviously they don't know when they're well off.
I think whatever solution was proposed to reduce phone theft, the comments page here would be full of silly conspiracy theories. I really should just accept it and get back to work.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
