Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Carriers Said To Have Rejected Kill Switch Technology Last Year

samzenpus posted about 7 months ago | from the shut-it-down dept.

Cellphones 197

alphadogg writes "U.S. cellphone carriers were offered a technology last year that supporters say would dramatically cut incidents of smartphone theft, but the carriers turned it down, according to sources with knowledge of the proposal. The so-called 'kill-switch' software allows consumers to remotely wipe and render their phones useless if stolen. Law enforcement and politicians believe the incentive for stealing a smartphone or tablet would be greatly reduced if the technology became standard, because the devices could quickly be rendered useless. A proposal by Samsung to the five largest U.S. carriers would have made the LoJack software, developed by Canada's Absolute Software, a standard component on many of its Android phones in the U.S. The proposal followed pressure from the offices of the San Francisco District Attorney and the New York Attorney General for the industry to do more to prevent phone theft."

cancel ×

197 comments

Sorry! There are no comments related to the filter you selected.

That's a great plan... (5, Insightful)

Lab Rat Jason (2495638) | about 7 months ago | (#46325121)

... until someone hacks into a carriers network, and deactivates and wipes EVERY PHONE on the carriers registry.

Re:That's a great plan... (3, Interesting)

joaommp (685612) | about 7 months ago | (#46325225)

It's not like it couldn't be done already, at least up to some point. Don't forget that the baseband chip on the cellphone "blindly" trusts the cells.

Re:That's a great plan... (1)

Anonymous Coward | about 7 months ago | (#46325803)

Don't forget that a lot of phones baseband chip uses the same memory space as the main processor. (To save costs and only have one memory chip.)

That means that a bug in the radio firmware could mean root access on the phone. (And radio firmwares usually aren't tested *that* well because they're so uncommon of software.) Its possible you could send some glitchy GSM/CDMA command and get root on any phone out there.

Re:That's a great plan... (2, Interesting)

Ksevio (865461) | about 7 months ago | (#46325413)

I like how every time a new piece of technology comes up with integration into devices we have (phones, cars, toasters), the immediate response on /. is always "But what about the hackers!" as if there's a group of malicious hackers just waiting for the technology to appear so they could exploit it. There are plenty of vulnerable technologies out today (SCADA systems for one) but hackers aren't so interested in disrupting these systems because they're pure evil. Most systems get hacked because there's some profit to be made out of it or someone is trying to put a message out there. While beeping people's car horns or shutting off their cell phones might send A message, it's not sending a useful one, and unless T-Mobil or HTC is doing the hacking, there isn't a profit to be made from it.

Re:That's a great plan... (1)

GNious (953874) | about 7 months ago | (#46325551)

Am thinking a killswitch, accessible en-mass via a carrier would make an interesting target for hackers - being able to inform a party that they have 72hrs to pay a sum money to a russian account, or have 10.000 customer-phones wiped .... ...gotta be someone out there ready to try this.

Re:That's a great plan... (2)

mandark1967 (630856) | about 7 months ago | (#46325617)

Oh Great...My retirement plan has been RUINED by you meddling kids.

Re:That's a great plan... (0)

Anonymous Coward | about 7 months ago | (#46325849)

A Russian account? Are you serious? Why put that sort of liability in the hands of Russian banks?

Just make it payable to some Bitcoin address.

Re:That's a great plan... (0, Troll)

Anonymous Coward | about 7 months ago | (#46325759)

I like how every time a new piece of technology comes up with integration into devices we have (phones, cars, toasters), the immediate response on /. is always "But what about the hackers!" as if there's a group of malicious hackers just waiting for the technology to appear so they could exploit it. There are plenty of vulnerable technologies out today (SCADA systems for one) but hackers aren't so interested in disrupting these systems because they're pure evil. Most systems get hacked because there's some profit to be made out of it or someone is trying to put a message out there. While beeping people's car horns or shutting off their cell phones might send A message, it's not sending a useful one, and unless T-Mobil or HTC is doing the hacking, there isn't a profit to be made from it.

Yes youre right we should never evaluate the advantages and disadvantages of anything or think very much about any new development or ever question if something we want to do on a wide scale is actually worthwhile.

Hey everybody! Ksevio doesn't like it when we think about this so cut that out willya?

Nevermind the irony that by saying this, you are finding the exact kind of fault that you are complaining about other people doing. That is what is wrong with too many slashtards today, no sense of irony. "It's different when I do it!" Sure thing.

Re:That's a great plan... (0)

Anonymous Coward | about 7 months ago | (#46325941)

An authoritarian government could profit from having a communication-less and vehicle-less rebellious opposition. Just saying others other than other carriers could profit.

Just because the means profit will manifest are not obvious or even don't exist yet, doesn't mean that there will not be many/any reasons "worthy" enough to hack it, and that introducing the ability to kill all of the phones outweighs the decrease in theft. A "useful" message could indeed be sent by someone who has one to send. Government to rebels, hackers to government, and on and on. It could give hackers leverage to threaten the U.S. government with shutting down our mobile communications(the threat would be worse if we were talking about cars). One carrier could use it to try to interfere with an other carrier. It could be used internationally with hostile countries just seeking to inhibit our infrastructure. There are a number of crazy situations that could happen and maybe none of them would come of it. But http://science.slashdot.org/story/14/02/18/0340240/why-improbable-things-really-arent article leads me to think that at least one is bound to happen at some point in time.

It is like if we did trust the NSA and their use of power. We still shouldn't trust the NSA and its power because when they stop being benign or if at some point they stop being benign then everyone is screwed. It is putting power in places that if given into the wrong hands could be used to hurt a lot of people. So there is no other alternative than trying to trust that the power is in the right hands.

  Injecting vulnerabilities to completely disable a device many people do not know how to live without is a risk. I could see it feigning well enough as an anti-theft mechanism for a long time until someone sees the potential for profit. Then the phone wars begin.

Maybe the service outweighs the risks, but it seems like a trade-off of one kind of security for another. I wouldn't want a kill switch on my phone, and if i did, I would want to make it myself or have it be open source so I know what is being done and can trust that I only have access to said switch.

Ultimately I was just trying to say that it could happen :)

People WILL exploit it (4, Insightful)

sjbe (173966) | about 7 months ago | (#46325975)

the immediate response on /. is always "But what about the hackers!" as if there's a group of malicious hackers just waiting for the technology to appear so they could exploit it

That would be because there IS a group of malicious people looking to exploit technology, some of them merely because they can. The topic gets brought up because it usually is insufficiently considered in the beginning. If something can be exploited you can be pretty sure that sooner or later it will be exploited.

. Most systems get hacked because there's some profit to be made out of it or someone is trying to put a message out there.

You think there is no profit to be made in wiping people's cell phones? Ever hear of blackmail? How about terrorism? Think there is no profit to be made in selling technology to mass kill cell phones to terrorist groups who might want to cause problems? There is profit to be made in exploits if you really think about it hard enough.

Re:That's a great plan... (1)

Immerman (2627577) | about 7 months ago | (#46325977)

How much profit do you suppose could be had with the ability to remotely disable the brakes/max the throttle on a car? I hear there's good money in cutting people's brake cables if you have the right connections. I'm sure there's similar profit to be had in remote arson (toasters) and bugging the phones of "the competition". Am *I* likely to be the target of such things? Probably not. But there's a lot of powerful people who could indirectly make my life more difficult as a side effect of either giving in to someone's demands or being strategically eliminated, so I have a personal interest in objecting to the potential.

It's like the NSA - am I really worried about them snooping on me? Not particularly; however, I *am* worried about them snooping on corporate and government bigwigs - history has shown time and again what eventually happens when a shadowy organization secures the ability to blackmail everyone in power.

Re:That's a great plan... (2)

jythie (914043) | about 7 months ago | (#46326029)

Eh, do not underestimate the trouble bored teenagers can cause, esp when there are lulz or status at stake.

Re:That's a great plan... (3, Insightful)

VortexCortex (1117377) | about 7 months ago | (#46326215)

the immediate response on /. is always "But what about the hackers!" as if there's a group of malicious hackers just waiting for the technology to appear so they could exploit it.

They're called the NSA, you idiot, and they have a long history of silencing activism. [wikipedia.org]

This is device kill switch just a more targeted version of the Internet Killswitch. What, you think they aren't planning on needing such device killing tech? Because that's what the Pentagon says. [theguardian.com]

This is just the first step. The next step will be to not allow the device to function unless it pings government approved systems and authenticates with your valid citizen ID. They'll turn the blacklist into a whitelist. Black boxes are mandeded into cars already, and Intel has demonstrated their capability for remote wireless PC kill switches too.

Every time they say: "Trust us, this is good for you", or "It stops Terrorism!" or "It' stops Theft" or "Think of the Children" your red flag should go up. Another red flag? The bill proposed in California would make this Mandatory. That's not Capitalism. We should let the people decide if they want this feature in their hardware. Mandatory is a huge red flag.

Re:That's a great plan... (1)

zoomshorts (137587) | about 7 months ago | (#46325447)

It is not about phone theft as it is about phone spying.

Re:That's a great plan... (1)

Joce640k (829181) | about 7 months ago | (#46325589)

... until someone hacks into a carriers network, and deactivates and wipes EVERY PHONE on the carriers registry.

Gee ... if only there was a way to print a number on a card and cover it with silver stuff that scratches off.

If we had a technology like that available we could make phones that need a special secret number to brick them. Too bad it doesn't exist.

Re:That's a great plan... (4, Insightful)

mark-t (151149) | about 7 months ago | (#46325613)

There are, theoretically, quite secure ways of implementing this... although I would not be surprised if nobody bothers.

One mechanism that most immediately occurs to me would be that a device with a remote-brick feature would have a password, created and assigned by the user of the device, which would not get reset by wiping the firmware or installing a new sim card. To brick a device would require transmitting not only the unique code that physically identifies that particular piece of hardware, but also the password that is supposed to be associated with it. The physical device, if it received an intent-to-brick signal that was actually intended for it, would compare the pasword in the signal to that which was set for the device, and if they matched, the device would be bricked at a level that is irrevocable. The phone could only be used to call 911, and that's it. Legitimately selling a phone would require the user to reset that password to a default state... but doing that, in turn, would require that the old password be entered first.

Re:That's a great plan... (2)

BobMcD (601576) | about 7 months ago | (#46325947)

The biggest oversight in your suggestion here is how such security would hinder the government from issuing the kill orders without the users' consent.

You DO REALIZE this is the most logical motivation for this legislation, right? Enabling the government to silence their targets digitally prior to doing so physically? Why else would the Federal government even remotely care if this existed? Is the FBI investigating cell theft now?

Re:That's a great plan... (1)

Anonymous Coward | about 7 months ago | (#46325995)

However given that 50% of people would set this to "password" the opportunity to shut down 50% of the phones in the US would still exist.

Forgotten passwords (1)

sjbe (173966) | about 7 months ago | (#46326021)

One mechanism that most immediately occurs to me would be that a device with a remote-brick feature would have a password, created and assigned by the user of the device, which would not get reset by wiping the firmware or installing a new sim card.

People are demonstrably TERRIBLE at remembering passwords. I know people who have to look up passwords for things they use daily.

Re:That's a great plan... (2)

toejam13 (958243) | about 7 months ago | (#46325711)

Agreed. A carrier should never be allowed to brick your phone.

However, they should be required to participate in blacklisting phones reported as missing or stolen. At a minimum, it should be a national registry. Preferably, it should be international.

I have seen a number of Verizon branded phones on Craigslist that have been supposedly reflashed for use with Cricket. I wonder how many of those phones have unclean serials. Same goes for AT&T branded phones for use with Rogers.

Second, if a stolen phone attaches to the cellular network, the carrier should be required to contact the police with location information. If a missing phone does the same, the carrier should be required to contact the owner (charge a finder fee if lost, contact the police if stolen).

Re:That's a great plan... (1)

Andy Dodd (701) | about 7 months ago | (#46326301)

AT&T already has an IMEI blacklist. I believe they are exchanging data internationally already too. (The GSMA has an international shared blacklist - http://www.gsma.com/technicalp... [gsma.com] )

Unintended(?) consequences (1)

Immerman (2627577) | about 7 months ago | (#46325805)

Kindles come with a kill switch, at least they used to, and it caused no end of headaches to the second-hand market. You could (with some difficulty) verify that the device hadn't been reported stolen before buying it, immediately link it to your own Amazon account (after flashing it to stock firmware of course), and *still* get surprised several weeks later when your device suddenly bricked itself after the previous owner reported it stolen. Granted a lot of that came down to implementation details, but I would want solid evidence that such shenanigans aren't possible before I ever again buy a device with a kill switch in it.

Re:That's a great plan... (4, Informative)

bobbied (2522392) | about 7 months ago | (#46325859)

... until someone hacks into a carriers network, and deactivates and wipes EVERY PHONE on the carriers registry.

Not going to happen for two reasons.

1. There are multiple HLR's (Home Location Registers) in almost every carrier's network. This is where the subscriber information is kept and they are fully redundant (i.e. have multiple copies in the network). In order to kill everybody in a carrier's network, you are going to have to disrupt multiple HLR's and all of the redundancy built into the network.

2. The configuration interface of an HLR is very isolated and allowed transactions are limited to a single handset at a time. There is no way to bulk erase the database from the public interface of the HLR, you are going to have to get access INSIDE of the HLR. Trying to disrupt a network one handset at a time will take a LONG time and I'd bet they'd figure out what was happening and shut down the public HLR interface before you get very far.

But even if you did manage to break into multiple HLR's and their redundant backups and bulk erase their subscriber data, you have the problem of the VLR (Visitor Location Register) which is what the network *actually* uses when dealing with your handset. The local MSC (Mobil Switch Center) which runs the cell your phone is in only consults the HLR when it first sees your handset or you receive a call, loads the data from the HLR into the VLR. MSC's usually cover fairly large geographic areas, so even if the HLR's are trashed, most people's handsets will still work great for making calls. Receiving calls and voice mail might be more of an issue but how do you know you didn't receive a call or a voice mail didn't get collected?

Then there is the problem with backups. You KNOW that they keep backups of the HLR data. I've seen an HLR that used Oracle as it's back end. They kept *hourly* snapshots to disk and *daily* complete backups. Plus they copied off the transaction logs as soon as they where written by Oracle. If you managed to corrupt their on disk data in the HLR, they could get the HLR restored to within an hour of your attack in less than an hour, then recover the HLR to exactly what it should be by inspecting the transaction logs and just taking out the bogus deletes. It would be a pain, but the bulk of the disruption would be short lived.

Good luck, you are going to need it.

Re:That's a great plan... (3, Informative)

sjames (1099) | about 7 months ago | (#46326245)

You're looking at the wrong level. The proposal was for software embedded in the phone (not the HLR) so that it would brick if it received the right command. So no need to corrupt the HLR at all, just send the brick yourself command to the phones.

Re:That's a great plan... (1)

Andy Dodd (701) | about 7 months ago | (#46326269)

Yup. The carriers already HAVE an effective killswitch: A database of IMEIs reported as stolen which the network can (and DOES) blacklist. (I know for a fact that AT&T does blacklisting as Samsung devices change to a "default" test IMEI if their EFS partition is corrupted - this IMEI is blacklisted by AT&T.)

If users want something more than that they have plenty of options available to them at their own risk.

Well duh? (2)

EmagGeek (574360) | about 7 months ago | (#46325125)

If I'm a carrier, why would I NOT want to sell service to whomever stole your phone?

Since the carriers have no culpability in the theft of your device, the legal fiduciary obligation to the shareholders trumps any perceived moral obligation to you.

Re:Well duh? (2)

joaommp (685612) | about 7 months ago | (#46325267)

Wouldn't it be comparable to fencing stolen goods? I'd think it would be equally as illegal...

Re:Well duh? (2)

Colin Castro (2881349) | about 7 months ago | (#46325565)

No, it would be like selling gas at a gas station to a person with a stollen car that you don't actually know is stollen because you never checked or asked.

Re:Well duh? (0)

Anonymous Coward | about 7 months ago | (#46325309)

Auto manufacturers have no culpability when it comes to car thefts but they still offer alarms even on base model cars...

Carriers could charge for the "kill" and make decent money with it...

Re:Well duh? (1)

Kohath (38547) | about 7 months ago | (#46325337)

People who steal phones are great phone service customers and always pay their bills on time.

Re:Well duh? (1)

EmagGeek (574360) | about 7 months ago | (#46325359)

That's what prepaid service is for. Crooks don't have great credit usually so would be paying up front.

Re:Well duh? (1)

Timothy Hartman (2905293) | about 7 months ago | (#46325471)

Even if they don't pay it is of no loss to the carrier since they do not have the subsidy. If one buys a new iPhone 5S and has it stolen after two or three billing cycles and stops paying their bill the carrier loses out on that subsidy. If one steals a brand new iPhone 5S and stops paying after two or three billing cycles the carrier is out nothing and in most cases made great profit since no part of the bill was subsidy (also most prepaids can't accept stolen devices as easy as paid providers who control the network).

Re:Well duh? (5, Insightful)

DarkOx (621550) | about 7 months ago | (#46325423)

To use a car analogy, demanding carriers implement a kill switch would be like demanding SUNOCO keep a registry of stolen vehicles and verify license plates at all their filling stations before selling anyone gas. Not that most US cellular operators don't deserve to be spend to 'that special hell', its still not fair to burden them with problems which are not their own.

You are responsible for your own property. If you can't hold on to your phone buy some theft insurance for it. As others have stated there is a huge risk to consumers posed by remote wipe and kill switch technology. What happens when your angry girlfirend falsely reports your phone stolen? What happens if the carrier's network get breached and someone sends the kill commands to all devices. What if its just a leak like Verizon's text portal awhile back and someone just spams the system with tons of false reports?

These guys don't have the track record to properly manage this kind of power. They also don't have any moral obligation to you in the first place.

Re:Well duh? (1)

king neckbeard (1801738) | about 7 months ago | (#46325489)

If SUNOCO regularly bundled cars with their gas, it might be a better analogy. They seem rather intent on customizing the phones they sell by loading crapware and putting their logos on them, so it's not an unreasonable burden.

That said, I would prefer the technology to be FOSS, audited by multiple governments and NGOs that are not on friendly terms, and have the keys or other authentication used be privately held by default.

Re:Well duh? (2)

King_TJ (85913) | about 7 months ago | (#46325627)

The quality of his analogy isn't really that relevant. The fact is, he's right.... The way theft is handled with just about every other piece of consumer electronics gear you can think of is to make the OWNER responsible for its safe-keeping. If it's stolen, you can potentially make an insurance claim, and certainly you can file a police report. But giving a third party (such as the cellular carrier) the ability to issue remote wipes? That's just asking for a slew of lawsuits against carriers for improperly erasing someone's personal data. (Most "hacking" is just social engineering.... Someone pretends to be a person they're not, makes a phone call or two and says the right things, and convinces some customer service person to do their bidding.)

The fact you can blacklist a phone from ever getting activated on a carrier's network is already an extra theft-deterrent not available to most electronics products people might steal (such as digital cameras, car stereos, etc.).

Re:Well duh? (1)

Anonymous Coward | about 7 months ago | (#46325583)

Your analogy is flawed. The way I understand this to work is that if/when my phone is stolen, I go in to a carrier office, or login to my account online, and report the phone stolen - that starts the process.

Let me give you an example - if I lose my iPhone (and I can do this today), I can login to my account and wipe the phone remotely, so no one who has my phone can get at my information, as it will no longer be there. My guess is they could just extend that to "killing" the phone so that it cannot be re-activated without my permission. Not really a burden to the carrier.

The problem for the carrier, is that the way it is today, they get a new customer (the thief), and I get sold a new phone. Profit! With this new plan, they don't get the new customer (the thief), and so lose out on some profit. This is probably the reason they fight it.

To use a car analogy, this is like when my car gets stolen, I tell OnStar, and they "kill" the car remotely, and it cannot be re-activated without my permission. SUNOCO doesn't do shit, except maybe sell the thief some gas he can put in my car as it sits on the street, waiting for a tow, if he should choose to waste his money in that fashion.

Re:Well duh? (2)

mark-t (151149) | about 7 months ago | (#46325691)

What happens when your angry girlfirend falsely reports your phone stolen? What happens if the carrier's network get breached and someone sends the kill commands to all devices. What if its just a leak like Verizon's text portal awhile back and someone just spams the system with tons of false reports?

Ther most obvious way to circumvent all of these is if the kill command requires a password that was created by the user of the device... and the password does not get reset by doing things like changing the sim card, so you can still brick your own phone if a thief has stolen it and changed the sim card, but arbitrary people cannot brick your device unless they know your password. Resetting the pasword to something else would, of course, require that the old one be entered first.

Re:Well duh? (1)

TubeSteak (669689) | about 7 months ago | (#46326281)

if the kill command requires a password that was created by the user of the device

So you create the password upon first use and then.... you promptly forget it.
Now what?

Re:Well duh? (1)

mark-t (151149) | about 7 months ago | (#46325791)

Have you seen the cost of theft insurance for cell phones?

You'd spend less buying about a dozen more phones.

Re:Well duh? (0)

Anonymous Coward | about 7 months ago | (#46325875)

"demanding carriers implement a kill switch would be like demanding SUNOCO keep a registry of stolen vehicles and verify license plates at all their filling stations before selling anyone gas"

Be careful what you wish for. This might even be used by law enforcement to hunt down criminals. (Without gas, your getaway vehicles only gets away so far.)

Re:Well duh? (1)

bobbied (2522392) | about 7 months ago | (#46325921)

If I'm a carrier, why would I NOT want to sell service to whomever stole your phone?

Since the carriers have no culpability in the theft of your device, the legal fiduciary obligation to the shareholders trumps any perceived moral obligation to you.

But they WILL refuse to service a phone that is on a delinquent account. That's what BAD ESN means. If they think you still owe them money on the "contract" you can bet they will refuse to allow the phone to be used on their network.

So full of nope: Bruce Schneier on this (5, Informative)

Scareduck (177470) | about 7 months ago | (#46325147)

Right here [schneier.com] :

... given what we now know, do we trust that the government wouldn't abuse this system and kill phones for other reasons? Do we trust that media companies won't kill phones it decided were sharing copyrighted materials? Do we trust that phone companies won't kill phones from delinquent customers? What might have been a straightforward security system becomes a dangerous tool of control, when you don't trust those in power.

And this, ultimately, is the problem with those who keep repeating that we should just trust the government. It implies we should also disengage our brains.

Re:So full of nope: Bruce Schneier on this (1, Funny)

Kohath (38547) | about 7 months ago | (#46325257)

If you like your smartphone, you can keep your smartphone. Period.

Re:So full of nope: Bruce Schneier on this (1)

thaylin (555395) | about 7 months ago | (#46325295)

Cant tell if using this strawman for healthcare is something you believe or just joking with, well done.

Re:So full of nope: Bruce Schneier on this (1)

TheGratefulNet (143330) | about 7 months ago | (#46325355)

I had a cellphone that developed an incurable disease, the bills kept adding up and was eventually kicked to the streets, carrier-less.

Re:So full of nope: Bruce Schneier on this (1)

TheGratefulNet (143330) | about 7 months ago | (#46325371)

and also, last time I saw that phone, it was in a rundown part of town holding a sign saying 'will do cdma for watts'.

Re:So full of nope: Bruce Schneier on this (1)

geekoid (135745) | about 7 months ago | (#46325531)

Once againl Bruce says a lot the mens nothing.

"The Government", carriers and the manufacture can shut them down right now.
They don't because that would be terrible for a number of reasons.
And why shouldn't people who have not been paying there bill have their service turned off*?

The media companies is a strawman or fear mongering, I can't tell which.

oh, speaking of strawman arguments:
", is the problem with those who keep repeating that we should just trust the government"
really?
"And this, ultimately, is the problem with those who keep repeating that we should just trust Bruce Schneier. It implies we should also disengage our brains."

*except 911 calls.

Re:So full of nope: Bruce Schneier on this (1)

king neckbeard (1801738) | about 7 months ago | (#46325863)

People who are not paying bill already do have their service turned off. However, they don't have their phone wiped.

Re:So full of nope: Bruce Schneier on this (0)

Anonymous Coward | about 7 months ago | (#46325911)

So let's say I pay full price for an unlocked phone, I swap SIMs with my current phone, I miss a payment, and *boom*, my $400 purchase is now an unrecoverable brick. Turning off service and permanently bricking a phone are two different things.

But you already knew that; trolls gonna troll.

Re:So full of nope: Bruce Schneier on this (1)

jenningsthecat (1525947) | about 7 months ago | (#46326121)

Maybe you're trolling here and I'm taking the bait, but in case you really believe what you wrote, here goes...

"The Government", carriers and the manufacture can shut them down right now. They don't because that would be terrible for a number of reasons.

Although carriers can effectively turn off your phone service, and can possibly even brick your phone if you haven't rooted it and disabled automatic OTA updates, they can't currently wipe it clean remotely. The proposed new 'service' would allow them to do that. And where there's some advertised protection against that happening, there's probably a backdoor, or at least an exploit, that can get around it.

And why shouldn't people who have not been paying there bill have their service turned off*?

Um, maybe they shouldn't be allowed to do that because they have a history of abusing their position to overcharge, automatically opting you in to services which they then charge you for, adding 'mistaken' line items that increase your bill, having really shitty dispute resolution mechanisms, etc. Not only giving carriers the ability to wipe your phone, but having customers actually sign up for and potentially pay for this 'service', further tilts the already unlevel playing field in the carriers' favour.

The media companies is a strawman or fear mongering, I can't tell which.

How is it either of these? Major content providers are on record as being in favour of, (for example), disconnecting subscribers' Internet service for even the suspicion of unauthorized copying.

"And this, ultimately, is the problem with those who keep repeating that we should just trust Bruce Schneier. It implies we should also disengage our brains."

Actually, by pointing out potential problems, asking pointed questions, and challenging the status quo, I think Bruce Schneier is encouraging us to engage our brains.

Corporate (0)

Anonymous Coward | about 7 months ago | (#46325609)

Do we trust that media companies won't kill phones it decided were sharing copyrighted materials? Do we trust that phone companies won't kill phones from delinquent customers?

OK, Bruce Schneier gives a wonderful case for why corporations shouldn't have the kill switch. But if it gives them so much more power, then why did they reject it?

And this, ultimately, is the problem with those who keep repeating that we should just trust the government. It implies we should also disengage our brains.

I'm confused. So we shouldn't trust Governments because corporations may abuse their power?

It would need to be a customer-initiated system (0)

Anonymous Coward | about 7 months ago | (#46325631)

Something like Apple's Find my iPhone, where it's entirely customer activated, is the only way to go.

Re:So full of nope: Bruce Schneier on this (0)

Anonymous Coward | about 7 months ago | (#46325817)

Speaking of which... not sure it's still the same, but a few years ago you could call into AT&T and have a phone suspended ...without authorizing who you were.
Basically, just claim your phone was lost/stolen/etc, and the phone stops working as a phone. Always thought that was very stupid.
And yes, people did abuse it.

Re:So full of nope: Bruce Schneier on this (1)

number17 (952777) | about 7 months ago | (#46325825)

This seems like a lot of FUD

Do we trust that phone companies won't kill phones from delinquent customers?

The phone company can cut service and send it to collections. Depending on who owned the phone bricking it might get them into legal trouble.

Do we trust that media companies won't kill phones it decided were sharing copyrighted materials?

Again, I don't think there is legal ground to destroy property in a copyright case.

do we trust that the government wouldn't abuse this system and kill phones for other reasons?

Does the government really need to kill the phone? Couldnt they just kill the service? If they wanted to kill the phone what is preventing them from doing a remote wipe?

Re: So full of nope: Bruce Schneier on this (3)

AudioEfex (637163) | about 7 months ago | (#46325865)

On the other hand, the constant paranoia makes people sound as if we are living in a society where people just disapear off the streets and no one asks questions because they are afraid they will be next to be abducted and never heard from again. They act like the US is some police state or that we are in constant danger. I don't commit crimes, I don't associate with known criminals, I pay my taxes, and I drive safely. And you know what? The authorities and government leave me alone. Yes, we need to guard our privacy, the NSA thing (while slightly overblown, most people think that they actually have recordings of all the calls as opposed to just records of them because of all the hype), and hold them accountable, but this laughable notion that the "gubment is out to get all of us" just takes away from the real issues and is the same reason those scared folks in the Bible Belt stock up on 100's of weapons for when they "come to get 'em". Folks watch too many movies.

Could stuff happen? Sure. The sun could also have some heretofore unknown random chemical reaction and explode instantly killing us all. But people act so paranoid that they detract from the actual atrocities that go on - being one of the only first-world countries where getting cancer can make you go bankrupt, that we rank in the double digits for things like education, and the dangers of all the chemicals we ingest, breathe, clean, and live with being absorbed into every pore that we really know nothing about the long term effects of are. But oh yeah, be scared that Obama is gonna send some henchmen to rip you out of your house in the middle of the night and block your phone off and your family will never see or hear from you again. Because that happens every day, right?

No one cares about smartphone theft (-1)

Anonymous Coward | about 7 months ago | (#46325185)

This is only a problem in cities anyway.

Re:No one cares about smartphone theft (-1)

Anonymous Coward | about 7 months ago | (#46325663)

This is only a problem in cities anyway.

That's because cities have lots of blacks whos only goal in life is to be a street thug or a gang member.

If i was a racist i wouldn't change a thing. I would tell them to keep doin what they're doin. Keep glorifying violent crime, keep having bastard kids and keep persecuting the blacks who want to succeed in life by callin them uncle tom. Keep black on black crime much higher than white on black crime has ever been. A racist must be proud of blacks for keeping themselves down and sparing the racist lots of effort.

Blacks are their own worst enemies. When one of their own like Cosby tries to tell them that, they hate him for it. Figures.

Parts (4, Interesting)

Dan East (318230) | about 7 months ago | (#46325189)

You can still part out a phone and make at least a hundred bucks off it. I'm sure they would continue to be stolen just for that amount of money alone.

Re:Parts (1)

King_TJ (85913) | about 7 months ago | (#46325655)

Same is true for cars..... yet not everyone is interested in all the extra work that entails.

Phone not-a-friend plan (4, Insightful)

Impy the Impiuos Imp (442658) | about 7 months ago | (#46325207)

Each stolen phone that they make the victim pay to replace or make them eat the remaining contract with no phone. that gets hooked back up to their network should gain them a fine and jail time for participating in the laundering of stolen goods.

That's exactly what's going on -- they are dragging ass because they profit, knowingly and deliberately, from participating in this cycle. Some interstate criminal conspiracy charges on executives would also be welcome.

How are ANY of these people getting involved? (4, Interesting)

Sloppy (14984) | about 7 months ago | (#46325227)

I don't get why I would want my ISP to have a say in whether or not (or how!) I disable my personal computer. But I also don't get why I'd want my government to have a role in that discussion either.

Re:How are ANY of these people getting involved? (0)

Anonymous Coward | about 7 months ago | (#46325623)

Carriers are not ISPs and don't play by the same rules. Cellphones are not computers, they are radios with computer components, and thus are subject to different rules.

But I agree with your sentiment; the idea of a kill switch in any piece of equipment I own, that can be remotely triggered by the government or my service provider at their whim, means I don't own that device in the first place. IF there is a kill switch in my device, it should be 100% controlled by me and no one else. If my phone is stolen, I flip the switch from my home computer and the thief just stole a freshly wiped brick. If they part it out, so be it, meanwhile I'm enjoying the nice new phone my insurance policy just paid for.

Re:How are ANY of these people getting involved? (0)

Anonymous Coward | about 7 months ago | (#46326353)

Cellphones are not computers

It's 2014. Yes, they are.

thus are subject to different rules

Which of course, is the nature of the problem, and in general, I agree with both of you. But to say a cellphone is not a computer? Factually incorrect at this point.

Android already has this... (2)

Nethemas the Great (909900) | about 7 months ago | (#46325247)

This is the government wanting more intrusive access into your phone. This doesn't have a damn thing to do with theft. Android already has a "where the ****" is my phone, as well as wiping features exposed through Google's device manager service. If you want another party to have access to such functionality you can make that party administrator of your phone such as is often done when connecting your phone to your company's Exchange server.

Re:Android already has this... (1)

TyFoN (12980) | about 7 months ago | (#46326363)

It's not remote brick though which is described here, but we have that already through IMEI blacklisting.

Why not just add it Samsung? (2)

SuperKendall (25149) | about 7 months ago | (#46325253)

Apple already ships remote kill software with iPhones. Why can't Samsung just do the same with Android phones it sells?

I do see value in being able to tell a carrier that a phone it stolen and they should not allow its use on a network. But remote kill, I don't see as being something that should go through a cellular provider.

Re:Why not just add it Samsung? (3, Interesting)

JohnFen (1641097) | about 7 months ago | (#46325417)

There's no need for Samsung to do it -- this capability is already in every Android phone that uses Google Apps. It's enabled by default, although users can disable it. You can even disable the two things independently of each other: phone location and phone wiping.

I, for one, would absolutely object to this capability being included if I didn't know about it or I couldn't disable it. I don't want my carrier -- or anybody else -- to be able to locate my phone and disable it. The inclusion of this ability with no way to turn it off would prevent me from buying the phone.

Can this be disabled? (1)

Valdrax (32670) | about 7 months ago | (#46325451)

Apple already ships remote kill software with iPhones.

That statement sent a chill down my spine as an iPhone user. Is there any way to disable this? I'm far, far less worried about my phone getting stolen from my pocket or house (the only two places it resides) than I am about a hacker bricking it.

Not set up by default (1)

SuperKendall (25149) | about 7 months ago | (#46325559)

That statement sent a chill down my spine as an iPhone user. Is there any way to disable this?

It's disabled by default, you have to enable "FindMyIphone" for it to work.

I'm not sure why it would "send a chill down your spine" to have the ability for you to find your phone if it was lost, which is very useful. It's not like anyone can trigger it without your iCloud account login.

Re:Not set up by default (1)

Valdrax (32670) | about 7 months ago | (#46325963)

I'm not sure why it would "send a chill down your spine" to have the ability for you to find your phone if it was lost, which is very useful. It's not like anyone can trigger it without your iCloud account login.

I'm not likely to ever lose my iPhone (except in my bedroom, at which resolution I'm sure its of no use), so the positive use case for the ability is nigh zero for me. I'm far more worried about hackers from somewhere random in the world deciding to to disable phones for the lulz. I'm also (in a minor, abstract way) concerned about the carrier / government interest in being able to disable phones.

However, the fact that it has to be enabled and requires an iCloud account is a relief since I'd never do either.

It is of use at any resolution (1)

SuperKendall (25149) | about 7 months ago | (#46326025)

I'm not likely to ever lose my iPhone (except in my bedroom, at which resolution I'm sure its of no use)

It's not just location and the ability to remote wipe you get, but also to have the iPhone emit a sound on demand (which works even if you have it on silent). I've used it a few times when I've lost it somewhere in the house.

I'm far more worried about hackers from somewhere random in the world deciding to to disable phones for the lulz.

Since tens of millions of people use it and we've never heard of that happening, I'd rather be able to find my phone easily or wipe it myself remotely... it's not impossible but very, very unlikely. Most hackers these days are not doing things for amusement, but for profit - and there's no profit in siping someone's phone.

Besides, if you have iCould set up you'd just restore from backup so what would be the point?

Re:Not set up by default (1)

Immerman (2627577) | about 7 months ago | (#46325999)

Correction, it's not like they *intended* anyone to be able to trigger it without your iCloud account credentials. And we all know that hackers always play by the rules...

Re:Why not just add it Samsung? (0)

Anonymous Coward | about 7 months ago | (#46326391)

Why not do it the easy way?

If smart phones are a problem in San Francisco, then just outlaw them in San Francisco.
If smart phones are a problem in New York, then just outlaw them in New York.
Better yet, educate the citizens in the affected areas on the trade offs about going out side with expensive jewelry, I mean cell phones, and cheaper versions, and let them decide what they as individuals, want to do.

LoJack, talk about money lobbying (4, Informative)

Anonymous Coward | about 7 months ago | (#46325269)

I'd say no too if I had to pay all those royalty fees because only one tech was allowed by law.

Just do what Europe has been doing for decades. A shared and standard registry of IMEI and other serial number components of stolen/lost devices.

None of this remote wiping or other stuff. If someone wants that they can buy their own software/mobile solution for it.

Just require the phone to state on its screen: IMEI banned due to reported lost/stolen device. That cuts the resell theft down right there.

Not 100% but a noticeable difference.

Re:LoJack, talk about money lobbying (0)

Anonymous Coward | about 7 months ago | (#46326381)

I'd say no too if I had to pay all those royalty fees because only one tech was allowed by law. Just do what Europe has been doing for decades. A shared and standard registry of IMEI and other serial number components of stolen/lost devices. None of this remote wiping or other stuff. If someone wants that they can buy their own software/mobile solution for it.

Just require the phone to state on its screen: IMEI banned due to reported lost/stolen device. That cuts the resell theft down right there.

Not 100% but a noticeable difference.

Lojack!?! This is the red flag of red flags.

This company, operating out of Massachusetts with its useless crap ware crap service, acts like a mob affiliate selling its rent-a-cop money laundering scam to an unsuspecting public. If this gets implemented, every phone sold will require it at an additional cost. Then there will be more additional costs to perform this service for you even though you already have it installed and can do it yourself.

Europe got it temporarily right with using chips in bank cards in the 1980's that corporate profit lobbying by the banks prevented the US from having and they're doing better again with the IMEI methodology that's being ignored in the US due to corporate profits lobbying against non-rentable solutions.

And (1)

no-body (127863) | about 7 months ago | (#46325275)

the MF reason is profit of somebody selling insurance for cellphone theft - probably the carriers themselves...

Would there somebody be to clean up this mess?

+1 from Iran, Venezuela and the Ukraine (3, Insightful)

PackMan97 (244419) | about 7 months ago | (#46325279)

Can't you just imagine this tool when it comes to mass protests? Especially when things turn violent as they have in plenty of countries over the year. The primary way news is getting out is cell phone cameras and videos.

Wouldn't any freedom loving government just die to have access to a kill switch?

Totally pointless. (2)

Draeven (166561) | about 7 months ago | (#46325327)

I can already imagine how many times someone will lose their phone, then remotely break it only to find it later and hassle customer service to fix it.

Putting that aside, I just can't see this kind of security being useful or reducing actual thefts very much. I can't imagine there won't be a way to disable, remove, or otherwise bypass this remote wipe in some way.

Re:Totally pointless. (1)

mark-t (151149) | about 7 months ago | (#46325891)

There are two solutions to that.

The first way is to make the device irrecoverable... utterly and completely. Customer service could no more make a bricked phone operational again than it could fix one that had been run over by a train. But the disadvantage of this is that it probably wouldn't stop customers from asking.

The second way, and probably a preferable one, is to make the bricking recoverable by the end user, who must enter a password that they chose for their phone to unbrick the device. The password should not be of any pre-determinable length so that a hacker who wanted to unbrick the phone would not even know what the domain to try to guess the password by brute force might be. Ideally, such a password should not get reset simply by changing the sim card in the device, and changing it would require that the old password be entered first.

A bricked phone would be utterly useless for virtually any task... even using the apps that might be installed on it... the only thing it would be able to do is call emergency/911, which would remove much of the incentive to bother to steal phones.

Re:Totally pointless. (1)

Immerman (2627577) | about 7 months ago | (#46326049)

Indeed. IMEI-based carrier blacklisting would be far more reliable and reversible, without the ugly invasiveness. Maybe not for tablets, but who wants a phone that can't make calls?

A phone is like a wallet nowadays. (1)

slackware 3.6 (2524328) | about 7 months ago | (#46325329)

Do you lose your wallet all the time or do you know where it is at all times? Maybe we need a kill switch just in case someone steals your wallet, maybe a die pack or something that goes boom then we could hook it up to the phone so we have a way to send the kill signal. Maybe just don't walk around with your fancy phone in your hand putting down constantly with earphones sticking out of your head on the subway late at night.

Re:A phone is like a wallet nowadays. (1)

EmagGeek (574360) | about 7 months ago | (#46325375)

My phone is not like a wallet. If someone steals my wallet, they have my ID, credit cards money, and all kinds of information that would help them steal my wealth and / or my identity.

If someone steals my phone, they have, well, nothing - well - unless they can somehow break the encryption on it. I'm not aware of anyone who has been able to steal information off of an encrypted phone, are you?

Re:A phone is like a wallet nowadays. (1)

JohnFen (1641097) | about 7 months ago | (#46325441)

'm not aware of anyone who has been able to steal information off of an encrypted phone, are you?

Depends on the encryption software. I do know that a lot of it is breakable, some easily and some with moderate effort, so stealing info off of those phones is completely doable.

One switch to rule them all... (0)

Anonymous Coward | about 7 months ago | (#46325341)

One switch to rule them all...

One switch to silence them.

I keep saying this... (1)

bferrell (253291) | about 7 months ago | (#46325385)

The cellphone protocol HAS the kill switch built in... That's the database CTIA keeps referring to

doesn't fix anything and can be abused (1)

hypergreatthing (254983) | about 7 months ago | (#46325483)

Phones are litterally like cars.
You can't sell a stolen car. So you chop up the parts since they're not IDed and sell them.

Go on Ebay, check for repair parts. LCD is 150$, camera module, ect ect are all there and can bring in a good amount of money.

Carriers already have white list phones for CDMA. I'm sure there's an equivalent to a bad esn for GSM phones. The repair parts probably already come straight from these phones. A kill switch won't fix anything not already in place, just gives more room for abuse.

Standards (1)

MobyDisk (75490) | about 7 months ago | (#46325533)

A proposal by Samsung to the five largest U.S. carriers would have made the LoJack software, developed by Canada's Absolute Software, a standard component on many of its Android phones in the U.S.

Standardize on protocols, not implementations.

Does anyone have the text of the US Senate bill to see how it defines the kill switch?

Not really for theft prevention (0, Insightful)

Anonymous Coward | about 7 months ago | (#46325579)

They are framing this as something for theft prevention, but the main reason they want it is because they want to make sure that if shit starts to go down here, the federal government can simply shut off all the phones in an area so no one can tweet/sms about it.

This is the dumbest thing I've ever heard (2)

Karl Cocknozzle (514413) | about 7 months ago | (#46325619)

Why would anybody favor such an expensive and ineffective option (with so many shortcomings) when the carriers could just be required to keep a database of unique identifiers (don't quote me--I think they're called IMEI numbers) of phones reported stolen and simply blacklist those phones from their networks.

Then, a person can report their phone stolen and the carriers make it useless because none of them are allowed to service it while it is in the "stolen" database.

No "kill-switch" required.

This is the dumbest thing I've ever heard (0)

Anonymous Coward | about 7 months ago | (#46325647)

Remember about the recent hacks on Mat Honan [wired.com] ? Made possible in part by our friend auto-wiping. Ever seen Tom Scott's video on what would happen if someone hacked into Google and shut off password checking [youtube.com] ? Note the part where everyone's Android phones get wiped. This is the government saying that's a good idea and needs to be required by law.

-Nathan2055

Protection against seizure by TSA / police? (2)

Walking The Walk (1003312) | about 7 months ago | (#46325771)

While I agree with others worried that a kill switch could be abused (by carriers / government / MPAA / RIAA / etc), I'm now wondering if it would be a handy way to counter (un)lawful search and seizure of a device by various authorities? Say you're transiting through the US and a TSA agent decides they want to confiscate (and presumably search) your smartphone. If the kill switch is easy to activate (maybe a number you call and enter a code, or via your laptop or friend's smartphone), you could wipe your device before they get the contents.

Re:Protection against seizure by TSA / police? (0)

Anonymous Coward | about 7 months ago | (#46326089)

Sounds like you're reinventing iCloud. I remotely wiped my iPhone after the Seattle PD took it near the baseball stadium. I was waiting in line for baseball tickets while sitting on a blanket with my phone facedown with the camera up. They said they were required to confiscate any iPhone they saw below waist level with the camera facing upward. This was about a week after someone was caught taking pictures of preteen girls in South Center Mall so they were being overbearing on the issue.

Speaking of which, I still don't have the phone back. I was due for an upgrade so I bought another phone rather than going through the months long process of getting property back from the SPD. My roommate fought for over two years to get his jack back after the SPD took it when he was illegally parked while changing a tire. Maybe it isn't worth the fight because I'm sure the battery is dead after not being charged for nearly a year.

force me not (1)

AndyKron (937105) | about 7 months ago | (#46325845)

I wish I could come up with some software, and have governments force people to buy it. What a rack.

Just bypass the software (1)

bluefoxlucid (723572) | about 7 months ago | (#46325871)

A proposal by Samsung to the five largest U.S. carriers would have made the LoJack software, developed by Canada's Absolute Software, a standard component on many of its Android phones in the U.S.

Steal phone.

Power off phone/remove battery.

Take phone home, boot into bootloader.

Install Cyanogenmod.

Only nerds do this. But when criminals find that their phones are stolen, they will resort to Google. It's think up a new way to make hundreds of dollars at a time, get a job, or figure out a quick way to get around this Lobe-Jacks software. There is no expedient to which a man will not go to avoid the labor of thinking, thus someone will think "there has got to be something online to un-kill this phones".

I've seen ghetto retards do the most complicated shit they don't even understand. "No NO!!! Fool! You gots ta gets in da bootloader! Try volume! Gimme dat! Wut... hold on shits... oh power and volum, datz did it...okay so puts the cable... run dat, yeah... yeah try dat, da phone... okay now you reboot it! Okay so you copied the file on da card right? Okay hit install, on the menu!"

They scream and strain, but they eventually get it done, with little enough effort.

junky android phones (0)

Anonymous Coward | about 7 months ago | (#46325873)

who in their right mind would steal an android phone thats practically given away new? Junk!

Sprint has been doing this for over a decade. (0)

Anonymous Coward | about 7 months ago | (#46325949)

Not a Kill switch per se but..
If you owe money or have a phone stolen with Sprint, they will flag your ESN and you can not get service on that phone. I call Sprint and check to see if the "ESN is clear" before buying any Sprint based phone. I don't actually trust Sprint CSR's so I call twice to verify, if not yes both times, I won't buy that used phone. Some of them will just yes it is clear, without even checking and when you actually buy it and try to activate it, you'll find out they lied.

only reason the gov't wants it... (0)

Anonymous Coward | about 7 months ago | (#46326203)

Is so the next time there's something like the Occupy movement and they want to use police brutality again, this time they can just shut down everyone's phones so no video gets out. Nobody hears a word.

Or in any other case where the gov't is trying to keep it's dirty secrets.

If you want a kill switch, install a kill switch (0)

Anonymous Coward | about 7 months ago | (#46326253)

What's the carrier got to do with it? They should offer their app to the customers.

Sure - Authorities think it's a great idea... (0)

Anonymous Coward | about 7 months ago | (#46326361)

... wipe phones of protestors witnessing/recording police brutality due to their location (couple location metadata with request to kill all phones in the area).

We've gone WAY past what the Nazi state was capable of, yet people are too ignorant to realize the same stuff is being done here on a greater scale.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>