Why a smartphone 'kill switch' won't deter theft
It may seem like a simple idea, but a kill switch would not be create to install and could even end up causing more problems.
Tue, Aug 27, 2013 at 02:19 AM
For several months, New York State Attorney General Eric Schneiderman has been pressuring smartphone makers and cellular carriers to build a "kill switch" that would permanently disable stolen handsets, and hence deter smartphone theft by destroying the resale value.
"The epidemic of violent street crime involving the theft and resale of mobile devices is a very real and growing threat in communities all across America," Schneiderman said during a June press conference announcing his "Secure Our Smartphones" initiative.
In open letters he wrote to Apple, Microsoft, Google and Samsung, Schneiderman asks why such technology can't quickly be developed.
"I seek to understand why companies that can develop sophisticated handheld electronics, such as the products manufactured by Apple, cannot also create technology to render stolen devices inoperable and thereby eliminate the expanding black market on which they are sold," he wrote. [MORE: 7 Computer-Security Fixes to Make Right Now]
But security experts say a smartphone kill switch, short of an explosive "Mission: Impossible" physical self-destruct mechanism, probably wouldn't work.
"A kill switch for mobile phones makes no sense to me," said Chester Wisniewski, senior security adviser at the Vancouver, B.C. office of the British anti-virus firm Sophos.
And that might be a good thing. If the kill switch did work, it could become a ripe target for hackers and pranksters, who would find ways to remotely turn off people's phones.
"Everything could go wrong, but little right," Wisniewski said. "Next thing you know, police will want carmakers to put kill switches in every vehicle. Totally unnecessary."
Can't block signals
Schneiderman's efforts build upon previous methods of disabling stolen phones.
Until a couple of years ago, phones reported stolen were blacklisted from the airwaves by their carriers, but that proved ineffective as thieves simply swapped in new SIM cards on GSM phones such as those carried by T-Mobile and AT&T.
Under public pressure from politicians and consumer advocates, T-Mobile and AT&T announced in the summer of 2012 that they, as Sprint and Verizon Wireless had already been doing, would block the handset themselves, not just the SIM cards.
The "Big Four" carriers also announced the creation of a shared database of blocked phones, which has arguably been inefficient and spotty.
The database's intent is to make sure a thief who stole a T-Mobile phone, for example, couldn't get it to work on AT&T. [MORE: 10 Desktop Password Managers]
The problem is that a database of stolen phones does little good when the phone ends up in a market stall in China or Brazil. It's also possible, using legitimate or black-market software tools, to change a phone's unique ID number so that the network doesn't recognize it as stolen.
Those workarounds may be why smartphone theft is still rising nationwide, especially in densely populated cities.
That rising number of thefts, and a few resulting deaths, spurred Schneiderman's call for a "magic bullet" that would make sure a stolen phone would never work again, anywhere in the world.
"[Schneiderman's] proposal sounds good for people who don't understand how mobile phone networks work," said David Kennedy, CEO of TrustedSec in Strongsville, Ohio.
A remote "kill switch" would, by definition, have to involve sending a signal to the phone. That signal would have to go out over the cellular network or the Internet, and it would have to "brick" the phone in some fashion, perhaps by simply deleting the OS or by sending out a poisoned firmware update.
But absent of some kind of physical damage to the hardware, the phone could still be made functional by installing a new OS or by using special tools to fix the firmware.
iPhones, in particular, are "jailbroken" routinely, with the phone running software that's essentially a knock-off operating system. From that perspective, there simply isn't any software-based way to render a phone forever nonfunctional.
And a kill switch could simply be avoided. A thief would have only shut the phone off immediately after he steals it (which most experienced thieves already do to avoid tracking software), then wait until he or she got somewhere without a cellular signal — a metal shed or basement would do.
At that point, the SIM card can be removed and discarded, the phone can be turned on, the data wiped and the handset ID number changed — and the carrier network, and kill switch that depends on it, would be totally ineffective.
Phone hacking possibilities
Then there's the possibility of hackers remotely shutting down your phone while you still have it. If the phone makers build a kill switch, hackers will find it.
"If the trigger for the kill switch is remote, which it would have to be, then it would be theoretically possible to send an unauthorized trigger to the phone and knock it offline depending on how it's designed," said Mark Wuergler, senior security researcher at Immunity Inc. in Miami.
While it wouldn't be easy to pull this off — one would have to find a way to get malicious traffic into the cell network, perhaps via text message, or to spoof a cell tower — both feats fall well within the capability of a sophisticated hacker.
At that point, Wuergler said, all bets would be off.
"If someone with these capabilities is targeting you," he said, "then they are probably not interested in stealing your cellphone, which would be the least of your worries at that point, anyway."
So if a kill switch isn't going to work, and the carrier blacklist already doesn't work, what can smartphone owners do to avoid theft?
The first step is to use common sense in public places. Keep your phone close to yourself on public transit, especially if you're near a train or bus door. Don't put the phone on the table at an outdoor cafe, and take it with you when you head to the bathroom or cash register.
Pony up for your carrier's insurance plan. Ten or twelve dollars a month adds up, but it'll be well worth it if your phone's stolen and you get a replacement with no questions asked. [MORE: 40 Best Free Apps for iPhone]
Otherwise, you'll be paying the full retail value of several hundred dollars — the subsidized $200 price was a down payment for the phone you've already lost.
(Schneiderman's letters ask whether the phone makers benefit from the sales of replacement phones and hence have no incentive to build kill switches. He may be off base: Phone makers don't want cheap stolen phones undercutting legitimate sales.)
Equip your phone with a PIN lock, which will stop most thieves from getting to your data if the phone is stolen. (On an iPhone, setting up a PIN lock will also encrypt an iPhone's data.)
Even if the thief wants the data, the PIN will slow him down long enough for the owner to engage a remote wipe and contact the carrier to block the phone from the airwaves.
Don't deter, just deal with it
There isn't much hope of getting your phone back once it's lost or stolen, Kennedy noted. Most police departments aren't going to try tracking a phone thief, unless he's the kind who sells stolen phones by the dozens.
As it is, options for remotely wiping your data are built into iPhones, and available for Android via third-party apps.
Furthermore, if a phone is used to access a company network or Microsoft Exchange email, corporate IT departments often have the option to shred the data on the phone (a situation that's long existed for BlackBerrys).
So is there really a need for a smartphone kill switch, even if it could work?
"If the goal is to cut down on the amount of violent crimes associated with phone thefts, I don't think this is the answer," Wuergler said. "Inexperienced criminals aren't going to be thinking about the preventative measures the phone has in place before or during the crime, and experienced criminals will already know how to deal with the preventative measures."
More on Tom's Guide and MNN: