Is the Smartphone Kill Switch a Good Idea?

Carl Weinschenk
Slide Show

Top Five Vulnerabilities that Enable Phone Fraud

The government seems to be hot on the trail of smartphone kill switches. The question is whether the concept is a solid one.

InformationWeek reports that two recent proposals, one at the state level and one in the Senate, seek to make it possible for a carrier to render a lost or stolen device useless. The story points out that the Federal Communications Commission says that 30 percent to 40 percent of robberies in major cities are of mobile devices; the number in some cases can reach half. Consumer Reports, the story says, found that 1.6 million people had smartphones stolen in 2012.

The intended goal of the kill switch is, of course, to make such thefts are far less attractive to the criminals. Opponents say that while the goal is a good one, a likely unintended consequence is that the kill switch technology would attract hackers.

PCWorld paraphrases the objections of industry group CTIA, which submitted a filing on the issue to the FCC:

In one scenario, groups of mobile phones can be permanently disabled by sending multiple messages, such as by incrementing the MSISDN (the telephone number) or IMSI (the unique identity of the customer) or the IMEI (the equipment identifier), CTIA said in the filing. Subscribers will not even be able to make emergency calls, it added.

The CTIA has an alternative, described by TechSpot. While not as technically sophisticated, the federal registry approach comes without the kill switch baggage:

The cellular industry trade group, along with the FCC and four of the largest US carriers are pushing a national lost-and-stolen phone registry instead, which would be used as a blacklist to deny activation of stolen smartphones. That database went live late last year and the group believes legislation should build upon this initiative by criminalizing tampering with mobile device identifiers as a workaround to the blacklist.

Three approaches to smartphone kill switches exist, according to Marc Rogers, principal security researcher for Lookout. He outlines the three at re/code: Activation locks, persistent security software and software/hardware that can remotely “brick” a phone. Rogers’ conclusion:

There is never going to be a single silver bullet that stops smartphone crime. The most effective approach to a kill switch will use a number of locking, disabling and tracking technologies in combination, so that their strengths are magnified and their weaknesses are mitigated. The ideal approach will ensure that every time a device is wiped or reinstalled, it automatically authenticates with manufacturer or operator servers to reestablish the correct security software and settings. Once reactivated, this software protects the device while advertising its true ownership, which kills the opportunity for the thief to cash in on his crime. Meanwhile, the device should silently begin to call for help by transmitting its location to the authorities even after the SIM card has been removed.

The basic question is whether it is possible to engineer and secure kill switches in a way that doesn’t offer opportunities to crackers. That seems unlikely, since crackers are just as smart as the folks fighting them. In any case, the hope is that the question will be part of the debates about the legislation in Washington and Sacramento.

The Senate bill is “The Smartphone Theft Prevention Act” and was introduced by Amy Klobuchar, a Democrat from Minnesota. The California legislation was introduced to the state senate by Senator Mark Leno, a Democrat from San Francisco.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Feb 24, 2014 8:12 AM Shaun Shaun  says:
Very interesting stuff, it's crazy to think that we have to come up with these sort of solutions for crime nowadays.. Thanks for the links too! Reply
Feb 24, 2014 2:22 PM Shadab Shadab  says:
I think this idea is drawing the line... Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.