Have you ever lost a mobile phone? Or, worse, have you had a mobile phone stolen from you? I have experienced being pick-pocketed firsthand, although I was able to recover the device later on. It wasn’t a pleasant experience, and I made sure to better secure my devices from that point on.
With tracking apps and systems like Find my iPhone, Prey and even Android’s built in remote management, it’s now easier to find lost devices — or at least attempt to find where you may have left your phone or where a likely thief has taken it. You may have read about success stories in which these apps had been used to find the whereabouts of lost phones, including mug-shots of the perpetrators or fencers. If phone recovery is not a success, then at least one can wipe out personal data from the device, so that it doesn’t fall into the wrong hands.
According to a study by mobile security company Lookout, 112 mobile phones are stolen every minute in the US alone. Every day, $7 million worth of smartphones are lost (including those that are stolen). Cellular phone thefts account for 30 to 40 percent of robberies around the country. In total, loss of mobile devices have cost consumers $30 billion in 2012 alone.
Securing our smartphones
Earlier this year, lawmakers, law enforcement agencies and consumer advocacy groups launched the “Secure our Smartphones” initiative, which aims to pressure the mobile device industry for better safeguards against theft. The proposal called for device manufacturers to incorporate a “kill switch” on their smartphones, to reduce incidence of device theft. The idea behind the kill switch is supposedly simple. A stolen phone can be remotely — and permanently — disabled by a user or carrier when reported lost.
To some extent, carriers can already disable the use of mobile devices if these are reported stolen, or even if a user fails to comply with contract. This is usually done by blacklisting the IMEI or ESN. However, this comes with a few limitations. For example, even if an IMEI were included in a blacklist registry, a particular ID number would have to be blacklisted by all carriers, in order for the blacklist to be effective.
This would be useless, however, if the device were sold in another country, where carriers may not support an IMEI blacklist. In fact, there is a big grey market for mobile devices across different countries, where pre-owned devices are sold. And yes, this potentially include stolen goods.
Moreover, the IMEI can be spoofed by modifying a device’s baseband. This can be easily done with a few software tools made by the rooting or jailbreaking community. This means it’s still possible to use a device even if it is blocked by the carrier through IMEI. Some smartphone users actually spoof the IMEI of feature-phones in order to avoid additional tethering or data charges.
The kill switch, on the other hand, would render a device permanently useless. The intent here is to discourage cellular phone theft, and to protect any sensitive data that may be stored on the device.
Killing the kill switch
According to the San Francisco district attorney’s office, Samsung has actually been planning to pre-load its smartphones with a kill switch. This move would, however, require approval from mobile carriers, and AT&T, Verizon Wireless, Sprint and T-Mobile reportedly rejected the idea of a kill switch. According to the DA, the carriers appear to be concerned about losing revenue from device insurance premiums.
Is a kill switch the answer, in the first place? The CTIA, a trade group that represents mobile carriers, doesn’t believe so, saying that the kill switch is also vulnerable to potential abuse.
So far, theft-deterrent is the primary reason the SOS initiative wants a kill switch. To my mind, there might be additional benefits to this:
- Privacy and data integrity. Data wipes can only go so far. A kill switch that will render a device totally useless would benefit the enterprise market, especially businesses that want to make sure their data does not fall into the wrong hands. For regular consumers like us, we have better assurance that our private messages, information, photos and other media cannot be accessed.
- Safety. The concept of the kill switch has also been discussed by proponents from the Department of Homeland Security. After all, cellular phones have been known to act as remote-control switches for explosive devices. Being able to kill what could possibly a detonator might aid in bomb defusing efforts.
The kill switch does come with a few risks, which is the main contention of carriers:
- Malicious hacking or malware. A device might be vulnerable to attack by malicious hackers, who may be able to trip the kill switch remotely or by distributing malware.
- Phone recovery. There is also the concern that a permanently-disabled device might be found by the legitimate user later on, who would then be unable to use the phone or recover any data that may be stored in it.
- Consumer advocacy. The kill switch might also be abused by carriers that want to prevent users from switching networks, which might affect devices sold under contract.
A catch-all measure?
To my mind, the concept of the kill switch might easily be considered a catch-all measure against mobile phone theft. But until lawmakers, device manufacturers and carriers agree on the best way to better protect against loss or theft, it would be a good idea for us consumers to be more proactive when it comes to our own safety.
For instance, while there is no absolute deterrent to getting robbed, pick-pocketed or mugged, we could perhaps avoid being in situations in which theft could be possible. Try not to set your smartphone on restaurant tables, where you might easily forget it (it’s bad manners, after all!). Try to avoid displaying your device in public. Use a phone-tracking software. Lock your phone with a PIN, password or pattern lock, as it helps add a layer of protection to your data.
The list goes on. And as long as mobile devices are considered to be valuable commodities, they are still vulnerable to loss and theft.
Image credit: Pickpocket