in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Smartphone Security: US Law Enforcement Calls For Phone Kill Switch

According to the washingtonpost.com, "law enforcement officials are demanding the creation of a 'kill switch'" for stolen phones, citing statistics where one in three robberies involve mobile devices.  The New York Attorney General was quoted as calling the current state of phone robberies an "epidemic."

The importance of smartphone security is very well known and understood at AlertBoot, but I must say that the stat has taken me aback.  One in three robberies involves a cell phone?  The implication is that one could cut all robberies by 33% if one could introduce some kind of phone theft "demotivator."

State AGs "Prepared to Deepen" Inquiry

The Attorneys General of New York and San Francisco announced the formation of the "Secure Our Smartphones Initiative" coalition, with the aim of pressuring companies to introduce a phone kill switch that would "dry up the secondary market in stolen phones."

The kills switch would work the same way as cancelling a credit card when it gets stolen.  The AGs also noted that "the general public should not be forced to pay more for smartphones that have a kill switch," which also corresponds to the credit card model, and semi-threatened:
"We're prepared to deepen our inquiry if that is appropriate," Schneiderman said, though he would not elaborate on how far his office might go to ensure that manufacturers comply with the coalition's demands.
Apple, the manufacturer of iPhones and iPads, recently introduced a similar feature in its upcoming iOS7 operating system for mobile devices.  However, the AGs noted that they've "been led to believe that it is not a kill switch."

Incidentally, it should be noted that the San Francisco AG was very critical of smartphone manufacturers in the past, calling a smartphone theft "another sale for" smartphone manufacturers.

What IS a Kill Switch?

Of course, the problem may lie in what they mean by a "kill switch."  Is it something that will render the phone inoperable?  If so, I can see why the industry might balk at such a feature.  Essentially, there's no way to guarantee the inoperability of a device from a remote location.

A kill switch is, at the core, an instruction set that commands a smartphone (in this case) to stop working.  For that command to reach a phone the device must be connected to the internet or a cellular network (or something that allows the delivery of the command).

Shield the phone from all networks, which is not that hard to do (going underground, like into the basement, will work for most people), and the kill switch doesn't work.  Imagine all the lawsuits that will be filed around the fact that "the kill switch didn't work."

European Model

This is not to say that a kill switch model will not work towards curbing phone theft.  Many countries already operate blacklists for stolen phones, where a stolen phone's IMEI number (a phone's unique hardware identifier) is blocked from being activated by the carriers.

The introduction of the blacklist was followed by a significant reduction in phone thefts, since stolen phones cannot be activated and thus lose their raison d'être, and thus a reason for stealing them.

However, it's not a complete success for a number of reasons.  First, a smartphone that cannot be used as a smartphone still makes a pretty decent music player and mini Internet browser – I should know as an iPod Touch owner.  Second, a phone that cannot be activated in one country could be activated in another.  This is how international smuggling rings make their money if they deal with smartphones.  Third, some people steal stuff without thinking.  Others, they just want to watch the world burn...

Incidentally, the second and third reasons I've listed above are the why MDM smartphone security is still necessary even if blacklists and kill switches are in place.
Related Articles and Sites:
http://www.washingtonpost.com/business/technology/sf-ny-prosecutors-to-announce-anti-smartphone-theft-initiative-before-summit-of-major-makers/2013/06/13/7dbb570c-d3fb-11e2-b3a2-3bf5eb37b9d0_story.html
http://www.digitaltrends.com/mobile/combatting-theft-with-stolen-phone-blacklists/

 

<Previous Next>

Laptop Encryption Software: Stanford University Reports Yet Another HIPAA Breach

Employees And Computer Security: Trust Them To Do The Right Thing...And The Wrong Thing

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.