in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Smartphone Security: California Bill Could Force Industry To Implement Device Kill Switch

A new California bill is aiming to curb the theft of smartphones.  According to networkworld.com, Senator Mark Leno and San Francisco DA George Gascón proposed a mandate that requiring kill-switch technologies to be implemented as a smartphone security feature on all smartphones that are sold in the Golden State.

Due to the size of the California market, the bill could indirectly force manufacturers to implement the technology as a standard feature, seeing how producing two separate models for each phone would be cost-prohibitive.

Smartphone Theft: Leading Type of Street Crime

The impetus for the new bill comes from the rise of crime involving smartphones.  Assault and battery linked to the theft of smartphones has been on the rise for years.

New York City, for example, experienced over 15,000 mobile device thefts in 2012, and Apple's iPhones had a measurable impact on the Big Apple's crime stats: Mayor Bloomberg noted that "if you took out thefts of Apple products — not Galaxies, Samsungs — just Apple products, our total crime rate would be lower than it was last year."  Not that Samsung is not doing its share when it comes to keeping crime levels up (although I doubt that this is part of their objective).

New York is not the only city struggling with such "smart" issues; most if not all major metropolitan cities are struggling with it.

Nobody Wants a Brick

The idea behind kill-switches is simple: give the owner of a phone the power to kill the device if it gets stolen.  The thief ends up with an expensive brick that he cannot easily unload.  Once this happens more often than not, people think twice about stealing a smartphone.  This is sometimes known as the Lo-Jack effect.

When Lo-Jack was first introduced to a region, you could see a continuous decline in car thefts because thieves couldn't tell whether a car was tagged with the tracking device or not.  As more and more people signed up for the service, the harder and harder it became to steal a car without eventually getting caught.  Thieves employed tactics like stealing the car and keeping it parked for a couple of days to see what happened, but then the cops started playing the waiting game, too.  Ultimately, many car thieves called it quits.

An added bonus was that the effect spread to cars without Lo-Jack because, again, one couldn't tell whether a car was fitted with the tracker.

Which is why I kind of disagree with the following quote from DA Gascón:
A recent survey undertaken by [Gascón's] office found around four in five iPhone users were using the activation lock, but that's still a problem, he said earlier this week.
"Until Activation Lock is fully opt-out, it appears many iPhone owners will not have the solution enabled," he said in a statement. "This leaves iPhone users at risk, as thieves cannot distinguish between those devices that have the feature enabled and those that do not."
A voluntary utilization rate of eighty percent is tremendous.  If this is not a statistical error, the dividends from this group's actions will spill over to people who don't have Activation Lock turned on.  Thieves are not exactly stupid: if they find that 4 out of 5 stolen iPhones will ultimately results into a shiny paperweight that cannot be sold, they'll look for something else to steal.  The demand for stolen smartphones would also dry up as well.

The problem is, of course, cities will begin to see an increase of smartphone thefts that don't involve iPhones.  And for that reason alone, I believe that the kill-switch bill is a great idea: pressure the manufacturers to give users an option.  There's no real need to make it opt-out (although the converse is true as well: there's no real reason to make it opt-in, either).

Why Not Include Encryption?

What really puzzles me is that there are no references to smartphone encryption.  I can think of at least one reason why thieves would steal a smartphone even if it ends up being killed remotely.  It's the same reason why HIPAA laws regarding laptops and computers exist: the theft of personal information.

Smartphones are underpowered computers with tiny screens that go everywhere the owner goes.  As such, these devices usually contain a lot of personal information about its owner, and possibly the owner's friends and families.  There's enough there to do a lot of harm: fraud, phishing (you and your loved ones), etc.

Here's one potential scenario: a person steals a smartphone.  He places it in a bag lined with aluminum as soon as possible. (My own experiments revealed that triple-lining effectively isolates a phone from all electronic signals).  He goes to a basement or other location where he knows there's no reception.  He accesses the smartphone's contents: without encryption, it's easier than you think.  He has hit the jackpot because he can review all communications.

He can pick up on linguistic patterns, expressions, typography, emoticons, etc.  The stage is set for a very successful confidence game via email, text messaging, what  have you.

Kill switches are good.  Encryption is great.
Related Articles and Sites:
http://www.networkworld.com/news/2013/121913-proposed-california-law-would-mandate-277107.html
<Previous Next>

HIPAA Encryption: UHS-Pruitt Has Two Laptop Thefts In Two Weeks

BYOD Full Encryption: Because Sensitive Data Will Drift To Where You Least Expect It

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.