Emerging Tech

Blog archive

Cellphone kill switch a no-brainer

Last week, California State Sen. Mark Leno (D-San Francisco) proposed legislation that would require cellphone manufacturers to build in "kill switches" that would allow users to disable their devices if they are lost or stolen.  The move was a response to the rapid rise in smartphone thefts.  An estimated 1.6 million smartphones were stolen in the United States in 2012.

As it turns out, there are multiple points of view on whether this is a good idea, from legislators, cellphone manufacturers, cellular service providers and end users.

At first glance, the suggestion makes perfect sense.  What incentive would there be to steal a smartphone if it could immediately be made useless?

Nevertheless, while some smartphone manufacturers – including Apple and Samsung – have been developing such a capability, the major industry group representing cell service providers is lobbying against such measures. 

CTIA – The Wireless Association, in a June 2013 submission to the Federal Communications Commission, argued that kill switches were a bad idea because the kill switches themselves might be hacked.  The industry group also warned that if a kill switch permanently disabled a device when it was reported lost or stolen, the owner would not be able to re-enable it if it was recovered.

These arguments don't stand up to scrutiny, however. 

Yes, in principle, we have to assume that would be potentially possible for sophisticated hackers to access and maliciously trigger a user's kill switch. Of course, thieves are unlikely to do this since it would make the device unusable or unable to be used as a perch for further mischief on the device or over the network.

So the only scenario for a hacked kill switch would be a targeted attack designed to cripple, say, a large swath of cellphones used by the military or security agencies. Security-conscious organizations are, of course, aware of the vulnerabilities of their devices and are constantly developing countermeasures against wholesale threats such as distributed denial-of-service attacks. Adding a kill switch would not make these devices more vulnerable than they already are or the military less prepared to deal with threats against them.

And, in fact, the Defense Advanced Research Projects Agency is working to develop just such a capability for government devices.  The agency awarded a $3.4 million contract to IBM on Jan. 31 to work on developing "vanishing programmable resources," which are described on the DARPA website as "electronic systems capable of physically disappearing in a controlled, triggerable manner." 

CTIA's other argument against kill switches – that they would permanently disable devices, resulting in a user's inability to revive a device after it is recovered – also doesn't hold water.  

There is no reason to assume that kill switches can't be developed that can be unswitched. 

In fact, Apple has already added a new feature to iOS 7 – the operating system for iPhones and iPads – called Activation Lock.  When a user reports a device lost or stolen, Activation Lock will prevent anyone from disabling the "Find my iPhone" feature on the device.  Activation Lock also prevents a user from erasing and reactivating the device.  The only way to remove Activation Lock's protection is by providing the correct Apple ID and password.

So why is CTIA really lobbying against implementing kill switches on smartphones?  Some have suggested that the industry is reluctant to see a drop in profits it earns from selling consumers insurance on their smartphones, and that would almost certainly happen if kill switches result in a decrease in smartphone theft.

The technology is available to save consumers – and government agencies – money and to cut crime.  It's a shame that legislators have to fight an uphill battle against lobbyists to require the use of that technology.

Posted by Patrick Marshall on Feb 11, 2014 at 1:20 PM

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Mon, Mar 3, 2014 Tiny_1

Every cell phone already HAS a BUILT IN kill switch! Whenever a cell phone registers on the network the service provider sees the IMEI number which is a UNIQUE electronic serial number. All that is needed is a universal database for stolen IMEI's. Then when someone powers on a stolen phone all that has to be done is to deny service to that IMEI. Putting in a “kill switch” is nothing more that a greedy attempt to charge users to put in a “new” feature and pass the responsibility to kill the phone to the victim rather than telling the providers: The phone has been reported stolen – BLOCK IT! BTW: Even is a user did not write down their IMEI, the provider already has it because it is linked to the phone number that was using it. All they have to do is BLOCK IT!

Thu, Feb 20, 2014

Reality we were opted into digital for a reason...sad fact there is no opt-out of this digital age. The powers that be will not allow...enter the Snowden "leak". Empirical tangible evidence of life on the planet beats any email text IM tweet etc the digi sphere can generate! Someday we will remember that. ;)

Wed, Feb 12, 2014 SD

"So the only scenario for a hacked kill switch would be a targeted attack designed to cripple, say, a large swath of cellphones used by the military or security agencies." What about ransomware? You receive an email, text, or a popup from malware saying that unless you transfer $XXX to a certain account, they will activate the kill switch. The user would either have to pay, or gamble that it's a hoax.

Wed, Feb 12, 2014 Virginia

I don't want a kill switch that hackers could use to disable my phone. The activation Lock type feature, however, seems like a better idea. This should be available and only be disabled by a user typing in the corrent password locally, not over the air.

Wed, Feb 12, 2014

First, if the kill switch can be switched off then thieves will eventually hack that mechanism and simply turn them back on. Second, anybody else worried that the feds would not hesitate to disable all cell phones in a city if they thought there was an eminent major terrorist threat? Sure, they could turn off all cell towers, but the phones could still use wifi and potentially communicate, or even take photos/video for later posting. That is what they learned in Bosten. . .

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above


HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities

More from 1105 Public Sector Media Group