Microsoft and Google have announced that they are to introduce a “killswitch” functionality to their smartphones, which will render them completely useless if they are stolen.
According to BBC news, the two companies have followed Samsung and Apple in offering the functionality and a hard kill switch would render a stolen device permanently unusable and is favoured by legislators who want to give stolen devices the “value of a paperweight”, while a “soft” kill switch would only make a phone unusable to “an unauthorised user”.
Is this a positive thing for smartphone users? We asked the industry on what they thought of this move by the technology giants.
Michael Sutton, VP security research at Zscaler
“The kill switch implemented by Apple in iOS 7 has already had an impact by reducing iPhone/iPad thefts so it’s not surprising to see Google and Microsoft also moving in this direction. Kill switches are not a foolproof plan as thieves could still sell stolen devices for parts, but it does reduce the overall value of the device for the criminal. Attackers could also leverage kill switch functionality as leverage to demand ransom or activate the kill switch should they gain access to a user’s account, but this is not generally a significant concern given the ease of backing up and recovering phone content from built in cloud based services.”
David Harley, senior research fellow at ESET
“It isn’t going to be possible to retrofit the kill switch to all models of smartphone. Of course, opportunistic thieves and muggers aren’t likely to check whether a phone is the latest model before deciding whether to steal it. And since they don’t necessarily aim to steal onlyphones, the target of zero thefts is unlikely to be achieved. I’m actually reluctant to take the statistics quoted at face value: I’m not sure opportunistic criminals are so discriminating that they won’t steal an iPhone in case the kill switch is activated.</s pan>
While the BBC mentions the fact that some Samsung devices have a kill switch, there are actually statistics in the Attorney General’s report indicating that Samsung thefts increased over the same period. The report suggests that this is because Samsung’s implementation is far more recent and that Samsung thefts will decline in future due to that implementation. But that’s speculation, not statistics.
One of the reasons that many phone users may not be aware of the existence of an existing kill switch mechanism is that the vendors have so far declined to enforce the use of such a mechanism as the default (as law-enforcement agencies have proposed) rather than an opt-in measure. In fact, the Carriers and Trade Association (CITA) representing the telecoms industry has only come round to the idea in recent months.”
Mark Sparshott, EMEA Director at Proofpoint
“With a UK market share of 54.9 per cent and growing, the Kill Switch that Google plan to include in the next version of Android could be vital for reducing phone theft in the UK. However getting the kill switch onto the majority of Android handsets may take months or years because most smartphones run old versions of Android and many never receive an update to the latest version. This is because Google is reliant on the phone manufacturers to verify the update for each model of handset and the network providers like to incorporate into their customised version of Android and push the update to their customers and they are generally focused on new phones that bring in new revenue rather than updating older phones.
So we need to wait for more details from Google on the exact capabilities of the Kill Switch, the versions of Android that will receive it and the reaction of the manufacturers and carriers before we can ascertain what this really means for smartphone theft. In the meantime Android and Windows users can install 3rd party apps listed on the CIA website that deliver Kill Switch capabilities today.”
Mark James, technical team leader, ESET
“Any measure to stop theft and resale of stolen items has got to be good, the idea that a mobile phone can be rendered useless if it is “reported stolen” will definitely form a small deterrent for criminals, but only of course if the phone details are recorded by the end user (IMEI) and then reported as lost or stolen. I would imagine it’s a relatively small number that would do this, relatively few people that I know of are aware that IOS 7 uses the Activation Lock feature (providing the end user sets up “find my iphone”).
“Whilst it’s great that the manufacturers make these features available but they need to inform EVERY user that purchases the phone, maybe even the cellular provider sending a welcome text explaining what needs to be done to be able to use the feature? User education is the key component here.”
George Anderson, Webroot
“If you a
sked a person – what’s more precious to you, a device or the data on it? They would likely answer ‘data’. With that in mind, the ability to remotely lock and wipe devices is a good alternative to a ‘kill switch’ and is a security feature available already with Apple and Android from some mobile security vendors.
“The huge growth in mobile malware is just as worrying as mobile phone theft because the ability to recover or delete data is what most people care about. Data can be at risk even if the device itself is safe. There are numerous applications that steal confidential information without the owners knowledge or permission. What concern me is that we are yet to see phone manufacturers come together to tackle this problem in a similar way they have embraced the ‘kill switch’.”
What we have here is Microsoft and Google not only following their competitors, but also law enforcement in buckling to demands to offer more physical security to devices. What concerns me is could an attacker, with a stolen and “killed” device in their hands, simply blow the operating system out and reboot with new software? – Editor
