Feeds

WhisperSystems creates 'suicide pill' for phones

Find-my-phone app includes 'reset by geolocation'

Top three mobile application threats

The developers who jumped in early in the “Arab Spring” to create an encrypted communications app for Android have now gone a step further, crafting a geofenced self-destruct that can wipe a phone based on location.

WhisperSystems.org's Zones app, which isn't yet ready for prime time but should be released to Google Play soon, is clearly not for the faint-hearted, nor for anyone who doesn't keep backups of the data on their phone.

Originally founded by Moxie Marlinspike, WhisperSystems came to prominence in 2011 when it announced that it would offer its TextSecure (text) and Redphone (voice) encryption apps in Egypt to support the anti-government protests that eventually led to the downfall of the former Hosni Mubarak regime.

The company was then acquired by Twitter, but some of its software was released to open source under the dot-org domain.

It's the open source crew that's now preparing Zones. As developer Rhodey Orbits told The Register, “Zones is about one month's work away from being ready for public release/publishing on the Google Play Store. I hope to put in that month's work soon, but [it] probably won't be next month.”

The device-wipe capability is just one part of a “find my phone” feature-set that works without relying on an external Web service. Instead, it relies only on the internal capabilities of a phone: location awareness, the ability to lock a lost phone (and unlock it if found), and deleting call history, contacts, or the whole phone.

All of these can be controlled by SMS messages combined with an authentication password. For example, Rhodey explained, if Alice loses her phone (or it's stolen), she can borrow someone else's phone to wipe hers using a simple “factory reset [password]” SMS to her phone.

“We have some plans to complement the Android app with a web app in the future, but it would only be to augment functionality as opposed to unlock,” Orbits told The Register.

The commands so far implemented in the app are Start/Stop location updates; Audio alarm; Battery level alert; Super lock (the device can't be swipe-unlocked); Super unlock (reverses Super-lock); Clear call history; Clear contacts; and Factory Reset.

All of these can then be geofenced: a user can define zones on a map, and assign a range of actions to these zones. That way, if Alice is arrested – or, as Orbits noted in an e-mail to El Reg, if she's at a dangerous border crossing – the phone can be programmed to send a preset e-mail or SMS to a defined recipient list; or the Super lock (unlock) or wipe functions can be assigned to a location.

“While the factory reset action is more of an attention grabber than the SMS alert, in the case of dangerous border crossings or questionable arrests an automatic SMS to friends and family would likely be of more utility than a factory reset”, Orbits said.

Orbits said some of the remaining work on the app is to improve the granularity of its geofencing without sacrificing battery life: “Zones can only be as accurate and reliable as the location data it is provided by the Android OS. The location data will never be perfect and to get fine-grained resolution you draw a lot from the battery.”

Orbits is also concerned at the risk of an unwanted or accidental wipe (for example, someone hands Alice's lost phone in at a police station that's been defined as a factory-reset zone).

“Close to 100 per cent of Android users have at least one Google Account associated with their phone whether or not they realise it, this is a step of the initial OS setup. An Android phone with a Google account will automatically backup all contacts and calendars periodically, upon restore of an existing phone or setup of a new phone the contacts and calendars will "magically" reappear,” he explained.

Pictures are probably either in the cloud (for example on Flickr), or synched to other machines (for example, laptops at home). However, those who avoid clouding their pictures “must either develop a passion for backups or a lack of passion for their pictures,” he told us. ®

High performance access to file storage

More from The Register

next story
Most Americans doubt Big Bang, not too sure about evolution, climate change – survey
Science no match for religion, politics, business interests
KILLER SPONGES menacing California coastline
Surfers are safe, crustaceans less so
Discovery time for 200m WONDER MATERIALS shaved from 4 MILLENNIA... to 4 years
Alloy, Alloy: Boffins in speed-classification breakthrough
LOHAN and the amazing technicolor spaceplane
Our Vulture 2 livery is wrapped, and it's les noix du mutt
Liftoff! SpaceX Falcon 9 lifts Dragon on third resupply mission to ISS
SpaceX snaps smartly into one-second launch window
R.I.P. LADEE: Probe smashes into lunar surface at 3,600mph
Swan dive signs off successful science mission
Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
Power levels up 70 per cent as the rover keeps on truckin'
Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
Helium seeps from Falcon 9 first stage, delays new legs for NASA robonaut
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.