Feeds

WhisperSystems creates 'suicide pill' for phones

Find-my-phone app includes 'reset by geolocation'

New hybrid storage solutions

The developers who jumped in early in the “Arab Spring” to create an encrypted communications app for Android have now gone a step further, crafting a geofenced self-destruct that can wipe a phone based on location.

WhisperSystems.org's Zones app, which isn't yet ready for prime time but should be released to Google Play soon, is clearly not for the faint-hearted, nor for anyone who doesn't keep backups of the data on their phone.

Originally founded by Moxie Marlinspike, WhisperSystems came to prominence in 2011 when it announced that it would offer its TextSecure (text) and Redphone (voice) encryption apps in Egypt to support the anti-government protests that eventually led to the downfall of the former Hosni Mubarak regime.

The company was then acquired by Twitter, but some of its software was released to open source under the dot-org domain.

It's the open source crew that's now preparing Zones. As developer Rhodey Orbits told The Register, “Zones is about one month's work away from being ready for public release/publishing on the Google Play Store. I hope to put in that month's work soon, but [it] probably won't be next month.”

The device-wipe capability is just one part of a “find my phone” feature-set that works without relying on an external Web service. Instead, it relies only on the internal capabilities of a phone: location awareness, the ability to lock a lost phone (and unlock it if found), and deleting call history, contacts, or the whole phone.

All of these can be controlled by SMS messages combined with an authentication password. For example, Rhodey explained, if Alice loses her phone (or it's stolen), she can borrow someone else's phone to wipe hers using a simple “factory reset [password]” SMS to her phone.

“We have some plans to complement the Android app with a web app in the future, but it would only be to augment functionality as opposed to unlock,” Orbits told The Register.

The commands so far implemented in the app are Start/Stop location updates; Audio alarm; Battery level alert; Super lock (the device can't be swipe-unlocked); Super unlock (reverses Super-lock); Clear call history; Clear contacts; and Factory Reset.

All of these can then be geofenced: a user can define zones on a map, and assign a range of actions to these zones. That way, if Alice is arrested – or, as Orbits noted in an e-mail to El Reg, if she's at a dangerous border crossing – the phone can be programmed to send a preset e-mail or SMS to a defined recipient list; or the Super lock (unlock) or wipe functions can be assigned to a location.

“While the factory reset action is more of an attention grabber than the SMS alert, in the case of dangerous border crossings or questionable arrests an automatic SMS to friends and family would likely be of more utility than a factory reset”, Orbits said.

Orbits said some of the remaining work on the app is to improve the granularity of its geofencing without sacrificing battery life: “Zones can only be as accurate and reliable as the location data it is provided by the Android OS. The location data will never be perfect and to get fine-grained resolution you draw a lot from the battery.”

Orbits is also concerned at the risk of an unwanted or accidental wipe (for example, someone hands Alice's lost phone in at a police station that's been defined as a factory-reset zone).

“Close to 100 per cent of Android users have at least one Google Account associated with their phone whether or not they realise it, this is a step of the initial OS setup. An Android phone with a Google account will automatically backup all contacts and calendars periodically, upon restore of an existing phone or setup of a new phone the contacts and calendars will "magically" reappear,” he explained.

Pictures are probably either in the cloud (for example on Flickr), or synched to other machines (for example, laptops at home). However, those who avoid clouding their pictures “must either develop a passion for backups or a lack of passion for their pictures,” he told us. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Boffins say they've got Lithium batteries the wrong way around
Surprises at the nano-scale mean our ideas about how they charge could be all wrong
Thought that last dinosaur was BIG? This one's bloody ENORMOUS
Weighed several adult elephants, contend boffins
Chelyabinsk-sized SURPRISE asteroid to skim Earth, satnav birds
Space rock appears out of nowhere, buzzes planet on Sunday
City hidden beneath England's Stonehenge had HUMAN ABATTOIR. And a pub
Boozed-up ancients drank beer before tearing corpses apart
'Duck face' selfie in SPAAAACE: Rosetta's snap with bird comet
Probe prepares to make first landing on fast-moving rock
Archaeologists and robots on hunt for more Antikythera pieces
How much of the world's oldest computer can they find?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.