Feeds

WhisperSystems creates 'suicide pill' for phones

Find-my-phone app includes 'reset by geolocation'

Security for virtualized datacentres

The developers who jumped in early in the “Arab Spring” to create an encrypted communications app for Android have now gone a step further, crafting a geofenced self-destruct that can wipe a phone based on location.

WhisperSystems.org's Zones app, which isn't yet ready for prime time but should be released to Google Play soon, is clearly not for the faint-hearted, nor for anyone who doesn't keep backups of the data on their phone.

Originally founded by Moxie Marlinspike, WhisperSystems came to prominence in 2011 when it announced that it would offer its TextSecure (text) and Redphone (voice) encryption apps in Egypt to support the anti-government protests that eventually led to the downfall of the former Hosni Mubarak regime.

The company was then acquired by Twitter, but some of its software was released to open source under the dot-org domain.

It's the open source crew that's now preparing Zones. As developer Rhodey Orbits told The Register, “Zones is about one month's work away from being ready for public release/publishing on the Google Play Store. I hope to put in that month's work soon, but [it] probably won't be next month.”

The device-wipe capability is just one part of a “find my phone” feature-set that works without relying on an external Web service. Instead, it relies only on the internal capabilities of a phone: location awareness, the ability to lock a lost phone (and unlock it if found), and deleting call history, contacts, or the whole phone.

All of these can be controlled by SMS messages combined with an authentication password. For example, Rhodey explained, if Alice loses her phone (or it's stolen), she can borrow someone else's phone to wipe hers using a simple “factory reset [password]” SMS to her phone.

“We have some plans to complement the Android app with a web app in the future, but it would only be to augment functionality as opposed to unlock,” Orbits told The Register.

The commands so far implemented in the app are Start/Stop location updates; Audio alarm; Battery level alert; Super lock (the device can't be swipe-unlocked); Super unlock (reverses Super-lock); Clear call history; Clear contacts; and Factory Reset.

All of these can then be geofenced: a user can define zones on a map, and assign a range of actions to these zones. That way, if Alice is arrested – or, as Orbits noted in an e-mail to El Reg, if she's at a dangerous border crossing – the phone can be programmed to send a preset e-mail or SMS to a defined recipient list; or the Super lock (unlock) or wipe functions can be assigned to a location.

“While the factory reset action is more of an attention grabber than the SMS alert, in the case of dangerous border crossings or questionable arrests an automatic SMS to friends and family would likely be of more utility than a factory reset”, Orbits said.

Orbits said some of the remaining work on the app is to improve the granularity of its geofencing without sacrificing battery life: “Zones can only be as accurate and reliable as the location data it is provided by the Android OS. The location data will never be perfect and to get fine-grained resolution you draw a lot from the battery.”

Orbits is also concerned at the risk of an unwanted or accidental wipe (for example, someone hands Alice's lost phone in at a police station that's been defined as a factory-reset zone).

“Close to 100 per cent of Android users have at least one Google Account associated with their phone whether or not they realise it, this is a step of the initial OS setup. An Android phone with a Google account will automatically backup all contacts and calendars periodically, upon restore of an existing phone or setup of a new phone the contacts and calendars will "magically" reappear,” he explained.

Pictures are probably either in the cloud (for example on Flickr), or synched to other machines (for example, laptops at home). However, those who avoid clouding their pictures “must either develop a passion for backups or a lack of passion for their pictures,” he told us. ®

Internet Security Threat Report 2014

More from The Register

next story
SECRET U.S. 'SPACE WARPLANE' set to return from SPY MISSION
Robot minishuttle X-37B returns after almost 2 years in orbit
LOHAN crash lands on CNN
Overflies Die Welt en route to lively US news vid
'Utter killjoy Reg hacks have NEVER BEEN LAID', writes a fan
'Shuddit, smarty pants!' Some readers reacted badly to our last Doctor Who review ...
Experts brand LOHAN's squeaky-clean box
Phytosanitary treatment renders Vulture 2 crate fit for export
Carry On Cosmonaut: Willful Child is a poor taste Star Trek parody
Cringeworthy, crude and crass jokes abound in Steven Erikson’s sci-fi debut
White LED lies: It's great, but Nobel physics prize-winning great?
How artificial lighting could offer an artificial promise
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.