Feeds

WhisperSystems creates 'suicide pill' for phones

Find-my-phone app includes 'reset by geolocation'

Application security programs and practises

The developers who jumped in early in the “Arab Spring” to create an encrypted communications app for Android have now gone a step further, crafting a geofenced self-destruct that can wipe a phone based on location.

WhisperSystems.org's Zones app, which isn't yet ready for prime time but should be released to Google Play soon, is clearly not for the faint-hearted, nor for anyone who doesn't keep backups of the data on their phone.

Originally founded by Moxie Marlinspike, WhisperSystems came to prominence in 2011 when it announced that it would offer its TextSecure (text) and Redphone (voice) encryption apps in Egypt to support the anti-government protests that eventually led to the downfall of the former Hosni Mubarak regime.

The company was then acquired by Twitter, but some of its software was released to open source under the dot-org domain.

It's the open source crew that's now preparing Zones. As developer Rhodey Orbits told The Register, “Zones is about one month's work away from being ready for public release/publishing on the Google Play Store. I hope to put in that month's work soon, but [it] probably won't be next month.”

The device-wipe capability is just one part of a “find my phone” feature-set that works without relying on an external Web service. Instead, it relies only on the internal capabilities of a phone: location awareness, the ability to lock a lost phone (and unlock it if found), and deleting call history, contacts, or the whole phone.

All of these can be controlled by SMS messages combined with an authentication password. For example, Rhodey explained, if Alice loses her phone (or it's stolen), she can borrow someone else's phone to wipe hers using a simple “factory reset [password]” SMS to her phone.

“We have some plans to complement the Android app with a web app in the future, but it would only be to augment functionality as opposed to unlock,” Orbits told The Register.

The commands so far implemented in the app are Start/Stop location updates; Audio alarm; Battery level alert; Super lock (the device can't be swipe-unlocked); Super unlock (reverses Super-lock); Clear call history; Clear contacts; and Factory Reset.

All of these can then be geofenced: a user can define zones on a map, and assign a range of actions to these zones. That way, if Alice is arrested – or, as Orbits noted in an e-mail to El Reg, if she's at a dangerous border crossing – the phone can be programmed to send a preset e-mail or SMS to a defined recipient list; or the Super lock (unlock) or wipe functions can be assigned to a location.

“While the factory reset action is more of an attention grabber than the SMS alert, in the case of dangerous border crossings or questionable arrests an automatic SMS to friends and family would likely be of more utility than a factory reset”, Orbits said.

Orbits said some of the remaining work on the app is to improve the granularity of its geofencing without sacrificing battery life: “Zones can only be as accurate and reliable as the location data it is provided by the Android OS. The location data will never be perfect and to get fine-grained resolution you draw a lot from the battery.”

Orbits is also concerned at the risk of an unwanted or accidental wipe (for example, someone hands Alice's lost phone in at a police station that's been defined as a factory-reset zone).

“Close to 100 per cent of Android users have at least one Google Account associated with their phone whether or not they realise it, this is a step of the initial OS setup. An Android phone with a Google account will automatically backup all contacts and calendars periodically, upon restore of an existing phone or setup of a new phone the contacts and calendars will "magically" reappear,” he explained.

Pictures are probably either in the cloud (for example on Flickr), or synched to other machines (for example, laptops at home). However, those who avoid clouding their pictures “must either develop a passion for backups or a lack of passion for their pictures,” he told us. ®

Build a business case: developing custom apps

More from The Register

next story
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
We have found the Holy Grail (of batteries) - boffins
Asteroid's DINO KILLING SPREE just bad luck – boffins
Sauricide WASN'T inevitable, reckon scientists
Flamewars in SPAAACE: cooler fires hint at energy efficiency
Experiment aboard ISS shows we should all chill out for cleaner engines
The Sun took a day off last week and made NO sunspots
Someone needs to get that lazy star cooking again before things get cold around here
Boffins discuss AI space program at hush-hush IARPA confab
IBM, MIT, plenty of others invited to fill Uncle Sam's spy toolchest, but where's Google?
Famous 'Dish' radio telescope to be emptied in budget crisis: CSIRO
Radio astronomy suffering to protect Square Kilometre Array
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.