Super Cali signs a kill-switch, campaigners say it's atrocious

Remote-death button bad news for crooks, protesters – and great news for hackers?

Security for virtualized datacentres

California's governor Jerry Brown has signed off on a bill that requires any manufacturer selling smartphones in the Golden State to install a kill switch capable of bricking the handset.

Bill SB 962 has been signed into law, mandating all smartphones sold in California to have software in place to brick stolen handsets. The law applies to all handsets sold after July 1, 2015 but is not applicable to handsets produced after January 1, 2015 that aren't capable of running the remote-death code [How intensive can this code really be? – ed]

According to the bill, the kill switch software must "be able to withstand a hard reset or operating system downgrade, come preequipped, and the default setting of the solution shall be to prompt the consumer to enable the solution during the initial device setup."

California is the second US state to demand kill switches, and the law comes after hard lobbying from San Francisco's District Attorney George Gascón. The DA, and New York State Attorney General Eric Schneiderman, have been pressing for a kill switch as a way to halt the epidemic of phone theft in both cities, and the evidence is that such a system could cut crime drastically.

In July the pair released the results of a crime survey showing that after Apple introduced Activation Lock for iOS in September, thefts of iPhones in San Francisco fell by 38 per cent. By contrast, thefts of Samsung devices, which lack the kill switch, rose by 12 per cent.

California's bill is similar to federal legislation requiring a kill switch, which is working its way through the US Senate. But the mobile phone industry has already accepted the inevitable, and will be introducing kill switches next July – but it won’t be turned on by default.

Wireless tech industry body CTIA – which represents Apple, Samsung, Verizon, AT&T, T-Mobile US and others – fought hard against a kill switch, a move Gascón said was an attempt to preserve its sales of lucrative insurance and replacement contracts.

Privacy groups are also concerned about the technology, worrying that while it's useful for thwarting thieves, it may be abused by governments. The riots in Ferguson prompted a lockdown in the city by police, and the area was made a no-fly zone; if mobiles could have been turned off remotely by cops, it looks likely they would have done so.

"Police could use the kill switch to shut down all phones in a situation they unilaterally perceive as presenting an imminent risk of danger," said Jake Laperruque, the Center for Democracy and Technology's fellow on privacy, surveillance, and security.

"It’s not hard to imagine law enforcement putting such a label on a protest: Managers of the [San Francisco] BART subway system shut down cell service in four stations just prior to planned anti-police demonstrations in 2011, claiming the disruptive measure was justified by public safety concerns."

There are also fears hackers will get hold of the kill-switch feature to cause misery for unlucky mobe owners, pretty much along the same lines as the hassle tech hack Mat Honan went through in 2012: a miscreant was able to hijack his iCloud account to remotely erase and lock his iPhone, iPad and MacBook.

In the short term it is expected that the installation of kill switches will help reduce levels of theft after criminals realize they are most likely going to have purloined phones bricked. But in the longer term crime rates are likely to rise again once a way is found to defeat the locking software. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Hey, Scots. Microsoft's Bing thinks you'll vote NO to independence
World's top Google-finding website calls it for the UK
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
OECD lashes out at tax avoiding globocorps' location-flipping antics
You hear that, Amazon, Google, Microsoft et al?
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.