Bricks of Silver: Hacking Smartphone Theft
Whether your smartphone is white, black or gold, it is now almost 30 times more valuable per ounce than a block of solid silver — and almost as easy to convert discreetly into cash. Is it any wonder that one in three robberies nationwide involve a smartphone? The car stereo theft epidemic of the ’90s offers some lessons for a solution: Change the value, or the ease with which thieves can liquidate that value, and make the stolen phone both easier to find and riskier to handle.
As a hacker, I solve problems with technology; often that means reshaping the technology I work with, endowing it with new capabilities to serve my needs. We will hack smartphone theft by hacking our smartphones.
Many of us have recently heard or seen the term “kill switch” floating around in the media. The concept of a kill switch can be interpreted in several different technical ways, each of which has its own advantages and disadvantages, but all of which attack the economy of smartphone theft. Outlined below are a series of technical solutions, and the role each could play in hacking the stolen-phone black market.
Activation locks rely on a design that forces a smartphone owner to register with the manufacturer’s servers to activate its features. These servers track whom a phone belongs to, and keep a record of its basic security settings, so every time a device gets wiped clean or is reinstalled, they can reinstate the security locks and ownership rights the next time it’s activated. In the case of Apple’s activation lock, they also reinstate “Find My iPhone,” allowing the stolen device to be tracked if it connects to a wireless network or has an active SIM installed.
While this is a good approach, it does have its weaknesses. First, you only discover that a phone is “locked” through the reactivation process, as that is typically when a wiped device starts to talk to the appropriate servers again. This is not something a person buying a secondhand phone is likely to discover until long after the transaction, so the thief still has plenty of opportunity to sell the stolen device. Second, as in the case of Apple’s implementation, it depends on the user subscribing to “Find My iPhone.” Without it, your phone remains unprotected.
Persistent security software
Some manufacturers have announced that anti-theft tracking software will be installed as part of the phone’s operating system, with the idea that even if the device is wiped, this tracking software will remain installed. By making security software increasingly difficult for criminals to remove, we protect users and make it easier for the stolen phones to be found, and therefore riskier to sell. While this kind of implementation makes the software harder to remove, it is not impossible. This approach should be combined with other security features for maximum effect.
Software or hardware to remotely “brick” a phone
In this case, a “self-destruct” capability is built into the phone. Once the phone is stolen, this feature is activated, rendering the phone useless, like a brick. Rather than “Mission Impossible”-style exploding phones, this kind of feature usually relies on microscopic fuses that are embedded in the processors, or software that irretrievably scrambles the device’s firmware. A bricked phone is the most dramatic approach that people think of when someone mentions a kill switch. It is also the hardest approach to get right. There are two big challenges with this approach:
- It is very hard to break hardware in a way that can’t be repaired, since the industry is getting better at fixing things all the time, even at a microscopic level.
- It will be hard to adequately secure this type of feature. The ability to kill large numbers of phones in an area, or even a country, would be attractive to everyone from mischievous “black hat” hackers to organized criminals, and even terrorists.
There is never going to be a single silver bullet that stops smartphone crime. The most effective approach to a kill switch will use a number of locking, disabling and tracking technologies in combination, so that their strengths are magnified and their weaknesses are mitigated. The ideal approach will ensure that every time a device is wiped or reinstalled, it automatically authenticates with manufacturer or operator servers to reestablish the correct security software and settings. Once reactivated, this software protects the device while advertising its true ownership, which kills the opportunity for the thief to cash in on his crime. Meanwhile, the device should silently begin to call for help by transmitting its location to the authorities even after the SIM card has been removed.
A robust, holistic approach such as this would represent a direct attack against the economy of smartphone theft: Instead of being a valuable commodity, a stolen smartphone would become a liability for whoever handles it — a digital whistleblower more likely to get a thief arrested than compensated.
Marc Rogers, principal security researcher at Lookout, has worked in the security industry for almost 20 years, including a decade managing security in the operator Vodafone PLC. A “security evangelist,” he helped put together the award-winning BBC series “The Real Hustle.” He is also head of security at Def Con, the world’s largest hacker conference.