Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

The Smartphone “Kill Switch” Law – What Does It Mean For You?

I recently spoke to a reporter preparing a story on California’s new smartphone “Kill Switch” law. This law requires mobile devices sold in California starting July 1, 2015 to include an opt-in feature allowing consumers to remotely render a device useless in case of theft. While I support this, some don’t.

I recently spoke to a reporter preparing a story on California’s new smartphone “Kill Switch” law. This law requires mobile devices sold in California starting July 1, 2015 to include an opt-in feature allowing consumers to remotely render a device useless in case of theft. While I support this, some don’t.

Some industry experts believe this feature will allow oppressive governments to shut down cellular service or open up new channels for hackers to attack phones thus posing a consumer safety issue. However, I believe the opposite is true–this law will result in more positive outcomes than negative. If nothing else, it’s a great start.

Mobile Kill SwitchThe smartphone kill switch actually has the potential to protect consumers from harm, both financial and physical. Yes, this will make people PHYSICALLY safer. In the security industry, we talk about ominous hackers in ski masks working in a dark room with only the glow of their screens, breaking into a system somewhere in the world and causing harm or even death to someone. Airplanes, manufacturing systems and cars are all perfect examples. We ask industries and developers to implement proper security to protect people from physical harm. For instance, a group of students from Zhejiang University were able to hack a Tesla Model S, while the car was being driven. The students were able to open the doors, honk the horn and turn on the headlights, ultimately putting them in control of the vehicle and the driver in danger. We in the “biz” live for the chance to show that our work can harm someone thus making it literally life or death to patch a system or application. We are now, finally, getting what we have asked for: a way to truly protect people physical harm through digital controls.  At its inception, the Kill Switch will make people physically safer by reducing the number of muggings and physical attacks motivated by mobile phone theft.

Mass adoption of the kill switch law will reduce the financial benefit of device theft, as most smartphones will not be resalable. As we’ve seen a rise in adoption of smartphones, there was also a 24 percent increase in cell phone theft in 2013 in San Francisco alone. With implementation of the kill switch law, we can expect this number to decrease, saving consumers money.

We have long asked for a solution to this issue, and with the kill switch we have finally been given one. Is it perfect? Will it put an end to the smartphone theft? Probably not but it will greatly reduce the number of thefts and physical violence. However, one could also ask if the seat belt, the implementation of the Federal Reserve, or PCI DSS were perfect solutions and the answer would also be no. However, all helped move us in the right direction even if they required various iterations and in some cases additional features, such as the airbag. In the end, this is a net win for consumers.

There is an argument that the kill switch would give governments too much power, which they could use to oppress their citizens. As we’ve seen before, governments already have the ability to shut down cell phone service and target individual devices (or groups of devices). The kill switch would not change this. In reality, targeting a group of people by disrupting their individual phones via the Kill Switch makes no sense. The government would have no plausible deniability where as an “overloaded cellular tower” or “network outage” can’t always be proven to be malicious.  Remember, legal systems are based on proof, not on what “we all know.”

The technology already exists to intercept communication, jam communication,  block devices from mobile networks for individual users or smaller groups.

At the end of the day, the kill switch will not only decrease the amount of people mugged for their phones because there is little net value in the device itself, but it will also provide individuals with the means to wipe the device of personal information, which in a pre-kill switch world, hasn’t always been possible. Once again, we have to realize that it’s really about encrypting and protecting the data on the potentially stolen device. With the kill switch law in place, your personal data on your mobile device can’t be accessed. As a BYOD employee, if your device were stolen, you wouldn’t want your confidential corporate data or personal information accessed. The kill switch law allows you to keep that information safe.

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...