Friday, December 20, 2013

The Cryptographic Virus and the Cell Phone Kill Switch

I don't have a lot of time for this today, and I'm not an IT professional so I'll keep this as short as possible to reduce my risk of any foot-in-mouth disorder.

First there was a New York DA calling for a remote cell phone kill switch, in order to prevent phone thefts.  Now some people in California have announced plans to introduce legislation requiring it.  This is a terrible, horrible, no good, very bad idea.  Fuck the cuteness, this is just a really, really awful idea.

This post could just as easily be called "No Good Deed Goes Unpunished and the Law of Intended Consequences".  It also, once again, calls into question how beneficial it is to have lawmakers with no basic understanding of technology constantly trying to "fix it" with legislation.

I was recently surprised by learning a new thing that malicious software can do, and it immediately sprung to mind when I heard of this kill switch idea.  I was working a temp job in an office I do a lot of work for.  My second day there (on a week-long job) everybody was off of their computers, standing around.  Their server was slowly encrypting all their files, and the key was unknown.  The IT serviceman had already been called in, and he'd tracked it down to a virus that seemed to have gained access through a browser mis-click.

I wondered aloud why someone would go to all this trouble writing a virus for a stupid prank, encrypting some stranger's hard drive.  The IT guy said it wasn't a prank, and then he reasoned it out for me.  Your computer gets a virus that uses Window's encryption service to encrypt all your files with a key you don't know.  Then the virus would create a pop-up giving you instructions to wire money to an account in order to get the key to unlock them.  By this point he had found and removed the virus, and he was in the process of restoring the files from a backup.

Now I want to note is this isn't an individual's personal computer, this is an office network.  It's a small office, but they have a lot of security oriented software and hardware.  Like in any corporate office, the network blocks certain outside web addresses that have been found to be malicious, and I'm sure that extensive blacklist is updated weekly if not daily.  It won't let you download from certain sites.  This is standard for a business, but I want people to consider that this place has more than just the standard anti-virus program that most of us have, and it still got hit.

This is an example of using something designed for personal security, a built-in encryption service, being used by malicious software to hold data hostage.  It's very clever, I think, though very despicable.

Now think for a moment, if something as seemingly harmless as that Windows service can be used to hold a device hostage, how much easier would it be to use a remote kill-switch for a cell phone to hold it hostage?

I'm going to make one big assumption here, and that is:

The kill-switch will probably to be able to be reversed.  Either by the carrier or the manufacturer's authorization.  I don't know if it could be done wirelessly over-the-air or if it would have to be plugged into a computer or a specialized device, but it would be a nightmare if reversing it wasn't possible.  Keep in mind that people are going to lose their phone behind their couches, hit the kill switch thinking it was stolen, then find it the next day.  They would be furious if they couldn't reverse it.  Same with people whose stolen phones are later recovered by the police.  If it's not reversible, you're not saving anybody any money.

My personal guess is that this kill switch will "brick" the phone, while still allowing it to enter download mode, where it will need a special file or key to be re-activated.  There could be one universal key, different keys for different phones, or keys that need to be tailored to the kill code they've been sent.  Guess what?  There'll be a way for hackers to get around any one of these options, because that's how technology is.  Manufacturers are always going to have a way to get themselves in, and it's only a matter of time before someone else figures it out.

Look at SIM locking, used to prevent customers who are under contract from taking their phone to another carrier until the phone is paid off.  There are websites where you can buy unlock codes, and some phones can even be SIM-unlocked with apps.  There are plenty of enterprise devices that were designed not to be tampered with in any way that eventually had rooting methods found (the first, Android, Thinkpad Tablet comes to mind).

The people pushing this legislation think it will be a deterrent against future phone robberies.  Via the linked article in the second paragraph:  "Almost 1 in 3 U.S. robberies involve phone theft, according to the Federal Communications Commission.".  One in three.  I would assume that phone and car robberies wouldn't often involve phone theft, unless someone left their phones in there.  I'm assuming most phone theft is either from someone lifting one that's been set out on a table or counter, and muggings.

In the case of lifting, if you're the type of person to take a phone that's sitting in the open, are you going to stop and think, "This phone might have a kill switch." and leave it?  No, if it's for fun you won't care, you'll just throw it away once it's been disabled, and if its to sell then you'll have to increase your number of lifts in order to make up for the ones you won't be able to sell---though again, I seriously doubt this kill switch will prevent hackers from re-activating the device once it's in their hands.

If it's in the case of mugging, is there any instance, kill switch or no, where a mugger wouldn't take your cell phone, if only to prevent you from calling the cops?

But in addition to these thefts, you're now going to see malicious software targeting Android that triggers the kill switch, either because it's some kid doing it as a laugh or it's an attempt to try to hold your hardware hostage for money.  I realize that as I write this I sound just as scare-mongering as the other side is.  I don't mean to be.

I hate the idea of a physical kill switch in phones, and unless it's shown to be easily (and permanently) disabled I doubt I'll buy a phone that has one.  I don't think it will reduce the rate of thefts, and in fact it could decrease the stability and security of our phones.


Note 1:  If the kill switch isn't reversible then there is literally no benefit to the consumer.  They'll still have to buy another cell phone to replace a stolen one, and the only benefit is there'll probably be less burden on the police to search after stolen phones, as they're all useless hunks of glass and plastic by that point anyway.

Note 2:  Also, because I'm a cynic and because I've grown up in this country (the US) I have to assume that once this switch is in, the government will have access to it.  I can see legitimate legal uses for it, cutting off a drug runner's phone before you pull him over so he can't quickly send a warning text, I don't know, something like that.  But since the Swat team can't even consistently get physical addresses right, I have to assume there'll be a lot of phones getting accidentally shut down because some police tech doesn't know the difference between IPv4 and IPv6.  (Disclaimer, I don't know the difference between IPv4 and IPv6).

No comments:

Post a Comment