Kill-switch for mobile phones could save US consumers $2.6B per year, says report

library
crime | hacking | security

US consumers could save $2.6 billion! (£1.56 billion!) that they’re currently spending to replace stolen phones and to insure the irresistible, pocket-sized thief magnets, says a new report (PDF).

As it is, the country’s law enforcers and politicians have been putting the thumbscrews to cellular carriers to get them to make kill switch technology standard on all phones shipped in the US.

A kill switch is remote-control technology that bricks a phone after it’s stolen.

The political push to make kill switches mandatory is being headed up by California Senator Mark Leno and San Francisco District Attorney George Gascón, who are facing a wave of increasingly violent street crime in which phone theft acts as the catalyst.

A coalition of politicians and law enforcers called Secure Our Smartphones says that in 2012, 1.6 million Americans were victimized for their mobile phones, while 50% of the robberies in San Francisco involved a stolen mobile device. Other cities report similar statistics.

The Californian politicians believe, as do law enforcement officials, that phones will be worthless to thieves if making the devices inoperable after they’re stolen becomes a simple, routine procedure.

The report, released on Sunday by Creighton University, in Nebraska, shows that consumers are gung-ho about the idea of a mandatory kill switch.

To analyze what consumers are spending to protect and replace their phones and to gauge their attitude about a kill switch, Creighton University professor and consumer advocate William Duckworth surveyed 1,200 smartphone owners.

According to Duckworth, his findings show that consumers not only support a free kill switch on all phones; they actually expect it:

My research suggests that at least half of smartphone owners would in fact reduce their insurance coverage if the Kill Switch reduced the prevalence of cell phone theft. Overall, it seems clear that Americans want the Kill Switch and that an industry-wide implementation of the technology could significantly improve public safety and save consumers billions of dollars a year.

The report’s findings about our gung-ho-edness:

99% of smartphone owners feel wireless carriers should give all consumers the option to disable a cell phone if it is stolen.
83% of smartphone owners believe that a Kill Switch would reduce cell phone theft.
93% of smartphone owners believe that Americans should not be expected to pay extra fees for the ability to disable a stolen phone.

This is where consumers’ money is going, according to the report:

We’re spending an estimated $580 million per year replacing stolen phones.
Another $4.8 billion per year is being spent on premium cell phone coverage from wireless carriers.

Duckworth said that his research suggests at least half would make the switch to cheaper insurance plans that don’t cover theft, for some $2 billion in savings.

Given that stolen phones lose their resale value if they’ve been bricked, most of the $580 million spent on replacing stolen phones would be saved, Duckworth proposes.

The CTIA, a Washington-based lobbying group that represents the telecom industry, begs to differ and offers a host of reasons why a kill switch isn’t the answer (PDF).

“Serious risks” the CTIA sees in a mandatory kill switch include the fact that the requisite “kill” message would have to be known to every operator and therefore couldn’t be kept secret.

That would present the opportunity for cybercrooks to forge an SMS to send to a phone and maliciously brick it.

Scale it up, and crooks could disable entire groups of customers, the CTIA suggests, including, for example, the Department of Defense, Homeland Security, police or emergency services.

IT World points out that as an alternative to a kill switch, the CTIA’s been pushing a database that blocks stolen phones from being reactivated by new subscribers.

But as the industry group has acknowledged, the database is limited in scope to just a handful of countries, meaning that if somebody steals a phone and takes it to a country that’s not covered, the reactivation-blocking database is useless.

Short of a kill switch, there are ways to locate, lock and/or erase a wireless gadget if it gets lost or stolen.

The CTIA has listings for security remote-command apps for Android, Blackberry, iOS (Apple), Symbian and Windows.

Apple, for its part, introduced an activation lock in its iOS 7 mobile operating system.

Apple previously had a Find My iPhone feature, but the new activation lock takes it a step further by not only tracking the lost phone but also enabling users to remotely wipe it.

This approach isn’t as drastic as bricking it forever and ever, given that a locked iPhone can still display messages if the true owner lucks out and his or her device falls into the hands of a reputable person.

Of course, I would be remiss if I didn’t mention that Sophos has a free Mobile Security app for Android that offers a bunch of remote commands you can send to your phone: Wipe, Lock, Alarm, Locate, Reset passcode, and Message to finder. It also reports the device’s location before the battery runs out, and it provides notification if the SIM card is replaced.