California passes smartphone "kill switch" law

Smartphone theft has been on the rise. If anyone has ever been a victim of smartphone theft (like the writer of this article), it is devastating. Not only does an individual lose a 400-600 dollar device, their personal data is also at high risk, including credit card information.

As a result, police departments have made several efforts recently to combat the crime (or at least have attempted to do so). Neowin recently covered the attempt by UK police to require passwords on all devices. In addition, we also covered San Francisco's efforts to prevent iPhone theft.

California has now taken an additional step by enacting a new law to require "kill switches" on smartphones. This will apply to all phones manufactured after July 1, 2015. 

The legislation requires that the kill switch be enabled, but users can deactivate it if desired. In addition, the system has to be resistant to operating system installation, meaning that if the phone is wiped, the kill switch will remain. The law also specifies that police should have access to the system when they present a court order, or in emergency situations, which already exists as a police power under California law.

Each manufacturer retains the ability to design their own system and how data is handled when the kill switch is activated.  One manufacturer already has a feature enabled across their devices: Apple. The feature is known as Activation Lock, and it was introduced in iOS 7. It meets the requirements of the law, with one exception: It is not enabled by default. The new law however, probably means that Apple will change that soon. It is also anticipated that rather than make a version of phones for California and then just the rest of the world, companies like Apple will just update all phones, even ones sold outside of California.

Source: PCWorld

Report a problem with article
Previous Story

TechSpot: MSI GS70 Stealth Pro Gaming Notebook Review

Next Story

Microsoft hosting Open House event for upcoming ID@XBOX games

16 Comments

Please Login or Sign Up to post a comment.

I thought this was a good idea until I read this:

The law also specifies that police should have access to the system when they present a court order, or in emergency situations, which already exists as a police power under California law.

Sounds like a way to make it easier for authorities to get into your phone, all under the guise of a theft deterrent. Brilliant.

We don't have the details yet. It doesn't say that the police should have access to data on the phone, it just says that they should have access to "the system," which we can assume means the kill switch. I assume what this means is that you could turn in a police report and the police could activate the kill switch for you, even if you don't have your account information.

The police are allowed access into phones in emergency situations? I'd sooner smash my phone than let that happen.

Does anyone else feel as though forcing manufactures to implement features such as this might be an abuse of power?

I have been noticing more and more lately that neowin has been very late in posting news. Take this story for example. Other places have had this article for 1-2 days already:

http://www.usatoday.com/story/tech/2014/08/26/kill-switch-iphone-california-governor-brown-law/14606651/

http://www.cnet.com/news/calif-governor-signs-smartphone-kill-switch-bill/

http://thenextweb.com/mobile/2014/08/26/california-becomes-first-state-require-mandatory-smartphone-kill-switch/

http://www.engadget.com/2014/08/25/california-kill-switch-becomes-law/

http://www.theverge.com/2014/8/25/6000095/californias-smartphone-kill-switch-bill-now-law

http://recode.net/2014/08/25/california-gov-brown-signs-smartphone-kill-switch-bill-into-law/

What's up with this?

Surely we will find a way to remove this rootkit from our devices.

Now if I could have a way to remotely brick my device that I control directly.....

What a surprise, more worthless "laws" passed in California.
Well, not so worthless to the Police.
The law also specifies that police should have access to the system when they present a court order, or in emergency situations, which already exists as a police power under California law.

The incentive here is to keep the thief from wiping the phone so that Find My Phone will continue to function and the owner/police may be able to recover the phone. Once it is no longer trackable, the Activation Lock comes into play.

On the iPhone, the Activation Lock is only "activated" after a complete erase of all data. It's to deter thieves that steal phones then erase them. Before they are erased, Find my iPhone can be used to locate the device.

Once activated, the lock requires the owner to enter their iCloud credentials (as they were used to encrypt the unlock). Malware cannot do a full erase nor can it change the encrypted unlock.

UXGaurav said,
Wait till this kill switch starts getting used by malware to lock out the device from the owner.

Actually, if implemented correctly, there will be no way to directly interface with the firmware that controls the lock using software. There will be a direct connection between your carrier\law enforcement to the chip, then the chip does its thing more on a hardware level. That's assuming that you don't plan on getting the device back.

TurboAAA said,

Actually, if implemented correctly, there will be no way to directly interface with the firmware that controls the lock using software. There will be a direct connection between your carrier\law enforcement to the chip, then the chip does its thing more on a hardware level. That's assuming that you don't plan on getting the device back.

The carrier is not involved. Neither is law enforcement. It's an end-user feature.

TurboAAA said,

Actually, if implemented correctly, there will be no way to directly interface with the firmware that controls the lock using software. There will be a direct connection between your carrier\law enforcement to the chip, then the chip does its thing more on a hardware level. That's assuming that you don't plan on getting the device back.

Apple did not implement a chip in their design, it is all in software, and as far as I know, no one has found a way to defeat it yet. I suppose someone could recompile the firmware without that feature, but that would be next to impossible considering the source code for iOS is not public.

Activation Lock is enabled by default on iOS 7 if you enable Find my iPhone during initial setup, which is strongly encouraged by the UI.

I don't know if I would agree with "strongly encouraged," it is a simple Yes/No question with no follow-up warning if you press no. Also, it requires the user to have an Apple ID, which if the user chooses to skip the Apple ID, they are never even asked about find my iPhone/iPad.