California Mandates Smartphone Kill Switch

Posted by Sam Churchill on

California Governor Jerry Brown signed a law that will mandate all smartphones to come with a kill switch by July 2015. Kill switch software allows consumers to disable a phone after the device has been reported stolen and reactivate it only with a correct password or personal identification number.

The bill, introduced by State Senator Mark Leno, would be the strongest attempt yet by a U.S. state to fight smartphone theft, which accounts for more than half of crimes in several of the state’s largest cities.

Lawmakers believe that allowing smartphones owners to render their device unusable after it is stolen will reduce the appeal to thieves, who won’t be able to use or sell them.

If triggered by an authorized user, the kill switch will lock a handset and essentially make it useless. The feature must be installed and activated in new smartphones, but users will be able to deactivate it if they desire, and it must be resistant to attempts to reinstall the operating system.

The law doesn’t specify how the system locks the phone, nor what happens to the data on the phone when it’s locked. Each manufacturer can come up with their own system. It gives police the ability to cut off phone service in certain situations and typically requires a court order.

Minnesota enacted a similar law earlier this year, and the CTIA Wireless Association said all carriers will support kill switches by July 2015. The wireless industry removed its opposition to the bill after legislators agreed to postpone its effective date until July of 2015.

Apple already added a kill switch, called Activation lock, and Google and Microsoft are working on similar tools for Android and Windows Phone.

The four major U.S. wireless carriers (AT&T Mobility, Sprint, T-Mobile and Verizon Wireless), had already begun to implement a comprehensive stolen-phone blacklist.

The IMEI number (International Mobile Station Equipment Identity) is used by a GSM network to identify valid devices and can be used for stopping a stolen phone from accessing that network. The IMEI number is only used for identifying the device and has no permanent relation to the subscriber. The subscriber is identified by transmission of an IMSI number (International Mobile Subscriber Identity), which is stored on a SIM card that can (in theory) be transferred to any handset.

If a mobile phone is stolen, the owner can call their network provider and instruct them to “blacklist” the phone using its IMEI number. This renders the phone useless whether or not the phone’s SIM is changed.

But thieves can change a stolen phone’s IMEI number so that it won’t be recognized as a stolen device, or can ship it overseas where the blacklist has no bite.

Posted by Sam Churchill on Tuesday, August 26th, 2014 at 6:41 am .

Leave a Reply