Cellular security

T-Mobile quietly upgrades 2G network security

We teach you

How Microsoft Account two-step verification works

Here we go again

Dropbox accounts hacked, service not to blame for leak

Hypothetical threat watch

New malware exploits USB, but isn't really that scary

Microsoft News

Microsoft issues security advisory affecting all versions of Windows, Windows Phone

General News

UK government set to rush through emergency surveillance legislation

General News

UK officials follow US counterparts by banning electronics that have no charge from boarding flights

Microsoft News

Microsoft restores control of seized domains to No-IP

Windows Apps

1Password for Windows gets much needed 4.0 update

Editorials

Using strong passwords and keeping your online self secure

Windows Phone Apps

Secure your passwords and critical information with Enpass Password Manager

General News

Bitly alerts users of widespread account compromises, claims no accounts have been accessed

Windows Phone Apps

John McAfee's Chadder aims to keep your messages private, lands on Windows Phone before iOS

Windows

Microsoft issues security patch for Internet Explorer

Microsoft News

Microsoft issues warning about limited, targeted attack vulnerability in Internet Explorer

How To

Get secure by encrypting your PC with Microsoft BitLocker for Windows 8 Pro

Microsoft News

Microsoft Store giving away $100 credit; simply trade up your Windows XP dinosaur (US and Canada Only)

Microsoft News

Microsoft says it's really time to dump Windows XP thru this clever infograph

Editorials

So, you want to adopt BYOD?

Microsoft News

From a Bill Gates memo to an industry practice: The story of Security Development Lifecycle

< >
83

First smartphone 'kill switch' bill in the US passed by… Minnesota

Security Phone

The Governor of Minnesota signed a new bill into law that prohibits the sale of any smartphone without anti-theft software pre-installed. The idea is to deter criminals from stealing handsets in the first place by allowing users to remotely disable and wipe a phone's data, rendering it useless. If a stolen phone is remotely disabled, there wouldn't be any monetary incentive left in the endeavour.

While the legislation does not mention the exact nature of anti-theft measures that need to be installed, it does state that all devices need to be "equipped with preloaded anti-theft functionality or be capable of downloading that functionality." Similar bills are underway in California, New York and Illinois. At the federal level, a Smartphone Theft Prevention Act bill was introduced in February, but it is still in committee.

In addition to anti-theft measures, the Minnesota legislature also states that second hand mobile devices cannot be paid for in cash, and that stores purchasing second hand devices will have to pay sellers by check, store credit or electronic transfer. Retailers as well as used phone vendors will have to keep records of all second hand device related transactions.

While individual states are taking matters into their own hands by introducing such laws, carriers and manufacturers are also undertaking measures to deter smartphone theft. Samsung, Google, Apple, and Microsoft have announced that they're committing to a CTIA "Smartphone Anti-Theft Voluntary Commitment," through which they'll be launching anti-theft tools that will allow users to remotely disable their devices.

The measures will be included in all handsets launched by these brands starting next year. In addition to handset manufacturers, all four major US carriers have also registered their interest in bringing anti-theft measures to consumers.

Source: The Governor of Minnesota's Office

1
loading...
0
loading...
0
loading...
0
loading...

Reader comments

First smartphone 'kill switch' bill in the US passed by… Minnesota

83 Comments

Okay good. So it's not the companies like AT&T doing the kill switch? Just the user? I heard it was the service providers...

So if I buy a used phone from, say, Craigslist how am I supposed to pay for it electronically? Nobody is going to want to accept a check.

I think the law only applies to second hand shops -- not individuals. i.e. You can sell your own smartphone on Craigslist for cash.

You really need to be worried about if you do get a phone from off there that it is not stolen. You would definitely be in shits crete.

Just what we need, more regulation. Let the market decide, if people want this they can buy models with it. I personally like the idea of having it as long as there are guidelines to prevent misuse. Plus there is no way it would work on a device in airplane mode.

The market has failed, putting its own interests ahead of the public good as usual.  Smartphone theft is a hugely popular and almost entirely avoidable crime.  This is the classic impetus for regulation.  Unfortunately regulation inevitably fails as well, but there may actually be a reasonable solution someday.  Making a smartphone useless on any cellular network should be as simple and commonplace as cancelling a stolen credit card.

Agreed, although a lot of cars do have it built in now with the Key. Where if you don't start with the actual key, it will disabled the car. My '99 Prelude has a chip in the key that does just that. So if a theif stole the car (not using my key) the computer will kill the car just a few miles down the road.

But I agree, remote disabling car would be great. However, I think there may be a safety issue with that. What if the person is driving on the high way and you suddenly disable the vehicle? People around the car could be injured or killed from a resulting accident.

Car engine immobilizers are pretty different from preventing a stolen phone from being used on cellular networks, I think.  As for the safety of remote disabling of cars, it could be done in a reasonably safe way.  Just turn on the emergency flashers and gradually ramp down the ability to accelerate until the car becomes incapable of exceeding a very low speed.  I had this happen to me on the highway once (due to a hose that had come off) and it was no big deal.  People have breakdowns on the highway all the time and other drivers need to be prepared for that.  Of course you could also limit the immobilization to when the car is turned off too, unless triggered by the cops who have the vehicle in sight, or all kinds of other possibilities.

Unlike cell phones and credit cards, cars are not inherently dependent on a centrally controlled network, nor do they have the same kind of customer/service provider relationship.

thats something the comsumer decides to put into the car, i have a bmw which has an anti theft and tilt alarm buildt in already with a tracker that can be traced. if i wanted i could pay 700$+ for bmw to hook up the rest of the alarm that will blair if anyone touches it while its locked but its not worth it really.

alot of new cars not all because they still make a basic with nothing on it, are going with this option of a standard alarm and options if the consumer want's, it can be installed since they will already have the pre wires set up. to set one up in an older model is not only expensive but not worth it on a car that you'll trade out in a year or two for something bigger or smaller and for a lesser value because its older with more than enough miles.

while a killswitch will be nice their making alot of other options to keep thevies away. while mine was in the shop we got 2014 loaner that did not have a standard ignition but had a sensor for when the key was near in the car, if the car was on but the key was not in the car it would alert you and would not shift gears if you wanted to move it. 

their slowly make it a harder option for cars to be stolen it just not all the way there yet. baby steps first phone, and soon hopefully work the way up to cars. right now remote killswitch may be a safety hazard espeically in more populated area's where its normal for barely leagal driving teenagers to still cars. 

I don't think the market has failed. If people demanded phones with kill-switches, than they should not have been buying phones without them. Even if it left them with no choice, they still fed the machine. They can have passwords or touch-ID to help prevent theft. But even after this regulation, I'm willing to bet it will only be a matter of time until someone finds out how to get around it. I like the idea, but I'm opposed to government regulation because most of the time, it does nothing to solve the problem. It only happens because the politicians need to show their constituents they are working for them, even if their solution does nothing to deter the problem.

 

Garrett,

You are correct, some will just find a way to hack it, the thugs will knock you in the head and take your phone anyway. If it's useless to them they'll just toss it. Just more touchy feel good GOVT Regulation which are useless and burdensome.

Its an absolute miracle that I have a "kill switch" on mine without a government requirement yet! Sure dodged a bullet there! The more big brother can step in to dictate the terms of my voluntary market transactions to protect me from my dumb self the better!

Good.
Keeping records of second-hand phones' transactions is a good idea ... Its mandatory to all stores here in Saudi Arabia.

I've only read your paraphrasing but it sounds like the act of two people trading a phone for money is illegal now, which is a HUGE government over reach.

I'll never understand why people can't read properly. The article clearly stated that this is related to stores only. They cannot pay people in cash anymore for a second hand phone, only by tracable means, like checks and EFT. If you want to buy a phone from someone personally off Craigslist, then go right ahead.

Calm down there Mr. judgy.
It says "second hand phones cannot be purchased with cash", then goes on to talk about stores purchasing.
You need to read more carefully. The way this article is written definitely does not eliminate the idea that individuals will have to pay each other by check, and given the almost police state nature of our government, someone in power could easily choose to enforce the law this way.

yeah, more better than taht would be self destruction after 2 years or 1 ?

Wipe the device ist ok, lock it also, but really KILL IT so it is useless for everyone!? wtf ...

One Hack or leak and everyone can wipe the Smartphone from everyone.

Or when you dont pay you bill, AT&T kills your deivce for "fun" because you don't paid it.

No way this ist good. And i know Apple does have this already, when you dont remove the divice from your "device list online" it is without jailbreak useless, because the IMEI cant activate a second time at Apple

(Sorry iam from Germany ;) )

 

I'm curious how it's Constitutional to deny someone the right to buy something in US cash currency.  Cash is king!  Not everyone has a bank account.

They don't.

The bill meant that the Second Hand Store can only pay the seller (possible thief) using trackable transaction. If the phone is later found to be a stolen item, they can track where the money went, which will hopefully lead to the thief.

Store can still sell the 2nd hand phone to consumer using hard cash.

Trading phone between friends are not regulated, after all the volume is small and occasional, unlike a store's business activity.

Yep. As does Samsung and Apple phones. I dare say a lot of other Android OEM's have this also. Heck, even Symbian phones could have this via an application.

Useless idea if you ask me. The very first thing a thief will do is to remove the SIM card. He will then ship the phone to a foreign country along with the numerous other phones he has stolen to sell on the black market. This idea will not deter the professional, organised smartphone thief.

IMEI blacklisting has no relation to a SIM card being removed or the user's personal info being remotely removed. This may not be a fool-proof deterrent, but a step in the right direction for those manufacturers that (unlike Windows Phone, Apple, Samsung) do not provide any security measures what-so-ever.

I would say that's one out of ten.   Same can be said for anything, not just phones.  But there has to be a first step for everything.

I'm not saying this is a good, or a bad law, just saying that at least it's an idea and they are doing something about it.

True, and format the phone to factory setting.

Kill switches now works assuming that the thief wants the top secret corporate data in the phone so the thief will attempt to connect to the private network and steal data from the phone. Lock and wipe thus works because eventually the thief will have to connect. 
But most thieves don't want the data, they just want the hardware.

Am I missing something? Windows phone already has the ability to lock and wipe data remotely via the windows phone website.

No good can come from this, bureaucrats shouldn't be in charge of software, they are unqualified to say the least. If a company wants to do this like Microsoft or crapple, then fine. Get the gov out of my phone!

For bb i remember seeing a lojack licensened service you could add aftermarket but not as affective as lojack for laptops & the os has an option i think where if turned on the sim card it boots with has to match the one used during setup of said feature aside from bes'es remote wipe lock

Stupid, all we need is more legislation. Next to California and Chicago, Minnesota is progressive liberal hell. I know, I live there. :)

This will increase theft. For example the thieves know that only some people will actually remote disable the phone and one the phones that are not disables they will go into the phone and turn off the remote disable with a hack or options. So to make up for the few that do get disabled they will steal more. And I'm sure the local fence will track all the cash sales.

but, people with contracts or their only phone will call their carrier to get a replacement phone, this would have the carrier disable the phone.

So a crook could steal the phone, sell it quick and in a day the phone will be disabled to the new buyer.... Something that protects the consumer.. /g

Waste of tax money. Probably could have given everyone in MN a smartphone and solved the problem that way. People steal stuff, you can't expect to stop that behavior this way.

Yea, but, if you steal a item that you USED to be able to get $300 for, and after this law takes place, it's almost worthless (unless for parts and would need to be techy).

What they are is trying to de-value stolen phones and in that case, it COULD work...

It's a good idea and Tax money ? Yea, if you only knew what other crap that they waste money on, I would rather have them do something that would help the consumer than the everyone in town hall taking a limo to get lunch...

Yea, this could be a good thing but, there are some flaws to this....

1. Parts of the phones are almost worth 1/2 more the price of the phone. Steal a new iPhone 5s (for example) a replacement screen with display is somewhere around $200-250, never mind labor, a theif could charge someone with a damaged display $200 installed, make fair money and this law would be worthless. There are many other phones where just the display, if not the case is worth more than that.

2. How will used phone sales go ? Some jerk sells his used phone to buy another one, gets drunk one night, goes online and disables his old phone, someone is screwed. There will have to be something in place to transfer the phone to another user.

Good start tho, it has some flaws but, in the long run, the minor theifs looking to just steal and get quick cash could avoid phones due to not getting the value they used to.

A CEX store in the UK (sells second hand mobiles) has recently stated it will be having a Bitcoin only day as an experiment. Perhaps that's the way it will go?

Ok, what am I missing here?

I thought iOS, WP8, BB, and Android already had remote lock and wipe capabilities built in. You can login to your account online and lock or wipe your phone.

So why do we need another app installed to do the same thing?

You can wipe your phone but you can't prevent someone else from resetting it and using it anyway (at least on WP). The plan would be to somehow prevent anyone from resetting it and using it without your authorization, making it less valuable to thieves.

Every smart phone has anti theft measures. This shouldn't be the subject of legislation. Everytime they pass a law we lose a little more freedom. IMEIs and ESN are already a huge security measure. Phone sales, especially second hand phone sales, don't need to be regulated. All this bill does is give the carriers more power to trap people in contracts...

Thank goodness the government is here to save the day!  Otherwise, the market would never think to develop a kill switch.....oh, wait....nevermind.

Dang, all this time I thought that it was already illegal for someone to steal someone else's property.

I'm so glad the goverment is looking out for me.

I hope that they apply the same thing to my house. It should be illegal for someone to come into my house and steal something. They need to come up with a law for that too. Maybe something along the lines of "If you break into someone's house, you will be caught, put and trial and if found guilty, you will go to jail."

Now, that would be progress.

This is crap. I know it's all "best-intentions" right now, but that little provision about no-cash transactions is going to spread to other things and soon (5-10 years) non-traceable transactions will be completely outlawed.

More short term, this will probably give manufacturers an excuse to increase prices, even if they were already implementing stuff like this. Hopefully, this turns out to be cynicism and not reality, though.