Android Security: 8 Signs Hackers Own Your Smartphone

A week after California State Senator Mark Leno (D-CA) proposed a bill requiring a kill switch for smartphones sold in the state, federal lawmakers have put forward a similar bill.

On Thursday, US Senators Amy Klobuchar (D-MN), Barbara Mikulski (D-MD), Richard Blumenthal (D-CT), and Mazie Hirono (D-HI) introduced national legislation to require a way to disable smartphones remotely. The goal is to deter theft and protect consumers, but this defense against thieves might come with greater vulnerability to hackers, according to a mobile industry trade group.

Certainly, mobile phone theft is a serious problem. Mobile phone thefts account for 30% to 40% of all robberies in major cities nationwide, according to the FCC, and that figure is said to be as high as 50% in markets like San Francisco. According to Consumer Reports, 1.6 million Americans were victimized by smartphone thieves in 2012.

"Cell phone theft has become a big business for thieves looking to cash in on these devices and any valuable information they contain, costing consumers more than $30 billion every year and endangering countless theft victims," Senator Klobuchar said in a statement. "This legislation will help eliminate the incentives for criminals to target smartphones by empowering victims to take steps to keep their information private, protect their identity and finances, and render the phone inoperable to the thieves."

[Smartphones will only become more ubiquitous. Read 1 Billion Smartphones Shipped In 2013.]

The text of the Smartphone Theft Protection Act is not yet available online and a call to Senator Klobuchar's office was not immediately returned.

Law enforcement officials, notably San Francisco district attorney George Gascón and New York State attorney general Eric Schneiderman, have been pushing phone makers to adopt kill switches since last year. But mobile carriers have resisted, according to Gascón, because they make billions annually from selling theft insurance to their subscribers.

The mobile industry says a kill switch requirement could increase the chance of being hacked. The CTIA, a telecom industry group, points out that a kill switch would necessarily be triggered by the remote transmission of a kill message and the technical details involved would be widely known among mobile operators. Inevitably, the group argues, hackers would learn how to send these messages maliciously, thereby shutting down phones permanently -- a kill switch is no good if it's reversible because thieves would presumably be able to use the same recovery tools as theft victims.

"[A kill switch] could be used to disable entire groups of customers, such as Department of Defense, Homeland Security or emergency services/law enforcement," says the CTIA, which has been promoting software tracking and data erasure options for smartphones alongside theft prevention measures and phone insurance.

The urge to create electronic tethers to protect property has moved beyond mobile phones in Europe, where authorities reportedly have been developing a kill switch for cars as a defense against dangerous car chases.

Engage with Oracle president Mark Hurd, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, former Netflix cloud architect Adrian Cockcroft, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.