Who should be responsible for developing smartphone kill switches?
From government officials to federal prosecutors, people are calling for mobile device manufacturers to install "kill switches" on all new handsets before they go to market. The idea is to discourage theft by rendering a stolen device permanently useless if it suddenly parts ways with its rightful owner. The phones would also be equipped with a tracking device to help locate the thief and could only be resurrected if and when it finds its way back home.
It's a noble plan, but InformationWeek's Mathew J. Schwartz says it may create more problems than it solves. He says managing the logistics and implementation of mandatory kill switches is a complicated affair and, even with the best intentions, he's concerned that handset manufacturers are just not up to the job.
"[Can] many smartphone manufacturers be relied on to build a kill switch that's good enough to enable devices to be recovered, yet tough enough to withstand hack attacks?" asks Schwartz. "Consider the Android add-on software and skins added by so many handset manufacturers to their devices. Bloatware is the charitable word for such software, which too often poses a security risk because add-ons can introduce entirely new, exploitable vulnerabilities."
Schwartz acknowledges there are plenty of apps on the market that help users wipe their devices remotely, but there's no good way to locate a device once it's been stolen. Persistent tracking technology exists as well, but its availability is limited to a vanishingly small number of devices with the necessary software already built into the firmware.
Schwartz says there's a better option than asking handset manufacturers to build their own recovery tools. "[They] can tap third-party software vendors and recovery services. Given many handset manufacturers' previous, poor track record when it comes to developing their Android add-ons, let's hope that--with the possible exception of Apple and Google, which excel at building their own software--manufacturers tap a third-party information security specialist."