back to article Crusading lawmen want more details on Apple's iOS 7 'Activation Lock'

The New York State attorney general and San Francisco district attorney are in a wait-and-see mode as to whether Apple's "Activation Lock" theft-deterrent feature in iOS 7 will satisfy their call for smartphone manufacturers to make their devices less attractive to thieves. "We are appreciative of the gesture made by Apple to …

COMMENTS

This topic is closed for new posts.
  1. LinkOfHyrule

    "Apple picking"

    Or scrumping as we call it over here in blighty!

  2. Alan Denman

    A useful feature with fee creep !

    Obviously like the £40 unlock and all those fanciful £40 cables etc fee creep will mean misplaced phones will eventually get to have a £40+ enable fee.

  3. Patrick 17

    Can't the thief just check the phone user's email address in the mail app then go to the apple website and use the forgotten password function to reset it?

    There are websites offering to change the iPhone IMEI for a fee, I suspect this lock thing will be ineffective against a phone plugged into a laptop and overwritten with a jailbreak.

    1. FrankAlphaXII

      >>I suspect this lock thing will be ineffective against a phone plugged into a laptop and overwritten with a jailbreak

      Which will allow Apple to treat all jailbreakers as criminals. Its a win-win for them.

      1. Anonymous Coward
        Anonymous Coward

        You are assuming that this will be keyed to the IMEI. Given that there are some unique hardware serial numbers embedded in each iPhone, it makes more sense that is what they'd use.

        Even if it isn't perfectly secure, if they raise the bar significantly for the amount of work/knowledge required to get a stolen iPhone into resellable condition it would greatly reduce the number of thefts. If it cost an extra $100 of work (to pull a number from my ass) to get a stolen iPhone into a state where it could be resold, the value of stolen iPhones instantly drops by $100.

        Add enough extra expense, and even if remains technically possible to steal and resell an iPhone, it is no longer worth the trouble for criminals and they start looking for GS4s instead, or go back to pickpocketing.

        It is rather like the problem of being part of a group of people running from a hungry tiger. You don't need to outrun the tiger, just outrun the fat guy. And hope there isn't a second tiger.

        1. Great Bu

          You don't need to outrun the tiger, just outrun the fat guy

          Unfortunately today's more health conscious tigers are becoming increasingly aware of the cardiovascular health risks associated with an all fat guy diet and are increasingly encouraged to make the extra effort to chase down the lean, fit specimens.

          (Or to put it anonther way, you need to steal an awful lot of cheap Android tat before you make up the price of an iPhone)

  4. Will Godfrey Silver badge
    Meh

    The only 'lock' that will really work is one that blows a physical 'fuse' deep inside the processor.

    For some reason I can't see the fanbois going for that idea.

  5. Anonymous Coward
    Anonymous Coward

    the RPISM options

    Can't we just ask the NSA to tell us where our phones are ?

    1. Tom 13

      Re: the RPISM options

      The ACLU, EFF and many others say "No!":

      http://www.theregister.co.uk/2013/06/12/mozilla_aclu_vs_nsa/

  6. Anonymous Coward
    Anonymous Coward

    iCloud phishing ftw

    Excellent idea, allow remote phone bricking with merely an email and password protection.

  7. Alan Denman

    re - Can't we just ask the NSA to tell us where our phones are ?

    just ask at the nearest router.

    a simple web query hack and Apple will feed back to you the last 400 users.

    Nah, they ain't tracking.

  8. j800rob
    Mushroom

    At least they're making an effort...

    Whilst I'm sure there will be a method to defeat Apple's deterrent, from the limited details provided I thought their solution was pretty elegant. Not withstanding those experts determined to reactivate a robbed device, we can only hope that it might reduce the 'opportunistic thefts' of which I suspect most stolen handsets are the result of as opposed to organised criminals making a bee-line for top-end users. It does remain to be seen what the other manufacturers decide to come up with, especially for the lower end of the market, but surely this is a step in the right direction.

    However if a bastard nicked my phone, I would relish the satisfaction of being able to instigate a remote "This phone will self destruct in 5... 4... 3... 2...1..." kaboom!

    1. Geoff Campbell Silver badge
      Happy

      Re: At least they're making an effort...

      <Muffled kaboom from down the back of the sofa>

      "...bugger."

      GJC

    2. Tom 13

      Re: At least they're making an effort...

      Not sure how effective it will be. I imagine the way this works is the perp sells it to a buddy who sells it to another buddy before it hits the final buddy who sells it on the street. It reduces everybody's risk, and only the last or second last guy has to be able to reset the phone. Yeah, it may mean a bit more upfront investment, but since he's moving more merchandise, it's worth it to him.

      Remember, criminals aren't necessarily stupid, just lazy and im- or a- moral.

  9. An0n C0w4rd

    Shocking new technology...

    developed by lawmakers?

    That simple solution, Schneiderman and Gascón said in their joint statement, "will imbed persistent technology that is free to consumers that will make a phone inoperable once stolen, even if the device is off, the SIM card is removed, or the phone is modified by a thief to avoid detection."

    I'd love to know how they disable the phone if it is powered off.

    I also wonder how well their proposed solution works outside US borders. If they put carrier blocks on the phone all that will happen is the underground exfilterates the phones to another country.

    1. Jess

      Re: I'd love to know how they disable the phone if it is powered off.

      I think they mean they don't want the phone to be able to be unprotected even if it is switched off until it is worked on by the thief's engineering team.

      An 'I'm not stolen' flag when it registers to the mobile network.

      Of course this would lock it to the sim, so there would need to be a procedure for releasing it with the carrier, with a time delay to allow for theft to be reported.

      And hopefully rules to prevent them abusing this, i.e once out of contract they would have to allow this procedure.

      Done correctly it could actually also provide a fair solution to carrier locking.

  10. Talic

    I'm curious to see if restoring firmware via DFU would bypass this protection, unless that prompt for iCloud I'd and password is kept in a separate location on the device..

    1. Anonymous Coward
      Devil

      Re: I'm curious to see if restoring firmware via DFU would bypass this protection

      Same came to mind. I actually DFU my phone every single time I need to factory restore it so I suspect I'll find out pretty quick once iOS7 has been released since I tend to factory restore after every major iOS release.

      It would also be interesting to see if a jail-break through DFU would be able to get around this restriction. Though I believe a number of more recent jail-breaks have been triggered via exploits through Safari or some such so doing a jail-break through DFU might be trickier.

      A step in the right direction but I also believe there should be a physical kill-switch deep in the hardware of the device. Either way though people are "usually" more cautious of buying a device that has already been jail-broken at some point (and yes I'm aware that if you offer a low enough price there will always be buyers).

      I'm also not in disagreement with making the phone go pop. It does after all already have a payload in the form of a Li-Ion battery...

    2. jubtastic1

      It's just a standard activation prompt

      That's recieved a reply from Apple's servers that the unique hardware ID has already been used, reported lost/stolen and has been locked out. The system can be run/activated on the servers regardless of what happens to the phone.

      If people manage to break the system by presumably editing the unique hardware ID then I'd expect this to manifest itself as users of brand new phones complaining that their phone must be second hand as the activation prompt is telling them it's been lost.

  11. Cliff

    In the meantime

    I encourage all reg users to install prey from preyproject - usual remote location, screen locking etc or enter a stealth mode to take photographs of the scrote who stole your laptop and mobile. Makes the case for an arrest so much stronger for the police when you turn up with gps/close coordinates and a photo from the phones camera or laptop webcam, with value added screen captures just because.

    Free for you first three devices (phone laptop and tablet for instance) per account.

    1. Gordon Pryra

      @Cliff Re: In the meantime

      Sorry no,

      The police will do bugger all even with all that.

      You are confusing your idea of what the police should be doing with what they believe they should be doing.

      Check out http://plumpergeddon.tumblr.com/ for an exact real word example of your set up

      1. M Gale

        Re: @Cliff In the meantime

        Oh god, that site.

        You have to wonder what the cops are doing all day, or howcomes Plumpy hasn't found out about his increasingly infamous online art gallery yet.

        Really though, all of these anti theft measures are doing nothing about the phone chop shops that'll just rip the device apart and sell the screen, case, sensor glass, battery and any other saleable spare parts on Fleabay.

  12. Asiren
    Stop

    how does this hit resales?

    If your phone is locked to your AppleID even after a factory reset, is it going to be possible to disconnect your ID and sell the phone on??

    1. Amorous Cowherder

      Re: how does this hit resales?

      We all know how companies feel about second-hand markets and if they could ban the practice they all would in a heartbeat!

    2. Richard Gadsden

      Re: how does this hit resales?

      Once you've put your ID and password in, you can then wipe to the real factory reset mode.

  13. Ralph B
    Pirate

    Violent and dangerous cell phone thefts

    I have a feeling that "violent and dangerous cell phone thefts" are likely to get a good deal more violent and dangerous in future as the cell phone thieves will have to extract the iTunes account and password details from their victims, in addition to their phones.

    1. Jess

      Re: Violent and dangerous cell phone thefts

      Not if the SIM were locked and there was a two complete working day delay between asking for an unlock and it happening.

  14. Mark .

    Better idea

    Drop the obvious big corporate logo that advertises a mile off that you have a phone (one of the most expensive ones, at that). But that would involve putting practicality before marketing.

    (I find it funny that there are even protective cases, that then have a hole so as to not cover up the logo.)

    Next thing, they'll be making it light up. Oh wait.

    1. JaimieV

      Re: Better idea

      Are there any phones with lightup logos? Apple's don't.

      The thing that makes a phone obviously expensive is the big screen. No way to get rid of that, yet.

  15. dssf

    Kill Switch in Lanyard, Cards, and Camera; Devices as ID

    LEGAL/POLITICAL TAKE (My killswitch ideas are below):

    Let's make what I write below a matter of instant prior art so that the phone manufacturers do not need to worry about patent infringement. I hope this idea is not encumbered by patents. I have not searched, nor am I intentionally trying to step on an existing patent. But, something such as the below needs to happen, and FAST, since the phone makers and carriers have a duty to reduce the risk of their customers' being mugged or killed over a phone.

    However, since these phones, phablets, tablets, and laptops contain vast amounts of personal and proprietary data, I hope the SF and NY DAs take the next step: coerce Congress and the Senate and others to declare our legally-owned data-holding electronics to be a form of ID -- virtual and physical, with the full force of law regarding it as criminal as taking a physical ID card. We connect by our devices, and we gain or lose access by cookies, embedded pixels, and more based on what is on our devices. Once stolen by perps, the full force of law, locally and nationally, should regard the theft as an ID theft matter. This should trigger the FBI to be involved because many of these electronics -- the phones in particular end up in Asia and Africa. Some percentage may not be properly wiped, and some are stolen specifically for ID theft purposes. Thus, the FBI should be involved as this becomes an interstate and international crime.

    MY IDEAS:

    There are three ways I've thought of in under 10 minutes:

    1. Lanyard

    2. Detachable SD/MicroSD or SIM card as 2-factor authentication

    3. Soft-lock with photo/biometrics and random reset code entry per owner set-up

    1. Lanyard:

    I think there should be an option to have a wired tether/lanyard attached to the USB or other port on the phone. If the perp knocks the owner out, then the owner cannot be coerced to enter a detach code. If the user drops or disconnects the phone, there can be an audible warble or other tone alerting the owner to enter the self-destruct reset code.

    If the perp cuts the cable, the phone could self-destruct in 4 seconds, with no recognition of firmware-writing cables and software.

    2. Two-Factor-Identification-Capable SD or MicroSD card or Sim Card

    Also, if the phone is SD/MicroSD card-capable, then the contents could be automatically encrypted, and the card itself can act as the lanyard/tether/2-factor authentication trigger. This could make it unnecessary to plug the phone into a neck lanyard or subjet the user owner to predatory pricing of 1st or 3rd-party accessories.

    3. Soft-lock with photo/biometrics and random reset code entry per owner set-up

    If the perp manages to enter the code or coerce the victim to enter the code, then the phone can 5 minutes later and at random intervals prompt the phone holder to point the camera at him/herself and then enter the primary and backup timer reset code. On fail, the phone would self destruct.

  16. Mark 65

    Is it me..

    or does the guy in the picture look like the Fonz?

  17. arieanna
    Stop

    Locks and Kill Switches Aren't Enough

    Kill switches and activation locks are only one part of the solution to mobile theft. Even with tracking, law enforcement professionals often don't have enough information to obtain a search warrant - additional investigation is needed. Law enforcement assisted device location, investigation and recovery are the best deterrents to mobile theft and to actually catch criminals.

    The only solution on the market offering comprehensive post-theft investigation (not just GPS tracking) to assist law enforcement and phone recovery capability along with a kill switch is made possible between the partnership with Absolute Software and Samsung for the new Galaxy mobile devices. http://www.absolute.com/en/landing/13/samsung

  18. N13L5
    FAIL

    I call BS! That kill switch is NOT against thieves...

    The U.S. government simply wants to be able to remotely disable anybody's phone when they feel like it.

    Got a whistle blower, a dissident? Shut down their phones remotely, and their phone based wallets along with it. It goes together perfectly with all their other recent fascist moves and new laws in the phony name of "security".

    George Orwell, here we come, just 30 years later than you predicted.

This topic is closed for new posts.

Other stories you might like