Ask Slashdot: Would You Use A Cellphone With A Kill Code? 93
Slashdot reader gordo3000 writes: Given all the recent headlines about border patrol getting up close and personal with phones, I've been wondering why phone manufacturers don't offer a second emergency pin that you can enter that wipes all private information on the phone? In theory, it should be pretty easy to just input a different pin (or unlock pattern) that opens up a factory reset screen on the phone and in the background begins deleting all personal information.
I'd expect that same code could also lock out the USB port until it is finished deleting the data, to help prevent many of the tools they now have to copy out everything on your phone. This nicely prevents you from having to back up and wipe your phone before every trip but leaves you with a safety measure if you get harassed at the border.
It could be built into the operating system, added by the manufacturer, or perhaps sideloaded as a custom mod -- but that begs the question of whether it'd really be a popular feature. So leave your own thoughts in the comments. Would you use a cellphone with a kill code?
Yes.
There's no need to lock any ports, though: wiping an encrypted phone can be done in less than a millisecond. All you need to do is destroy the encryption key. That's what iPhones do when you enter the wrong pin multiple times, and the effect is instant and irreversible. It would be trivial for Apple to add a feature that wipes the phone for a specific pin chosen by the user.
Law enforcement can sometimes retrieve a password. But that password only serves to decode the actual decryption key, which is a random
1. Duress codes are a dumb idea that sounds cool. Why ? By definition you almost never use them . Now try remembering that code you set up 3 years ago and never used since while arrested , and are freaking the fuck out in a stress situation. Doesn't happen in the real world.
Home alarm systems don't have them any more for a reason.
2. On iPhone if you use TouchID, it's 4 taps to "erase all contents and settings". Any duress code would be longer to enter than that.
Why not a fake account? (Score:3)
Re:Why not a fake account? (Score:5, Insightful)
Why not have a second PIN that opens a sanitized, but seemingly fully normal, home page? Missing a few critical apps, or having versions signed into a different account.
Because if the device is confiscated, a simple dump of the memory will reveal everything.
What you really want is a "destroy adopted storage decryption key + zerofill SD card" option on the recovery menu.
At least for Android devices anyway.
Samsung Knox does what the parent wants. If the device gets compromised the Knox subsystem will blow a physical fuse and destroy the data permanently.
Why yes (Score:5, Insightful)
It would be *very* easy to have smartphones with adequate security from all sorts of perspectives. Secure key storage, secure storage, secure communications, secure boot, secure containers, secure remote management, secure (multiple factor) authentication, secure arbitration of what hardware can access what memory etc. The thing is: if your target audience is largely 15 year old girls, then you probably have commercial priorities elsewhere.
It would be *very* easy to have smartphones with adequate security from all sorts of perspectives. Secure key storage, secure storage, secure communications, secure boot, secure containers, secure remote management, secure (multiple factor) authentication, secure arbitration of what hardware can access what memory etc.
It would be *very* easy for citizens to give a shit enough about their privacy to not carry around their entire lives in a cellular tracking device too.
Simple fact is, they don't give a shit, convenience trumps privacy every time, and it's gonna take a hell of a lot more than a dozen border patrol searches gone overboard to change human behavior.
The thing is: if your target audience is largely 15 year old girls, then you probably have commercial priorities elsewhere.
Yeah right. Everyone from 7 - 70 years old uses a cellular device these days, and the models are hardly different no matter who is using it. Governments rather en
People don't want super-tight security.
They don't want to enter passwords everytime they need to use their phone, especially not long/string passwords.
They want to be able to recover their password in case they forget it.
They want their apps to communicate : share a picture in one click, have their contact book shared between multiple services.
Some want to be able to customize their device, add features, etc...
Securing a device while taking into account user needs for a general purpose computer (this is wha
Easy to do with an iPhone (Score:2)
Put in a PIN code. Set the phone to wipe after 3 incorrect attempts.
When the phone goes to wipe itself, it just deletes the crypto key to the main storage, thereby rendering it completely scrambled in an instant. No need to lock out the Lightning port while this occurs, it happens too quickly.
I would gladly have a phone that would have a self-wipe feature after both a multiple failed attempts and with an alternate code or different fingerprint entered. That last one being especially important with the police forcing people to unlock phone with their fingerprints. This would allow you to use your fingerprint on the phone but instead of unlocking it, it would wipe. Now, you'd be facing destruction of evidence of obstruction of justice charges but, that is probably better than what you would hav
Yeah, if I go to the USA again at any stage in the foreseeable future, I'm seriously considering just wiping my phone on the plane and then restoring from a cloud backup as soon as I've cleared customs.
leave the phone at home. leave everything electronic at home (except maybe an inexpensive digital camera with no sd cards, just on board memory). don't even take a flash drive or camera card. take a few non controversial books. use a prepaid phone at your destination.
So you show up at the airport gate with a burner phone. They go through it - no contacts, no recent calls, no net usage.. you haven't even chosen a custom wallpaper. Obviously, you have something to hide. We'd better take this guy in until he tells us what he's done with his real phone and why he's concealing it.
Re:Easy to do with an iPhone (Score:5, Insightful)
...Now, you'd be facing destruction of evidence of obstruction of justice charges but, that is probably better than what you would have been facing had the phone been unlocked.
Fucking seriously?
Unless you're engaged in some seriously illegal activity that you rather enjoy conducting on your smartphone, perhaps you should *really* sit and think about those charges before making such a statement. Gut feeling is a criminal record will impact you a hell of a lot more than your Facebook data being confiscated.
Re: (Score:3)
Index finger fingerprint = open phone. Middle finger fingerprint = delete or randomize encryption key. Maybe require a second fingerprint (middle finger on other hand) just to be sure.
This won't fly. (Score:2)
People will accidentally wipe the phones.
There would be 10 legitimate use and 10,000,000 acciddental customers with lost data and liability claims.
I, as a phone / OS provider, would fight this feature.
I, as a phone user, would fight this feature.
Imagine a prankster or a drunk friend or a child getting your phone and trying this out.
you would actually want three pin codes. One to open the phone, one to clear the phone and one to open the phone and call the police and leave the microphone open but shut down the speaker. Obviously the code for normal open would be the most complex but the other two codes could be simple and easy to remember and distinct eg 1235 and 0070.
I, as a phone user, would fight this feature.
How would you fight it? By moaning loudly on internet forums?
The proposal is only a wipe. If this happened accidentally you can log back into icloud or your google account and resync. Crisis averted.
Personally I have no need for it, but if manufacturers built it in I wouldn't complain. It doesn't have to be compulsory, like most features it could be disabled.
Imagine a prankster or a drunk friend or a child getting your phone and trying this out.
How would they know the code?
The proposal is only a wipe. If this happened accidentally you can log back into icloud or your google account and resync. Crisis averted.
So to protect all your information, put it in the cloud. The NSA loves you.
How would they know the code?
Well what should happen when you type the wrong code over and over? Here it's company mandated that four wrong attempts = wipe. Somebody's figured out the hard way what happens when the kid gets hold of your phone, bye bye vacation photos (abroad, too expensive to cloud sync).
His code is 0000.
People will accidentally wipe the phones. There would be 10 legitimate use and 10,000,000 acciddental customers with lost data and liability claims.
There would be zero liability claims, and you would agree to that in the EULA you never read.
I, as a phone / OS provider, would fight this feature. I, as a phone user, would fight this feature.
Of course you would.
So would the rest of society, because privacy is the concept that "won't fly" anymore.
If you wipe your phone - you're a suspect (Score:3, Insightful)
Well, you wipe your phone when trying to enter - it means that you have something to hide and should be detained and not allowed in.
Just smoke and mirrors (Score:1)
It should always be mutual (Score:2)
It can be improved (Score:2)
Theory good, practice bad (Score:2)
Please ask yourself: would you remember a pin you set half-year ago and never used it? Although most people will not use it (thus why invest in development), those that know it, 90%(so I won't repeat "most") will forget the wipe PIN and would not rememeber it when needed. You have to be extremely well organised+great memory to be able to use it.
Been there, done that (Score:2)
that is not 'begging the question' (Score:2)
Already exists (Score:2)
Nice but useless (Score:1)
Availability of this feature would result in new regulations which make it illegal to nuke your phone when asked to hand it over to a border agent/law enforcement officer. Add something like 1 year in prison etc and the functionality is practically useless.
Change your PIN (Score:2)
This is getting ridiculous (Score:3)
You are in a foreign country.
Upload your data to a foreign server.
I recommend a one-time key for encryption.
Erase it from your phone.
Enter the U.S.A.
Retrieve the data. Erase it from server.
End of problem.
Avoids border hassles.
All perfectly legal.
18 USC 1503 (Score:2)
18 USC 1503 : Federal Obstruction of Justice.
10 years in a Federal pound-you-in-the-ass prison.
Your new cellmate is named "Bubba".
data is never lost (Score:1)
Avast supposedly already has all that (Score:2)
The problem is not big enough for most people (Score:2)
Most people may not like having their phones perused, but they also don't mind terribly, and don't travel so often.
If you do mind, you already have two phones, one for home and one for traveling. That's a safer solution, even if you have to keep both updated.
The real problem will come when not having a Facebook account will make you lose your flight, marking you as a suspect element.
MDM (Score:2)
I've noticed a lot of people saying they want a security feature for their phones. This is actually quite easy. There are per user MDM services. They have many of the non discovery features people above are asking for. For example a destruction of the encryption on device in case of physical tampering with it being stored in the cloud. Security is available at about $50-100 / device / yr.