SlideShare uma empresa Scribd logo
1 de 33
Baixar para ler offline
http://www.mobilephonesecurity.org




   David Rogers, Copper Horse Solutions Ltd.
   26th October 2011
   MOBILE PHONE THEFT: AN UNSOLVABLE
   PROBLEM?
   OXFORD UNIVERSITY INFORMATION SECURITY & PRIVACY SEMINAR SERIES


     Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  SOME INFORMATION
  About Me
     12 years in the mobile industry
     Hardware and software background
     Head of Product Security at Panasonic Mobile
          Worked with industry and government on IMEI and SIMlock security
          Pioneered some early work in mobile phone forensics
          Brought industry together on security information sharing
     Director of External Relations at OMTP
          Programme Manager for advanced hardware security tasks
          Chair of Incident Handling task
     Head of Security and Chair of Security Group at WAC
     Owner and Director at Copper Horse Solutions
     Blog: http://blog.mobilephonesecurity.org, Twitter: @drogersuk

  About Copper Horse Solutions Ltd.
     Established in 2011
     Software and security company
           Focussed on the mobile phone industry
     Services:
           Mobile phone security consultancy
           Industry expertise
           Standards representation
           Mobile application development
     http://www.copperhorsesolutions.com


      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  THE PROBLEM
     Millions of mobile phones are stolen each year globally
     Some countries have not recognised it as a problem
          UK has led the way
     2001 Home Office study:
          710,000 phones stolen in the UK every year
          Large percentage of this was likely to be insurance fraud
     Despite many technical measures, it is still a problem
      today




      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  TYPES OF THEFT
     Street theft / theft from user
          Individual handsets (muggings etc.)
     Theft from shops
          Multiples (burglaries)
     Bulk theft
          Pallet loads (truck theft etc.)




      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  YOUTH ON YOUTH CRIME
     School bag in 2011 is £000s different to 1991
     Issues with bullying, theft, abuse of service and re-sale of
      stolen handsets
     Education is key:




      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  CRAVED
     Six elements that make products attractive to thieves:
          Concealable
          Removable
          Available
          Valuable
          Enjoyable
          Disposable


     Report argues that “how much depends on ease of
      disposal”


                                                                             From: Ron Clarke - „Hot Products: understanding,
                                                                             anticipating and reducing
      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved   demand for stolen goods‟
                                                                             http://www.popcenter.org/problems/shoplifting/PDFs/fprs112.pdf
http://www.mobilephonesecurity.org

  ROOT CAUSES
     Value of device
          Can be shipped and sold overseas where it will still work
     Features and commodities on device
          Apps, music, money
          WiFi enables device to continue to be used
          Theft of service – still an issue e.g. calls abroad
     Possession
          It is just something else someone is carrying (belts have been stolen
           in the past!)
          not allowing user to call for help




      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  CAR CRIME V PHONE CRIME
     Analogy everyone uses in government:

       “we solved car crime by putting pressure on the manufacturers to
          introduce security, we can do the same for mobile phones”

     Mobile is different!
           Remember CRAVED
           Users need to access device very regularly – ease of access is very
            important
           Much lower cost device than a car
           Easy to lose, then subsequently stolen
           Small, easy to export
           High youth on youth crime
     Attention to car crime has reduced it significantly but:
           Increases in carjacking and aggravated burglary (for keys)
           Hacking of wireless ignition systems

      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org




     Explanation of how a phone is disabled after theft




     Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  HOW BLOCKING WORKS
     Blacklisting
     (whitelists and greylists exist too)

                                                               357213000000290
                                                               357213000000128
                                                               357213000030123


                                       Country                                               GSM Association

                           SEIR                                                    CEIR




                EIR          EIR         EIR                        EIR          EIR   EIR   EIR

                                                   Operator
     Also: in UK - NMPR – Police database of property can be checked while
      on patrol
      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  INDUSTRY STEPS OVER 10 YEARS
     Vastly improved IMEI security
          Manufacturers have fought a long battle with embedded systems
           hackers
     Industry “IMEI Weakness and Reporting and Correction
      Process”
          42 day reporting for fixes

     Progress reported regularly to European Commission
     UK charter on mobile phone theft and UKSEIR
     Operators still lagging with CEIR sign-up
          Very few connected
          National governments need to take the lead
          Some operators not investing in EIRs

      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  MOBILE TELEPHONES (RE-PROGRAMMING) ACT (2002)

     http://www.legislation.gov.uk/ukpga/2002/31/contents
     Offences:
          Change a unique device identifier
          Interfere with the operation of a unique device identifier
          Possession (with intent) of tool and offering to re-program
     Maximum 5 years imprisonment

             In the last 2 years, 5 investigations, no convictions*

     Problem – most tools were dual use (maintenance, SIMlock removal
      AND IMEI change). Very difficult and costly to prove
     Other offences involved are often more serious
          e.g money laundering
     Deterrent effect?

      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
                                                                             * Source: National Mobile Phone Crime Unit
http://www.mobilephonesecurity.org

  RECYCLING AND EXPORT
     Lots of stolen phones are exported, re-sold abroad through
      the web or “recycled”
     Recyclers Charter and Code of Practice
          Check incoming phones are not stolen



     Some foreign recyclers offering to take blocked phones from
      the UK
     Very difficult to work out exactly how many stolen phones
      are exported as they just disappear
          Each network looks after their own data
          Evidence to suggest that stolen phones are exported to classic shipment
           hubs overseas such as Dubai
      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  REGIONAL THEFT GUARD
     Investigated at length by industry
     An alternative method of disabling mobiles as not all
      operators were using the CEIR
     3 solutions were investigated but proved to be at issue:
          Could be subverted by other means once in place
          High threat of collusion at a low level
          Tough to prove originating operator / owner – e.g. whether stolen
          Not a panacea by any means




      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  SITUATION NOW




                                                                            From: http://www.dailymail.co.uk/news/article-2051414/iPhone-
     Copyright © 2011 Copper Horse Solutions Limited. All rights reserved   BlackBerry-phones-targetted-thieves-leads-7-rise-knifepoint-
                                                                            robbery.html?ito=feeds-newsxml
http://www.mobilephonesecurity.org

  CURRENT STATS IN UK
     Mobile phone theft is increasing (FY 2010/11)

     Nationally mobile phone thefts in all crime: +9.7%
     Nationally mobile phones stolen during personal robbery:
      +13.4%
     And in London during robbery: +21.4%

     60% of all mobiles stolen in personal robbery in London are
      Blackberry or iPhone



      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  COUNTERFEITS




                                            From: http://reviews.ebay.com/Avoid-Buying-Fake-Nokia-Cell-Phone-Battery-On-
                                            eBay_W0QQugidZ10000000001916166
                                            And: http://www.slashgear.com/uk-could-become-key-counterfeit-route-after-trademark-ruling-1452340/

     Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  COUNTERFEITS (2)




                                                                            From:
                                                                            http://www.littleredbook.cn/2009/07/06/o
                                                                            bamas-sponsorship-of-shanzhai-
     Copyright © 2011 Copper Horse Solutions Limited. All rights reserved   blockberry-chinese-netizens-reactions/
http://www.mobilephonesecurity.org

  GLOBAL BLACKLISTING PROBLEMS
     Blacklisting                                                           Social engineering
      for other                  User error – wrong                                                    Lost then
                                        IMEI                                of call centre staff        found
    reasons such
       as fraud
                                                                                         Jurisdictional Differences
  Network Operator A
   cannot trust data
    from Network                                                                              Mass duplicates of
      Operator B                                                                                 IMEIs from
                                                                                              counterfeit devices
    Not blacklisting
    quickly enough

      Counterfeit devices                                                            Is the IMEI “personal data”?
         deliberately
      copying legitimate
            IMEIs                                 Human error                    What about other features of the
                                                 in call centres                  phone that are not disabled?
     Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  NEAR FIELD COMMUNICATIONS
     Samsung, RIM, Google Wallet and others…

                               Another reason to steal a phone

     Demo application developed for capturing credit card
      numbers
     Numerous attack scenarios outlined already
     Peer-to-peer payments




      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved   From: http://www.retroworks.co/scytale.htm
http://www.mobilephonesecurity.org




             Access control is becoming much more important




     Copyright © 2011 Copper Horse Solutions Limited. All rights reserved   From: http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm
http://www.mobilephonesecurity.org

  BIOMETRICS
     Still immature on mobile devices
          Early solutions easy to defeat (e.g. gummy finger etc.)
          Requires significant processing power
          May see some kind of cloud-based solution emerge (e.g. voice
           biometrics)
          Android 4.0 has facial recognition based on acquisition of Pittsburgh
           Pattern Recognition
     Increased risk for the user
          User as unlock key means user becomes the target of attack
          Same issue as car crime




      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved   From: http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm
http://www.mobilephonesecurity.org

  CHALLENGES FOR BIOMETRICS
     False negatives:

          Eyelashes too long
          Long fingernails
          Arthritis
          Circulation problems
          People wearing hand cream
          People who‟ve just eaten greasy foods
          People with brown eyes
          Fingerprint abrasion, includes: Manual labourers, typists, musicians
          People with cuts
          Disabled people



      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  BIOMETRICS (2)




     Copyright © 2011 Copper Horse Solutions Limited. All rights reserved   From: http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm
http://www.mobilephonesecurity.org

  RESULT OF: “USER IS THE KEY”




     Copyright © 2011 Copper Horse Solutions Limited. All rights reserved   Sources: ITV, Evening Standard, BBC
http://www.mobilephonesecurity.org

  HELPFUL TECHNOLOGY
     “Cloud” and 3rd party client applications:
          Offline backup
          Lock and wipe functionality
          Locate my phone
          Traditional anti-virus vendors are providing packaged functionality
          Parental controls
     Not just technology – also consumer awareness and
      education
     Mobile industry is still well aware of the problem and willing
      to help



      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  TRACKING STOLEN PHONES
     Being introduced as standard on many handsets
     Privacy concerns if misused




     What good is it if your phone appears abroad?
                                                                             From: http://www.apple.com/iphone/built-in-apps/find-my-iphone.html
      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved   And: http://www.samsungdive.com/DiveMain.do
http://www.mobilephonesecurity.org

  3RD PARTY SOLUTIONS
     Traditional AV vendors can finally add real value
     Packaged, holistic apps:




      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
                                                                             From: https://www.mylookout.com/features/missing-device/
http://www.mobilephonesecurity.org

  3RD PARTY SOLUTIONS (2)
     Design Out Crime Competition
          Usual “detect if user walks away” etc
     Over The Air event – Competition sponsored by NMPCU
          Winner: “Freeze Punk”
                 Motion sensor using camera – e.g. in hotels / on tables
          Another app for users without PINs:
                 dummy banking app which initiates a tracking feature as it connects to the web
                 can inform friends nearby to the phone

     Real life usage is often not compatible with anti-theft
      solutions
          Barrier to disable feature – e.g. PIN
     Not easy to design something useful

      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  POINT OF SALE REGISTRATION?
     http://www.immobilise.com




      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  WILL THE POLICE BE OVERWHELMED?

     Problem could become not one of theft, but of recovery
     Users are able to track and identify the location of their
      stolen goods
     No lawful way of users recovering them
     Users expect Police to do something
          Recovery of the phone is the most important thing
     Detection of crime is becoming extremely successful
          Need to think more carefully about how to manage theft and robbery
           problems
          Prevention becomes an imperative



      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
http://www.mobilephonesecurity.org

  THE ENGINEERING REQUIREMENTS OF AN UNSOLVABLE PROBLEM?


     Design a phone that is usable but immediately useless
      when stolen
          The phone may have multiple bearers and functions
     A phone that can be locked but reactivated if lost and found
     A global blocking system which is accurate and that works
      around the world for every phone
     A phone that keeps users‟ data private and safe from
      disclosure if stolen or lost




      Copyright © 2011 Copper Horse Solutions Limited. All rights reserved   From: http://www.retroworks.co/scytale.htm
http://www.mobilephonesecurity.org

  DISCUSSION



                               Contact

                               Email: david.rogers@copperhorses.com
                               Twitter: @drogersuk
                               Blog: http://blog.mobilephonesecurity.org




     Copyright © 2011 Copper Horse Solutions Limited. All rights reserved

Mais conteúdo relacionado

Último

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 

Último (20)

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 

Destaque

Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 

Destaque (20)

Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 

Mobile Phone Theft: An unsolvable problem?

  • 1. http://www.mobilephonesecurity.org David Rogers, Copper Horse Solutions Ltd. 26th October 2011 MOBILE PHONE THEFT: AN UNSOLVABLE PROBLEM? OXFORD UNIVERSITY INFORMATION SECURITY & PRIVACY SEMINAR SERIES Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 2. http://www.mobilephonesecurity.org SOME INFORMATION About Me  12 years in the mobile industry  Hardware and software background  Head of Product Security at Panasonic Mobile  Worked with industry and government on IMEI and SIMlock security  Pioneered some early work in mobile phone forensics  Brought industry together on security information sharing  Director of External Relations at OMTP  Programme Manager for advanced hardware security tasks  Chair of Incident Handling task  Head of Security and Chair of Security Group at WAC  Owner and Director at Copper Horse Solutions  Blog: http://blog.mobilephonesecurity.org, Twitter: @drogersuk About Copper Horse Solutions Ltd.  Established in 2011  Software and security company  Focussed on the mobile phone industry  Services:  Mobile phone security consultancy  Industry expertise  Standards representation  Mobile application development  http://www.copperhorsesolutions.com Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 3. http://www.mobilephonesecurity.org THE PROBLEM  Millions of mobile phones are stolen each year globally  Some countries have not recognised it as a problem  UK has led the way  2001 Home Office study:  710,000 phones stolen in the UK every year  Large percentage of this was likely to be insurance fraud  Despite many technical measures, it is still a problem today Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 4. http://www.mobilephonesecurity.org TYPES OF THEFT  Street theft / theft from user  Individual handsets (muggings etc.)  Theft from shops  Multiples (burglaries)  Bulk theft  Pallet loads (truck theft etc.) Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 5. http://www.mobilephonesecurity.org YOUTH ON YOUTH CRIME  School bag in 2011 is £000s different to 1991  Issues with bullying, theft, abuse of service and re-sale of stolen handsets  Education is key: Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 6. http://www.mobilephonesecurity.org CRAVED  Six elements that make products attractive to thieves:  Concealable  Removable  Available  Valuable  Enjoyable  Disposable  Report argues that “how much depends on ease of disposal” From: Ron Clarke - „Hot Products: understanding, anticipating and reducing Copyright © 2011 Copper Horse Solutions Limited. All rights reserved demand for stolen goods‟ http://www.popcenter.org/problems/shoplifting/PDFs/fprs112.pdf
  • 7. http://www.mobilephonesecurity.org ROOT CAUSES  Value of device  Can be shipped and sold overseas where it will still work  Features and commodities on device  Apps, music, money  WiFi enables device to continue to be used  Theft of service – still an issue e.g. calls abroad  Possession  It is just something else someone is carrying (belts have been stolen in the past!)  not allowing user to call for help Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 8. http://www.mobilephonesecurity.org CAR CRIME V PHONE CRIME  Analogy everyone uses in government: “we solved car crime by putting pressure on the manufacturers to introduce security, we can do the same for mobile phones”  Mobile is different!  Remember CRAVED  Users need to access device very regularly – ease of access is very important  Much lower cost device than a car  Easy to lose, then subsequently stolen  Small, easy to export  High youth on youth crime  Attention to car crime has reduced it significantly but:  Increases in carjacking and aggravated burglary (for keys)  Hacking of wireless ignition systems Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 9. http://www.mobilephonesecurity.org Explanation of how a phone is disabled after theft Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 10. http://www.mobilephonesecurity.org HOW BLOCKING WORKS  Blacklisting  (whitelists and greylists exist too) 357213000000290 357213000000128 357213000030123 Country GSM Association SEIR CEIR EIR EIR EIR EIR EIR EIR EIR Operator  Also: in UK - NMPR – Police database of property can be checked while on patrol Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 11. http://www.mobilephonesecurity.org INDUSTRY STEPS OVER 10 YEARS  Vastly improved IMEI security  Manufacturers have fought a long battle with embedded systems hackers  Industry “IMEI Weakness and Reporting and Correction Process”  42 day reporting for fixes  Progress reported regularly to European Commission  UK charter on mobile phone theft and UKSEIR  Operators still lagging with CEIR sign-up  Very few connected  National governments need to take the lead  Some operators not investing in EIRs Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 12. http://www.mobilephonesecurity.org MOBILE TELEPHONES (RE-PROGRAMMING) ACT (2002)  http://www.legislation.gov.uk/ukpga/2002/31/contents  Offences:  Change a unique device identifier  Interfere with the operation of a unique device identifier  Possession (with intent) of tool and offering to re-program  Maximum 5 years imprisonment In the last 2 years, 5 investigations, no convictions*  Problem – most tools were dual use (maintenance, SIMlock removal AND IMEI change). Very difficult and costly to prove  Other offences involved are often more serious  e.g money laundering  Deterrent effect? Copyright © 2011 Copper Horse Solutions Limited. All rights reserved * Source: National Mobile Phone Crime Unit
  • 13. http://www.mobilephonesecurity.org RECYCLING AND EXPORT  Lots of stolen phones are exported, re-sold abroad through the web or “recycled”  Recyclers Charter and Code of Practice  Check incoming phones are not stolen  Some foreign recyclers offering to take blocked phones from the UK  Very difficult to work out exactly how many stolen phones are exported as they just disappear  Each network looks after their own data  Evidence to suggest that stolen phones are exported to classic shipment hubs overseas such as Dubai Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 14. http://www.mobilephonesecurity.org REGIONAL THEFT GUARD  Investigated at length by industry  An alternative method of disabling mobiles as not all operators were using the CEIR  3 solutions were investigated but proved to be at issue:  Could be subverted by other means once in place  High threat of collusion at a low level  Tough to prove originating operator / owner – e.g. whether stolen  Not a panacea by any means Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 15. http://www.mobilephonesecurity.org SITUATION NOW From: http://www.dailymail.co.uk/news/article-2051414/iPhone- Copyright © 2011 Copper Horse Solutions Limited. All rights reserved BlackBerry-phones-targetted-thieves-leads-7-rise-knifepoint- robbery.html?ito=feeds-newsxml
  • 16. http://www.mobilephonesecurity.org CURRENT STATS IN UK  Mobile phone theft is increasing (FY 2010/11)  Nationally mobile phone thefts in all crime: +9.7%  Nationally mobile phones stolen during personal robbery: +13.4%  And in London during robbery: +21.4%  60% of all mobiles stolen in personal robbery in London are Blackberry or iPhone Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 17. http://www.mobilephonesecurity.org COUNTERFEITS From: http://reviews.ebay.com/Avoid-Buying-Fake-Nokia-Cell-Phone-Battery-On- eBay_W0QQugidZ10000000001916166 And: http://www.slashgear.com/uk-could-become-key-counterfeit-route-after-trademark-ruling-1452340/ Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 18. http://www.mobilephonesecurity.org COUNTERFEITS (2) From: http://www.littleredbook.cn/2009/07/06/o bamas-sponsorship-of-shanzhai- Copyright © 2011 Copper Horse Solutions Limited. All rights reserved blockberry-chinese-netizens-reactions/
  • 19. http://www.mobilephonesecurity.org GLOBAL BLACKLISTING PROBLEMS Blacklisting Social engineering for other User error – wrong Lost then IMEI of call centre staff found reasons such as fraud Jurisdictional Differences Network Operator A cannot trust data from Network Mass duplicates of Operator B IMEIs from counterfeit devices Not blacklisting quickly enough Counterfeit devices Is the IMEI “personal data”? deliberately copying legitimate IMEIs Human error What about other features of the in call centres phone that are not disabled? Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 20. http://www.mobilephonesecurity.org NEAR FIELD COMMUNICATIONS  Samsung, RIM, Google Wallet and others… Another reason to steal a phone  Demo application developed for capturing credit card numbers  Numerous attack scenarios outlined already  Peer-to-peer payments Copyright © 2011 Copper Horse Solutions Limited. All rights reserved From: http://www.retroworks.co/scytale.htm
  • 21. http://www.mobilephonesecurity.org Access control is becoming much more important Copyright © 2011 Copper Horse Solutions Limited. All rights reserved From: http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm
  • 22. http://www.mobilephonesecurity.org BIOMETRICS  Still immature on mobile devices  Early solutions easy to defeat (e.g. gummy finger etc.)  Requires significant processing power  May see some kind of cloud-based solution emerge (e.g. voice biometrics)  Android 4.0 has facial recognition based on acquisition of Pittsburgh Pattern Recognition  Increased risk for the user  User as unlock key means user becomes the target of attack  Same issue as car crime Copyright © 2011 Copper Horse Solutions Limited. All rights reserved From: http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm
  • 23. http://www.mobilephonesecurity.org CHALLENGES FOR BIOMETRICS  False negatives:  Eyelashes too long  Long fingernails  Arthritis  Circulation problems  People wearing hand cream  People who‟ve just eaten greasy foods  People with brown eyes  Fingerprint abrasion, includes: Manual labourers, typists, musicians  People with cuts  Disabled people Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 24. http://www.mobilephonesecurity.org BIOMETRICS (2) Copyright © 2011 Copper Horse Solutions Limited. All rights reserved From: http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm
  • 25. http://www.mobilephonesecurity.org RESULT OF: “USER IS THE KEY” Copyright © 2011 Copper Horse Solutions Limited. All rights reserved Sources: ITV, Evening Standard, BBC
  • 26. http://www.mobilephonesecurity.org HELPFUL TECHNOLOGY  “Cloud” and 3rd party client applications:  Offline backup  Lock and wipe functionality  Locate my phone  Traditional anti-virus vendors are providing packaged functionality  Parental controls  Not just technology – also consumer awareness and education  Mobile industry is still well aware of the problem and willing to help Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 27. http://www.mobilephonesecurity.org TRACKING STOLEN PHONES  Being introduced as standard on many handsets  Privacy concerns if misused  What good is it if your phone appears abroad? From: http://www.apple.com/iphone/built-in-apps/find-my-iphone.html Copyright © 2011 Copper Horse Solutions Limited. All rights reserved And: http://www.samsungdive.com/DiveMain.do
  • 28. http://www.mobilephonesecurity.org 3RD PARTY SOLUTIONS  Traditional AV vendors can finally add real value  Packaged, holistic apps: Copyright © 2011 Copper Horse Solutions Limited. All rights reserved From: https://www.mylookout.com/features/missing-device/
  • 29. http://www.mobilephonesecurity.org 3RD PARTY SOLUTIONS (2)  Design Out Crime Competition  Usual “detect if user walks away” etc  Over The Air event – Competition sponsored by NMPCU  Winner: “Freeze Punk”  Motion sensor using camera – e.g. in hotels / on tables  Another app for users without PINs:  dummy banking app which initiates a tracking feature as it connects to the web  can inform friends nearby to the phone  Real life usage is often not compatible with anti-theft solutions  Barrier to disable feature – e.g. PIN  Not easy to design something useful Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 30. http://www.mobilephonesecurity.org POINT OF SALE REGISTRATION?  http://www.immobilise.com Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 31. http://www.mobilephonesecurity.org WILL THE POLICE BE OVERWHELMED?  Problem could become not one of theft, but of recovery  Users are able to track and identify the location of their stolen goods  No lawful way of users recovering them  Users expect Police to do something  Recovery of the phone is the most important thing  Detection of crime is becoming extremely successful  Need to think more carefully about how to manage theft and robbery problems  Prevention becomes an imperative Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  • 32. http://www.mobilephonesecurity.org THE ENGINEERING REQUIREMENTS OF AN UNSOLVABLE PROBLEM?  Design a phone that is usable but immediately useless when stolen  The phone may have multiple bearers and functions  A phone that can be locked but reactivated if lost and found  A global blocking system which is accurate and that works around the world for every phone  A phone that keeps users‟ data private and safe from disclosure if stolen or lost Copyright © 2011 Copper Horse Solutions Limited. All rights reserved From: http://www.retroworks.co/scytale.htm
  • 33. http://www.mobilephonesecurity.org DISCUSSION Contact Email: david.rogers@copperhorses.com Twitter: @drogersuk Blog: http://blog.mobilephonesecurity.org Copyright © 2011 Copper Horse Solutions Limited. All rights reserved

Notas do Editor

  1. Street theft impacts the user the most and can do in a physical and violent way.Theft from shops is still prevalent and impacts the store locally in terms of lost sales and the ultimately the company more widely in terms of increases in insurance premiums.Bulk theft goes under the radar of a lot of people. Mobile phones are targeted by organised criminal gangs from both storage warehouses through to lorries being hijacked. The Transport Asset Protection Association figures from August 2011 show that well over the biggest proportion of cargo thefts are electronics. Laptops, mobile phones and cameras are the most stolen products. The UK remains a hotspot for crime.This presentation concentrates mainly on the issues that affect users the most – street crime.Youth on youth crime is a particular problem
  2. This is not to say that further pressure is not necessary. A couple of manufacturers are still dragging their heels on security. New challenges such as additional bearers (e.g. WiFi) mean that IMEI blocking is not going to be 100% effective.It should be said that mobile operators have managed to stay below the radar and have not significantly invested in improving EIRs or in some cases overseas, are not using them at all to block phones.
  3. (verbal run through of what happens)
  4. UK crime reduction charter agreed between MICAF and Home Office with tests against SEIR blocking timesA lot of edge issues around unblocking / delisting such as: http://paulclarke.com/honestlyreal/2010/07/my-phones-been-blacklisted/
  5. Hardware security in devices has massively improved with the introduction of various standards, including OMTP’s Advanced Trusted Environment, TR1. Some work needs to be done by a couple of manufacturers.
  6. Manufacturers and their authorised agents (i.e. regional repair centres doing legitimate programming) are exemptThis act could also be theoretically used to target hardware hacking. Unique identifier also offers the opportunity to protect MAC address? Should this be a focus in the future? What about MAC address blocking?Offences like money laundering carry a much higher sentence and are more easy to prove than IMEI reprogramming
  7. Non-use of the CEIR means that phones are just disappearing abroad
  8. Robberies increase during times of hardship
  9. Snatch and pickpocketing are up
  10. Fake phones are a real problem. This issue directly affects consumers in terms of the quality of the product they’re getting – for example exploding batteries are frequently fake because they don’t have the correct protection circuits. The RF performance of counterfeit devices has been shown to be really poor. Often these devices have dual SIM capability which is not something that you normally see in legitimate devices.From a theft / blocking point of view, many of these devices do not use correct or legitimate IMEIs. This leads to lots of duplicates. Counterfeit devices from China, known as “Shanzhai” are a particular problem in African countries. The MMF estimates that around 50% of phones in Uganda are fake.
  11. There are countless examples such as this “Blockberry”, supposedly endorsed by Barrack Obama!
  12. Managing a global blacklist is a nightmare.Sometimes just moving operators and giving the call centre operator a sob story is enough to make them de-list the blocked handset.
  13. Easy to launder mobile wallet cash – just go and buy something for less than £10 in Argos then sell it on ebay / market stall
  14. There are lots of different solutions out there, from PINs to pictures. The problem is that users opt for convenience and don’t think they need the PINlock until it is too late.
  15. There are problems with cloud based solutions for authenticating to devices. The device may not always be able to get network.
  16. Biometrics put the whole access problem on the user
  17. But even without biometrics, some horrific crimes can be committed for the thing that people have to “know”
  18. This is Samsung’s ad campaign from India which tells a story with the moral “how far will you run with a stolen phone”. Video: http://youtu.be/9XkFfw6wduY
  19. Backup, lock and wipe, just lock only, disable, locate featuresSome of these apps can also not be removed by a hard reset
  20. Developers are coming up with some innovative ideasThe ugly truth is there is no silver bullet to mobile phone theft. However, the sum of the solutions may help to reduce the problem as a whole.
  21. WiFi usage,UMA problems in the future?Should devices be further secured, how about MAC address security?My view: There is no one solution. This is a very complex problem, because of the differing circumstance but we need a solution to the very difficult problem of export, supported by national / regional regulation. Users have to take there part too in terms of their own responsibility over stolen property.