As someone in a country with a serious mugging problem and having lost an iPhone already, one of the biggest security flaws I see is being able to power it off without providing any authentication.
What is even the point of Find my Phone and all that if anyone can just instantly switch off all the tracking?? You can't even ring your own number after that, and even law enforcement cannot look up the cell tower logs to see where it's been.
There should be an option to require a passcode for power-off, and another option to periodically send Find my Phone tracking even when "powered off," via any available network, until the battery dies.
EDIT: I agree they can just take out the SIM and we need to be able to force-power-off anyway.. but what can be done to increase the recoverability of these expensive items?
Even if Apple added that, it's trivially easy to pop the SIM. A phone without a network connection won't ping, so that won't help.
You have to think about it from the attacker's point of view. Anyone they sell it to is going to power it on to test it. Once it's powered on, it'll ping back.
Any black-market buyer knows to pop the SIM anyway before powering it on, and turn on the phone without any publicly-accessible Wifi access points available. But then they still have to restore it in order to see if it's iCloud locked, and the restore pings, too (it requires an Internet connection to Apple's servers to download a signed OS.)
What it comes down to is that stolen iPhones just aren't worth that much, since there's no easy way to remove an iCloud lock and the parts themselves aren't worth a lot. The good news is that far fewer iPhones are stolen these days (source: http://www.cbsnews.com/news/iphone-thefts-down-thanks-to-app... ), and thieves are pretty quickly learning that.
Even if the answer is "nothing" it still makes sense they're selling on ebay—people don't know that they're buying a brick, and I'd bet that's extremely difficult to contest via ebay/paypal.
I'm sure there are some folks trying to pass off locked iPhones as legit, but there are also people selling them "for parts" on Craigslist and I'm sure a load of other sites. I was just shopping for some test iPhones for work and there was one dude on Craigslist with a dozen or so new iPhones, all locked for like $80 "for parts".
Yeah, you could part the whole thing out, but there's so little demand for used parts currently that it's tough to make a business case for it.
New screens are pretty cheap these days; under $40 for a new iPhone 6 screen wholesale currently. Used batteries are worth nothing since new batteries are so cheap (a new 6 battery is less than $10 -- why would you want a used one?) Camera, home button, charge port, prox sensor...even if you put all those together you'd barely have $100 worth of parts, and that's talking about new part prices (wholesale).
> but what can be done to increase the recoverability of these expensive items?
Don't buy or walk with expensive items around? Sounds like I am being snarky, but I am serious. In some cities or areas, it is not possible to have nice stuff around. Couldn't have a nice car in my old neighborhood. The old beater I had was scratched, hit and broken into multiple times. I didn't care too much, as it was already scratched and beat up anyway. If it was a nice new car, I would have been upset, but I would have never gotten a nicer car living in that part of town.
As for phone, I broke my old flip phone some years ago, by sitting on it. And I was upset about it obviously, it was a nice model then. I was student, bought it by saving for a while. Didn't have insurance and so on. And since then realized that it didn't make any sense for me to buy these expensive toys if they can easily be lost, stolen, broken _if_ it causes me so much anguish when happens. So since then I've bought used, or lower end smart phones (last one is a Moto G for $170 from 3-4 years ago) so that if it gets, broken, stolen, lost I wouldn't be too upset about it, just inconvinienced some, and would just go and buy another one. Kind of like buying another pair of pants or socks.
I one day if I win the lottery, maybe I'll be able to buy $500-$600 iPhones like that too. But today If I had one, and cracked or lost, I would be quite upset.
I am saying this because I've seen people sign contracts to buy these phones (which is basically getting a loan), buying insurance for them and so on, and all I am think "it sounds like you can't afford it". Can't obviously tell them that in person, but's that the idea.
> And since then realized that it didn't make any sense for me to buy these expensive toys if they can easily be lost, stolen, broken _if_ it causes me so much anguish when happens. So since then I've bought used, or lower end smart phones (last one is a Moto G for $170 from 3-4 years ago) so that if it gets, broken, stolen, lost I wouldn't be too upset about it, just inconvinienced some, and would just go and buy another one. Kind of like buying another pair of pants or socks.
Interesting. Different ways of managing expected frustration. Personally, I stick to highest-end phones I can afford, for the simple reason - I was once stuck for 3 years with a phone that was so crappy that it could barely lift its own OS - fire up any app, homescreen gets killed to save memory. Somebody calls you? 25% chance that you won't be able to pick it up, because the phone will hang. Try and turn on Internet on it? If you didn't turn off sync, you'll have to powercycle the phone by removing its battery to get it working again.
I don't break or lose phones often (in the last 3 years, I managed to crack the screen of my S4 two times; got the glass replaced both times for relatively little cost). But I use them quite a lot, every day. Minor frustrations like apps crashing, hanging, or taking 30 seconds to load tend to add up into quite a bit of frustration daily. So I prefer to save up and buy a phone that I know will work flawlessly for the next 3 years or so (and, like with S4, then I happily give it away to someone when I buy a new one; they can probably squeeze 3 more years off it too).
I just use an old quality phone. I got a Nexus 5 in 2015 very cheap, and it works great to this day. Nexus 5X's price is on the way down, and there are plenty of other quality cheap phones to have, like the Chinese models. Some will need a new ROM, though, so one should check out CM devices page before buying.
In my experience, buying these phones offers a better experience than many of the flagship Samsungs which suffer from bloated, slow and unintuitive software.
>and even law enforcement cannot look up the cell tower logs to see where it's been.
I'm not so sure about that...
I worked at a TV news station in a major city where police told us they could track cell phones that were turned off. IIRC, it came up during an interview after they apprehended a suspect in a big rape/murder case. The suspect's phone was off, but they were able to track him. They told us they didn't really want the public to know they could do this, but it seems it's too late for that [1].
I'm not sure what the limitations are-- whether it'll work if the battery is removed (maybe there's amother battery?) or whether it only works with certain phones.
When the phone is off it is off.
Same goes with flight mode.
The NSA* or any other similar actor can load malware to your phone that would prevent it from being completely turned off, the police most likely cannot.
The police does have a vested interest in making the public think that turning the phone off is pointless.
*on older phones like late 90's very early 2000's there was enough power leaking from from the antenna into the modem part that you could ping turned off phones remotely even if the battery was removed I've seen this in action.
This doesn't or shouldn't work on new phones which require considerably more power and have very complicated hardware.
on older phones like late 90's very early 2000's there was enough power leaking from from the antenna into the modem part that you could ping turned off phones remotely even if the battery was removed I've seen this in action
I don't see how that could work - even if power through the antenna did cause the phone to transmit something, more than the radio would have to be powered up to get the phone to return any kind of identifier. But I'm skeptical that any transmitter could be powered through the antenna like that.
I could believe that if you transmit enough power that some sort of oscillation would occur in the phone to return a signal that can be detected, but I don't see how you could determine what phone returned that signal.
It wasn't transmitting a proper cell signal, it was transmitting something that they could detect.
I would assume that you would profile phones (of a certain make and model) and based on the return signal identify them.
This was used in the early days of in places where there wasn't high cellphone density to begin with.
I don't think this actually violates any FCC regulations given the right circumstances a can of coke can probably be induced to create enough backscatter to be trackable via RF.
>The police does have a vested interest in making the public think that turning the phone off is pointless.
An interesting point, but...
If I were a criminal (I am not), and I were going to commit a crime (I am not), and I knew turning off my phone was pointless because the police can still track it, then I would just leave my phone at home, or give it to a friend.
It's very old phones, with external antennas the power came from the same place that the power came from to say power the LED in the aftermarket NOKIA antennas that would light up when you are getting a call or a text - wireless power.
The phone had enough leakage to modulate the return signal sufficiently to be detected, it would not be the same thing as tracking a phone via its normal cellular signal it would just indicate the presence of one.
Those aftermarket lighty-uppy things work by sensing your phone's response burst, which is a much stronger signal, being driven by the phone's battery, and radiated from the very nearby antenna.
I do believe that you can induce a signal in a powered-off phone that can be detected nearby (several feet), by virtue of the tuned antenna if nothing else. I'm skeptical of the claim that a normal arbitrarily-distant cell transmission could do so. Regardless, I do not believe the induced signal could be detected back at the cell tower.
This would be wireless power. Not possible, at the levels and ranges asserted.
Believe what you want but at least read it through first.
This isn't about powering a cell phone via wireless power and make it connect to a cell tower this is about inducing enough power into the cell phone's RF parts to make it modulate the signal sufficiently to be able to be picked up.
Essentially this isn't that much different than the passive wifi or any other backscatter communication based system.
I've seen this demonstrated around 5 years ago at an Intelligence Technology seminar open to the public at the intelligence community heritage museum, it was done across the room during a demonstration which showed active and passive phone tracking techniques (they put the phones in and out of a faraday cages during the demonstration).
The phone that was used in the demonstration for the "powerless" tracking was a very old Ericsson (before it became Sony Ericsson) phone from the mid to late 90's, during that demonstration we've also been told that this method of tracking became obsolete around the early 2000's.
They did not elaborate exactly what ranges this work on but what they said is that the emitter and receiver were usually separated in order to accommodate operational requirements.
As I read it, that's a fine way to detect the presence of a cell phone. It might be able to discriminate between several models of cell phones. But it will not be able to identify a specific cell phone.
Yes, I said it was used to track cell phones in low density areas back when they were simply enough for this trick to work, what I assume is that if someone back then had a cell phone/radio phone/sat phone or anything similar with a susceptible transmitter in the middle of nowhere-stan you could probably identify them via other means, or at least be able to classify them sufficiently.
> When the phone is off it is off. Same goes with flight mode.
You're forgetting about the baseband. Modern phones have a secondary processor loaded with proprietary software that has a secondary battery soldered on. You can't turn that device off, and it has the ability to phone home. Even removing the battery won't help you.
No i didn't forget about the baseband, hence the NSA grade malware.
That said I haven't seen a single phone that when in airplane mode or off showed any signs of transmitting anything.
I've also done testing with RF fuzzing phones and nothing happened.
Other people did more analysis including power consumption monitoring etc. and there is no "on by default" home phone feature on basebands.
Can a base band be backdoored? sure, can the police do that most likely not, if anything the "quality" of commercial cellphone malware is fairly low most of it requires physical access to the phone or social engineering to install.
US Law enforcement relies mostly on cell provider and IMSI catcher based tracking, some departments might have access to commercial RAT products ala FinFisher but I have seen no evidence that anyone has access to baseband based exploits.
If anything it seems that even state actors do not have turn key solutions for remotely accessing the basebands of commercial mobile phones and often have to resort to compromising the supply chain to launch targeted attacks.
So yes the baseband is a CPU, it's probably considerably less secure than you would want, but saying that every baseband or even the top 10 most popular ones are or can be compromised at will doesn't pass the current smell test.
When you worked at that TV news station, were Blackberry phones prevalent? Blackberrys had two types of "off" -- one type periodically checks the network for texts and the other is an actual off.
I don't buy it. The top quora response you link to makes claims that tracking happens when off, but it's sources make no such claims. Specifically, I highly doubt that GPS is useful towards tracking an off phone.
The problem is that there has to be a way to forcefully power off the phone in case it freezes. If the OS depends on software to power off and the software is not reponsive, there's no way to shut it down without exhausting/removing the battery.
I think that's what sleep/wake+home button is for. Holding sleep/wake still requires 'slide to power off' (which i assume wouldn't respond when iOS locks up.)
sleep/wake+home button restarts iOS but ultimately reconnects to the device to the web.
The ability to quickly turn off the phone is useful when you need to activate a long password so that you cannot be forced to use your fingerprint to unlock it.
If you are in a place where you can be forced to unlock it with your finger they'll force you to give out the password too, it would probably even be more painful.
The only place where you would not want to use biometrics are western* countries which would allow the police to compel you to give out your fingerprints to unlock the phone.
With the exception of the UK in which not giving out a password or decryption key in the course of an investigation even if you are not the suspect of a crime can land you 7 years in prison these days.
What is even the point of Find my Phone and all that if anyone can just instantly switch off all the tracking?? You can't even ring your own number after that, and even law enforcement cannot look up the cell tower logs to see where it's been.
There should be an option to require a passcode for power-off, and another option to periodically send Find my Phone tracking even when "powered off," via any available network, until the battery dies.
EDIT: I agree they can just take out the SIM and we need to be able to force-power-off anyway.. but what can be done to increase the recoverability of these expensive items?