立即打开
自杀开关:手机防盗终极大招?

自杀开关:手机防盗终极大招?

Jane Porter 2014年05月29日
一旦手机被盗,机主就可以远程启动手机中的自杀开关,小偷偷来的手机最终就会变成一块毫无用处的板砖。但它真的能够从源头上阻止手机被盗吗?

    纯粹依靠软件的技术手段必然有可以动手脚的空间,因而也必然会被聪明的小偷利用。基于硬件的加密技术提供商Wave Systems技术总监格雷格•卡兹米耶尔扎克说:“如果有人偷了一部手机,那就有办法阻止它从外部接收自毁指令。”比如小偷只要把偷来的手机放在一个能阻绝无线信号的手机壳里,就能阻断这部手机的所有电磁通讯。据卡兹米耶尔扎克表示,将被盗手机放在这种手机壳里,然后再进行各种阻断接受自杀信号的操作,的确具有可能性。

    另一种手机防盗方案是用硬件、而不是使用软件,让手机变“板砖”,而且这种方法已经受到业界越来越多的认可。这种方案要求在手机内部植入一个硬件设备,它可以防止小偷绕过软件程序窃取手机内部的加密数据。

    卡兹米耶尔扎克表示,硬件技术提供了一种更加安全的解决方案。但是现在就断言应该使用哪种技术仍然是武断的,它应该取决于小偷盗窃手机的动机。卡兹米耶尔扎克认为:“加装解决方案之前,我们需要了解一下小偷盗窃手机的动机。你的手机里最有价值的究竟是硬件,还是储存在手机里的数据?”

    基于软件的技术可以防止手机被格式化或者重设为出厂设置,但它不能有效保护储存在手机硬件里的加密数据。而基于硬件的技术虽然令小偷有可能重新激活手机用来转卖,但是却能保护原机主储存在手机里的加密个人信息。对此,卡兹米耶尔扎克说:“随着我们放进智能手机的东西越来越多,手机里储存的数据往往比机器本身更有价值。”

    有些厂商已经针对这个问题推出了自己的防盗工具。比如苹果就在2013年与iOS7一道推出了一款防盗软件“激活锁定”,上个月三星也推出了“重新激活锁定”功能。这两项功能都能让消费者远程锁定被盗的手机,防止小偷抹除手机中的数据,重新激活设备,再转卖给其他人。

    有些手机厂商还在最新款的手机中采取了硬件与软件技术相结合的模式。比如三星在最新款的手机中整合了Knox技术,新款iPhone也内置了用来保护加密数据的专有硬件。不过硬件解决方案的缺点是没办法远程“种”到老款手机里,不像软件方案只需一次软件升级就能解决这个问题。

    不管手机厂商使用的是软件方案、硬件方案还是软硬件相结合的防盗方案,目前他们仍有一个最大的挑战没有解决,那就是由谁来监管手机的“自杀”功能。比如说,如果有人想要合法地转卖自己的手机,那么他应该如何把“自杀”功能安全地转让给新用户?坎普说:“你怎样证明这个让手机‘自杀’的人不是小偷?因为只要有人知道你的密码,他就可以让你的手机‘自杀’。目前还没有人搞清楚这个问题。”

    除了“自杀开关”之外,也有人尝试了一些其它防盗方案,比如给被盗手机IMEI串号或验证码建立一个“黑名单”数据库,再比如纽约参议员杰弗里•克雷恩的提案建议,出售一台以上二手手机的人必须提供购买发票以避免黑市交易。但是CTIA在2012年提出的“黑名单”方案并没有起到降低犯罪率的效果,而克莱恩的议案自从去年十月提出之后,至今仍卡在参议院委员会未能通过。

    参议员雷诺在一份声明中称:“随着抢劫智能手机的案件达到有史以来的最高峰,既然就这个问题已有解决方案可用,那么加州就不能继续坐视不理。”但是尽管已有备选的防盗方案可用,但它们是否能有效降低手机盗窃案,目前仍然有待观察。(财富中文网)

    译者:朴成奎

    Software-only based approaches have the potential to backfire. For one, they can be worked around by clever thieves. "If someone steals a phone, there are ways to block it from receiving communications that would kill a device," says Greg Kazmierczak, CTO of Wave Systems, a provider of hardware-based encryption technology. For instance, a thief could place the stolen phone in a signal-blocking phone case that would prevent all electromagnetic communications from reaching the device. According to Kazmierczak, it could be possible to put it into one of those cases and perform whatever you need to in order to stop the kill signal from coming in.

    Another alternative solution is to use hardware, rather than software to make stolen phones inoperable -- an approach that's becoming more widely recognized in the industry. This would involve embedding actual hardware into the phone that would prevent thieves from circumventing software technology to get access to data encrypted on the phone.

    Hardware technology offers a much more secure solution, says Kazmierczak. But the question of which technology to use is not arbitrary. It hinges on what drives thieves to steal phones in the first place. "We need to understand what the motivation is in the theft before instilling a solution," Kazmierczak says. "What's the most valuable component -- the hardware or the data you are storing in your device?"

    A software-based approach could protect a phone from getting wiped and reset to factory default, but it would not be as effective in protecting the user's data encrypted on hardware in the device. A hardware-based approach, on the other hand, might make it possible for thieves to reactivate the phone for resale, but would protect encrypted personal data about the original owner from getting stolen. "As we put more and more into these devices, the data is more valuable than the device itself," Kazmierczak says.

    Attempts to offer a solution to the problem are already in place by some providers. Anti-theft software like Apple's Activation Lock rolled out in 2013 as part of iOS 7 and last month Samsung released a "Reactivation Lock," both of which would allow consumers whose phones were stolen to lock them remotely and prevent thieves from wiping and reactivating their devices to be resold.

    And a few phone manufacturers are putting a hybrid of hardware and software technologies in place in their newest models. Samsung phones with Knox technology in them do this, as do newer iPhones that include proprietary hardware to protect encrypted data. The downside of such a hardware solution, of course, is that it can't be introduced remotely to older modeled phones in the same way a software update can be.

    Regardless of whether smartphone makers take a software, hardware, or combined approach to theft prevention, one of the biggest challenges they have yet to figure out is where the manpower to monitor and regulate a kill switch function will come from. When someone wants to resell a used phone legally, for example, how can they transfer kill switch capabilities to the new owner safely and securely? "How do you validate that it's the right person trying to kill the device? Someone could kill your phone if they know your password," Kemp says. "So far no one has figured that out yet."

    Other solutions beyond the kill switch have been attempted, including a database of blacklisted IMEIs or identification numbers for stolen phones, better policing and a proposed bill by New York senator Jeffrey D. Klein, that would require those people selling more than one used phone to provide receipts of purchase to prevent black-market business. But CTIA's blacklist, which was proposed in 2012 hasn't helped reduce crime numbers and Klein's bill has been stuck in a Senate Committee since it was proposed last October.

    "With robberies of smartphones reaching an all-time high, California cannot continue to stand by when a solution to the problem is readily available," said Senator Leno in a statement. But while solutions to the problem are available, how effective they'll be at actually curbing smartphone theft still remains to be seen.

  • 热读文章
  • 热门视频
活动
扫码打开财富Plus App