Shiny Expensive Things: The Global Problem of Mobile Phone Theft


Published on

Technology in mobile devices is continuing to advance at an incredible rate, but some of the old security themes continue to persist, mobile phone theft being one of them. This talk looks at the topic of mobile phone theft and what industry’s role has been in helping to prevent it and whether that has been entirely successful. The talk looks at what could happen next and whether it is possible to standardise usable anti-theft mechanisms within devices. It will also look at technologies such as biometrics for access control and whether Police and Government actions have been adequate in dealing with the modus operandi of thieves and fencers of stolen phones.

This talk was given by David Rogers on the 3rd of December 2013 as part of Bournemouth University's School of Design, Engineering and Computing's Cyber Seminar series.

Published in: Technology, Business
1 Comment
  • David, I'd like a 'soft copy' please!
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Street theft impacts the user the most and can do in a physical and violent way.Theft from shops is still prevalent and impacts the store locally in terms of lost sales and the ultimately the company more widely in terms of increases in insurance premiums.Bulk theft goes under the radar of a lot of people. Mobile phones are targeted by organised criminal gangs from both storage warehouses through to lorries being hijacked. The Transport Asset Protection Association figures from August 2011 show that well over the biggest proportion of cargo thefts are electronics. Laptops, mobile phones and cameras are the most stolen products. The UK remains a hotspot for crime.This presentation concentrates mainly on the issues that affect users the most – street crime.Youth on youth crime is a particular problem
  • Robberies increase during times of hardship
  • This is not to say that further pressure is not necessary. A couple of manufacturers are still dragging their heels on security. New challenges such as additional bearers (e.g. WiFi) mean that IMEI blocking is not going to be 100% effective.It should be said that mobile operators have managed to stay below the radar and have not significantly invested in improving EIRs or in some cases overseas, are not using them at all to block phones.
  • (verbal run through of what happens)
  • UK crime reduction charter agreed between MICAF and Home Office with tests against SEIR blocking timesA lot of edge issues around unblocking / delisting such as:
  • Hardware security in devices has massively improved with the introduction of various standards, including OMTP’s Advanced Trusted Environment, TR1. Some work needs to be done by a couple of manufacturers.
  • Manufacturers and their authorised agents (i.e. regional repair centres doing legitimate programming) are exemptThis act could also be theoretically used to target hardware hacking. Unique identifier also offers the opportunity to protect MAC address? Should this be a focus in the future? What about MAC address blocking?Offences like money laundering carry a much higher sentence and are more easy to prove than IMEI reprogramming
  • Non-use of the CEIR means that phones are just disappearing abroad
  • Fake phones are a real problem. This issue directly affects consumers in terms of the quality of the product they’re getting – for example exploding batteries are frequently fake because they don’t have the correct protection circuits. The RF performance of counterfeit devices has been shown to be really poor. Often these devices have dual SIM capability which is not something that you normally see in legitimate devices.From a theft / blocking point of view, many of these devices do not use correct or legitimate IMEIs. This leads to lots of duplicates. Counterfeit devices from China, known as “Shanzhai” are a particular problem in African countries. The MMF estimates that around 50% of phones in Uganda are fake.
  • There are countless examples such as this “Blockberry”, supposedly endorsed by Barrack Obama!
  • Managing a global blacklist is a nightmare.Sometimes just moving operators and giving the call centre operator a sob story is enough to make them de-list the blocked handset.
  • Easy to launder mobile wallet cash – just go and buy something for less than £10 in Argos then sell it on ebay / market stall
  • There are lots of different solutions out there, from PINs to pictures. The problem is that users opt for convenience and don’t think they need the PINlock until it is too late.
  • There are problems with cloud based solutions for authenticating to devices. The device may not always be able to get network.
  • There are problems with cloud based solutions for authenticating to devices. The device may not always be able to get network.
  • Biometrics put the whole access problem on the user
  • But even without biometrics, some horrific crimes can be committed for the thing that people have to “know”
  • This is Samsung’s ad campaign from India which tells a story with the moral “how far will you run with a stolen phone”. Video:
  • Backup, lock and wipe, just lock only, disable, locate featuresSome of these apps can also not be removed by a hard reset
  • Shiny Expensive Things: The Global Problem of Mobile Phone Theft

    1. 1. Shiny Expensive Things: The Global Problem of Mobile Phone Theft David Rogers School of Design, Engineering and Computing Bournemouth University 3rd December 2013 Copyright © 2013 Copper Horse Solutions Ltd. All rights reserved. 1
    2. 2. The Problem  Millions of mobile phones are stolen each year globally  Some countries have not recognised it as a problem – UK has led the way  2001 Home Office study: – 710,000 phones stolen in the UK every year – Large percentage of this was likely to be insurance fraud  Despite many technical measures, it is still a problem today
    3. 3. Types of Theft  Street theft / theft from user – Individual handsets (muggings etc.)  Theft from shops – Multiples (burglaries) – ‘Steaming’ – group distraction / disruption theft while shop is open  Bulk theft – Pallet loads (truck theft etc.)
    4. 4. Youth on Youth Crime  School bag in 2011 is £000s different to 1991  Issues with bullying, theft, abuse of service and re-sale of stolen handsets  Education is key:
    5. 5. CRAVED  Six elements that make products attractive to thieves: – – – – – – Concealable Removable Available Valuable Enjoyable Disposable  Report argues that “how much depends on ease of disposal” From: Ron Clarke - ‘Hot Products: understanding, anticipating and reducing demand for stolen goods’
    6. 6. Violent Theft must be Addressed From:
    7. 7. Police Awareness Campaigns UK Home Office TV Advert Campaign Mobile Phone Security - David Rogers
    8. 8. Root Causes  Value of device – Can be shipped and sold overseas where it will still work  Features and commodities on device – Apps, music, money – WiFi enables device to continue to be used – Theft of service – still an issue e.g. calls abroad  Possession – It is just something else someone is carrying (belts have been stolen in the past!) – not allowing user to call for help
    9. 9. Has been a focus for a long time… „...what we have got to do is get to a situation where there is no point in stealing them. The only way we can do that is with the industry.“ Commissioner Sir Ian Blair 13/04/06 Mobile Phone Security - David Rogers
    10. 10. Car Crime v Phone Crime  Analogy everyone uses in government (especially the ‘Nudge’ unit* in the UK): “we solved car crime by putting pressure on the manufacturers to introduce security, we can do the same for mobile phones”  Mobile is different! – – – – – – Remember CRAVED Users need to access device very regularly – ease of access is very important Much lower cost device than a car Easy to lose, then subsequently stolen Small, easy to export High youth on youth crime  Attention to car crime has reduced it significantly but: – Increases in carjacking and aggravated burglary (for keys) – Hacking of wireless ignition systems * Cabinet Office Behavioural Insights Team
    11. 11. Explanation of how a phone is disabled after theft
    12. 12. How blocking works  Blacklisting (whitelists and greylists exist too) 357213000000290 357213000000128 357213000030123 GSM Association Country CEIR SEIR EIR EIR EIR EIR EIR EIR EIR Operator  Also: in UK - NMPR – Police database of property can be checked while on patrol  UK operators operate a ‘virtual’ SEIR (only take UK data from CEIR) EIR = Equipment Identity Register, NMPR = National Mobile Phone Register, SEIR = Shared EIR, CEIR = Central EIR
    13. 13. Industry steps over 10 years  Vastly improved IMEI security – Manufacturers have fought a long battle with embedded systems hackers  Industry “IMEI Weakness and Reporting and Correction Process” – 42 day reporting for fixes  Progress reported regularly to European Commission  UK charter on mobile phone theft and UK SEIR  Operators still lagging with CEIR sign-up – Very few connected – getting better though! – National governments still need to take an active lead, but very few have – Some operators not investing in EIRs
    14. 14. Handset Embedded Security Evolution RIM / Nokia proprietary security features Google / Apple Proprietary hardware security features TCG MPWG Specification Banking / film industry requirements Fragmented Security EICTA / GSMA 9 Principles OMTP Trusted Environment: OMTP TR0 OMTP Advanced Trusted Environment: OMTP TR1 WAC webinos GSMA Pay-Buy-Mobile 2002 2003 2004 2005 2006 2007 2008 2009 2010/11 2012
    15. 15. Mobile Telephones (Re-Programming) Act (2002)   Offences: – Change a unique device identifier – Interfere with the operation of a unique device identifier – Possession (with intent) of tool and offering to re-program  Maximum 5 years imprisonment 2009-2011 - 2 years, 5 investigations, no convictions*  Problem – most tools were dual use (maintenance, SIMlock removal AND IMEI change). Very difficult and costly to prove  Other offences involved are often more serious – e.g money laundering  Deterrent effect? * Source: National Mobile Phone Crime Unit
    16. 16. Recycling and Export  Lots of stolen phones are exported, re-sold abroad through the web or “recycled”  Recyclers Charter and Code of Practice – Check incoming phones are not stolen  Some foreign recyclers offering to take blocked phones from the UK  Very difficult to work out exactly how many stolen phones are exported as they just disappear – Each network looks after their own data – Evidence to suggest that stolen phones are exported to classic shipment hubs overseas such as Dubai
    17. 17. Regional Theft Guard  Investigated at length by industry  An alternative method of disabling mobiles as not all operators were using the CEIR  3 solutions were investigated but proved to be at issue: – – – – Could be subverted by other means once in place High threat of collusion at a low level Tough to prove originating operator / owner – e.g. whether stolen Not a panacea by any means
    18. 18. Counterfeits From: And:
    19. 19. Counterfeits (2) From: bamas-sponsorship-of-shanzhai-blockberrychinese-netizens-reactions/
    20. 20. Global Blacklisting Problems Blacklisting for other reasons such as fraud User error – wrong IMEI Social engineering of call centre staff Lost then found Jurisdictional Differences Network Operator A cannot trust data from Network Operator B Mass duplicates of IMEIs from counterfeit devices Not blacklisting quickly enough Counterfeit devices deliberately copying legitimate IMEIs Is the IMEI “personal data”? Human error in call centres What about other features of the phone that are not disabled?
    21. 21. Near Field Communications  Samsung, RIM, Google Wallet and others… Another reason to steal a phone  Demo application developed for capturing credit card numbers  Numerous attack scenarios outlined already  Peer-to-peer payments From:
    22. 22. Access control is becoming much more important From:
    23. 23. Biometrics  Still immature on mobile devices – – – – Early solutions easy to defeat (e.g. gummy finger etc.) Requires significant processing power May see some kind of cloud-based solution emerge (e.g. voice biometrics) Android 4.0 started facial recognition based on acquisition of Pittsburgh Pattern Recognition – not widely used by users – iPhone 5S introduced TouchID – 990 million devices with fingerprint sensors predicted by 2017  Increased risk for the user – User as unlock key means user becomes the target of attack – Same issue as car crime Also see:
    24. 24. Apple TouchID Hack / Reported Issues
    25. 25. Repeating the ‘gummy finger’ - tools needed  One trip to HobbyCraft….  100g Gedeo Siligum (Silicone Moulding Paste) £9.99  250ml Gedeo Latex £3.99  Total Cost: £13.98 26 Note: Experiment conducted in 2005 by the author on an optical scanner. Originally described by Ton van der Putte in 2000 and by Tsutomu Matsumoto in 2002
    26. 26. Challenges for Biometrics  False negatives: – – – – – – – – – – Eyelashes too long Long fingernails Arthritis Circulation problems People wearing hand cream People who’ve just eaten greasy foods People with brown eyes Fingerprint abrasion, includes: Manual labourers, typists, musicians People with cuts Disabled people
    27. 27. Biometrics (2) From:
    28. 28. Result of: “User Is The Key” Sources: ITV, Evening Standard, BBC
    29. 29. Helpful Technology  “Cloud” and 3rd party client applications: – – – – – Offline backup Lock and wipe functionality Locate my phone Traditional anti-virus vendors are providing packaged functionality Parental controls  Not just technology – also consumer awareness and education  Mobile industry is still well aware of the problem and willing to help
    30. 30. Tracking Stolen Phones  Being introduced as standard on many handsets  Privacy concerns if misused  What good is it if your phone appears abroad? From: And:
    31. 31. 3rd Party Solutions  Traditional AV vendors can finally add real value  Packaged, holistic apps: From:
    32. 32. Point of Sale Registration? 
    33. 33. Political Initiatives • Not just US and UK, South American countries (through CITEL) taking a strong lead and others are gradually following
    34. 34. Political Bandwagon? “Each of your companies promote the security of your devices, their software and information they hold, but we expect the same effort to go into hardware security so that we can make a stolen handset inoperable and so eliminate the illicit second-hand market in these products” Boris Johnson, Mayor of London, July 2013 1st December 2013 • But: cutting the National Mobile Phone Crime Unit’s budget at the same time!
    35. 35. New solutions example: Activation Lock     Apple introduced in iOS7 (but under some political pressure) This is the right thing to do Politicians are right that this type of thing is CSR* Functionality becomes the target of hacks though * Corporate Social Responsibility
    36. 36. “Kill Switch”  Doesn’t accurately describe solutions being deployed by Apple, Samsung – Not all the same! Some apparently subscription based  Politicians and media love the term  If we really had a true ‘kill switch’ it would be a massive target for cyber attacks – Imagine killing every phone in the world?  Some technological solutions are becoming viable – Not all about operators blacklisting IMEIs anymore – Devices phone home to OS vendors • • • • Value is in the things they access – e.g. software updates, app stores OS vendors could take whitelists from GSMA Verify location if stolen – give legitimate owner the option about what to do Work with law enforcement to understand theft fencing / trade routes
    37. 37. Divide and Conquer?  Politicians are looking at the problem too simplistically  Separate operator and vendor meetings don’t help – Just creates a blame game – It didn’t work in 2001 and it doesn’t work in 2013  Some politicians stating that industry is deliberately profiting from theft so is therefore not taking action – This is crazy and false – Have to remember it is the criminal who steals the phone – More action is needed on all sides and some could do much better  All parties need to work together – Government, Police, users and industry are all part of the solution – Need to keep looking at things such as insurance fraud – GSMA Device Security Steering Group is doing a lot of work on the technical side
    38. 38. Statistics – people will always steal things? 9,000,000 8,000,000 7,000,000 6,000,000 5,000,000 4,000,000 3,000,000 2,000,000 1,000,000 - Acquisitive crimes 2011-12 2010-11 2009-10 2008-09 2007-08 2006-07 2005-06 2004-05 2003-04 2002-03 2001-02 Involving mobile phones Source: Crime Survey for England & Wales • How much has mobile phone ownership gone up in the last 10 years? • We need to compare theft stats against ownership figures to give a true picture
    39. 39. Digging into the UK ONS mobile theft stats  Phone theft fell between 2008 and 2010 – the authors attribute it to the MICAF charter.  There was a decrease in theft rates among children aged 10-17  The figures are only estimates and are extrapolated from the survey of a small number of people  The estimated increase last year has not risen above the 2008/09 figures.  The survey asks people if they had a phone stolen – but that could be that person’s perception still, it could easily have been lost.  The report acknowledges that phone theft peaked in 2003/04 and states that “it is clear that mobile phone theft incidents remain a small fraction of overall acquisitive crime”.  Incidents of mobile phone theft are more likely to be reported to the network provider than the Police.  25% of incidents were not reported to the network provider: – 43% of these “the phone was returned to the owner” – i.e. it probably wasn’t actually stolen!
    40. 40. Questions? {@} @drogersuk Mobile Security: A Guide for Users: Copyright © 2013 Copper Horse Solutions Ltd. All rights reserved. 41
    41. 41. References  Immobilise:  Mobile Phone (Re-programming) Act 2002:  NMPCU:  CCSG / MICAF:  9 Principles:  OMTP TR1: