Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
http://www.mobilephonesecurity.org   David Rogers, Copper Horse Solutions Ltd.   26th October 2011   MOBILE PHONE THEFT: A...
http://www.mobilephonesecurity.org  SOME INFORMATION  About Me     12 years in the mobile industry     Hardware and soft...
http://www.mobilephonesecurity.org  THE PROBLEM     Millions of mobile phones are stolen each year globally     Some cou...
http://www.mobilephonesecurity.org  TYPES OF THEFT     Street theft / theft from user          Individual handsets (mugg...
http://www.mobilephonesecurity.org  YOUTH ON YOUTH CRIME     School bag in 2011 is £000s different to 1991     Issues wi...
http://www.mobilephonesecurity.org  CRAVED     Six elements that make products attractive to thieves:          Concealab...
http://www.mobilephonesecurity.org  ROOT CAUSES     Value of device          Can be shipped and sold overseas where it w...
http://www.mobilephonesecurity.org  CAR CRIME V PHONE CRIME     Analogy everyone uses in government:       “we solved car...
http://www.mobilephonesecurity.org     Explanation of how a phone is disabled after theft     Copyright © 2011 Copper Hors...
http://www.mobilephonesecurity.org  HOW BLOCKING WORKS     Blacklisting     (whitelists and greylists exist too)        ...
http://www.mobilephonesecurity.org  INDUSTRY STEPS OVER 10 YEARS     Vastly improved IMEI security          Manufacturer...
http://www.mobilephonesecurity.org  MOBILE TELEPHONES (RE-PROGRAMMING) ACT (2002)     http://www.legislation.gov.uk/ukpga...
http://www.mobilephonesecurity.org  RECYCLING AND EXPORT     Lots of stolen phones are exported, re-sold abroad through  ...
http://www.mobilephonesecurity.org  REGIONAL THEFT GUARD     Investigated at length by industry     An alternative metho...
http://www.mobilephonesecurity.org  SITUATION NOW                                                                         ...
http://www.mobilephonesecurity.org  CURRENT STATS IN UK     Mobile phone theft is increasing (FY 2010/11)     Nationally...
http://www.mobilephonesecurity.org  COUNTERFEITS                                            From: http://reviews.ebay.com/...
http://www.mobilephonesecurity.org  COUNTERFEITS (2)                                                                      ...
http://www.mobilephonesecurity.org  GLOBAL BLACKLISTING PROBLEMS     Blacklisting                                         ...
http://www.mobilephonesecurity.org  NEAR FIELD COMMUNICATIONS     Samsung, RIM, Google Wallet and others…                ...
http://www.mobilephonesecurity.org             Access control is becoming much more important     Copyright © 2011 Copper ...
http://www.mobilephonesecurity.org  BIOMETRICS     Still immature on mobile devices          Early solutions easy to def...
http://www.mobilephonesecurity.org  CHALLENGES FOR BIOMETRICS     False negatives:          Eyelashes too long         ...
http://www.mobilephonesecurity.org  BIOMETRICS (2)     Copyright © 2011 Copper Horse Solutions Limited. All rights reserve...
http://www.mobilephonesecurity.org  RESULT OF: “USER IS THE KEY”     Copyright © 2011 Copper Horse Solutions Limited. All ...
http://www.mobilephonesecurity.org  HELPFUL TECHNOLOGY     “Cloud” and 3rd party client applications:          Offline b...
http://www.mobilephonesecurity.org  TRACKING STOLEN PHONES     Being introduced as standard on many handsets     Privacy...
http://www.mobilephonesecurity.org  3RD PARTY SOLUTIONS     Traditional AV vendors can finally add real value     Packag...
http://www.mobilephonesecurity.org  3RD PARTY SOLUTIONS (2)     Design Out Crime Competition          Usual “detect if u...
http://www.mobilephonesecurity.org  POINT OF SALE REGISTRATION?     http://www.immobilise.com      Copyright © 2011 Coppe...
http://www.mobilephonesecurity.org  WILL THE POLICE BE OVERWHELMED?     Problem could become not one of theft, but of rec...
http://www.mobilephonesecurity.org  THE ENGINEERING REQUIREMENTS OF AN UNSOLVABLE PROBLEM?     Design a phone that is usa...
http://www.mobilephonesecurity.org  DISCUSSION                               Contact                               Email: ...
Upcoming SlideShare
Loading in …5
×

Mobile Phone Theft: An unsolvable problem?

4,443 views

Published on

This talk was given at Oxford University on the 26th of October 2011 as part of their Information Security and Privacy Programme.

Over the past ten years, considerable effort has been put into engineering preventative solutions, policing and locating lost and stolen devices. Unfortunately theft of mobile devices continues to be an issue. Youth on youth crime is a particular issue in today’s world, where children take hundreds of pounds worth of electronic equipment to school with them every day. This talk will explore the issues and ask the following questions: Are we looking at a social issue rather than a technological one? Does new technology such as NFC and basing our lives in the cloud increase the risk of theft? Would the introduction of biometrics on phones put us as users at more of a risk than if we didn’t have it?

Published in: Technology, Business
  • ⇒⇒⇒WRITE-MY-PAPER.net ⇐⇐⇐ has really great writers to help you get the grades you need, they are fast and do great research. Support will always contact you if there is any confusion with the requirements of your paper so they can make sure you are getting exactly what you need.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • You might get some help from ⇒ www.HelpWriting.net ⇐ Success and best regards!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Check the source ⇒ www.WritePaper.info ⇐ This site is really helped me out gave me relief from headaches. Good luck!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Did you try ⇒ www.WritePaper.info ⇐?. They know how to do an amazing essay, research papers or dissertations.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • I was looking for a car through AutoTrader, but decided to join Gov-Auctions and I bought my new car and saved over $8700. ➜➜➜ https://w.url.cn/s/Av0YfS8
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Mobile Phone Theft: An unsolvable problem?

  1. 1. http://www.mobilephonesecurity.org David Rogers, Copper Horse Solutions Ltd. 26th October 2011 MOBILE PHONE THEFT: AN UNSOLVABLE PROBLEM? OXFORD UNIVERSITY INFORMATION SECURITY & PRIVACY SEMINAR SERIES Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  2. 2. http://www.mobilephonesecurity.org SOME INFORMATION About Me  12 years in the mobile industry  Hardware and software background  Head of Product Security at Panasonic Mobile  Worked with industry and government on IMEI and SIMlock security  Pioneered some early work in mobile phone forensics  Brought industry together on security information sharing  Director of External Relations at OMTP  Programme Manager for advanced hardware security tasks  Chair of Incident Handling task  Head of Security and Chair of Security Group at WAC  Owner and Director at Copper Horse Solutions  Blog: http://blog.mobilephonesecurity.org, Twitter: @drogersuk About Copper Horse Solutions Ltd.  Established in 2011  Software and security company  Focussed on the mobile phone industry  Services:  Mobile phone security consultancy  Industry expertise  Standards representation  Mobile application development  http://www.copperhorsesolutions.com Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  3. 3. http://www.mobilephonesecurity.org THE PROBLEM  Millions of mobile phones are stolen each year globally  Some countries have not recognised it as a problem  UK has led the way  2001 Home Office study:  710,000 phones stolen in the UK every year  Large percentage of this was likely to be insurance fraud  Despite many technical measures, it is still a problem today Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  4. 4. http://www.mobilephonesecurity.org TYPES OF THEFT  Street theft / theft from user  Individual handsets (muggings etc.)  Theft from shops  Multiples (burglaries)  Bulk theft  Pallet loads (truck theft etc.) Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  5. 5. http://www.mobilephonesecurity.org YOUTH ON YOUTH CRIME  School bag in 2011 is £000s different to 1991  Issues with bullying, theft, abuse of service and re-sale of stolen handsets  Education is key: Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  6. 6. http://www.mobilephonesecurity.org CRAVED  Six elements that make products attractive to thieves:  Concealable  Removable  Available  Valuable  Enjoyable  Disposable  Report argues that “how much depends on ease of disposal” From: Ron Clarke - „Hot Products: understanding, anticipating and reducing Copyright © 2011 Copper Horse Solutions Limited. All rights reserved demand for stolen goods‟ http://www.popcenter.org/problems/shoplifting/PDFs/fprs112.pdf
  7. 7. http://www.mobilephonesecurity.org ROOT CAUSES  Value of device  Can be shipped and sold overseas where it will still work  Features and commodities on device  Apps, music, money  WiFi enables device to continue to be used  Theft of service – still an issue e.g. calls abroad  Possession  It is just something else someone is carrying (belts have been stolen in the past!)  not allowing user to call for help Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  8. 8. http://www.mobilephonesecurity.org CAR CRIME V PHONE CRIME  Analogy everyone uses in government: “we solved car crime by putting pressure on the manufacturers to introduce security, we can do the same for mobile phones”  Mobile is different!  Remember CRAVED  Users need to access device very regularly – ease of access is very important  Much lower cost device than a car  Easy to lose, then subsequently stolen  Small, easy to export  High youth on youth crime  Attention to car crime has reduced it significantly but:  Increases in carjacking and aggravated burglary (for keys)  Hacking of wireless ignition systems Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  9. 9. http://www.mobilephonesecurity.org Explanation of how a phone is disabled after theft Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  10. 10. http://www.mobilephonesecurity.org HOW BLOCKING WORKS  Blacklisting  (whitelists and greylists exist too) 357213000000290 357213000000128 357213000030123 Country GSM Association SEIR CEIR EIR EIR EIR EIR EIR EIR EIR Operator  Also: in UK - NMPR – Police database of property can be checked while on patrol Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  11. 11. http://www.mobilephonesecurity.org INDUSTRY STEPS OVER 10 YEARS  Vastly improved IMEI security  Manufacturers have fought a long battle with embedded systems hackers  Industry “IMEI Weakness and Reporting and Correction Process”  42 day reporting for fixes  Progress reported regularly to European Commission  UK charter on mobile phone theft and UKSEIR  Operators still lagging with CEIR sign-up  Very few connected  National governments need to take the lead  Some operators not investing in EIRs Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  12. 12. http://www.mobilephonesecurity.org MOBILE TELEPHONES (RE-PROGRAMMING) ACT (2002)  http://www.legislation.gov.uk/ukpga/2002/31/contents  Offences:  Change a unique device identifier  Interfere with the operation of a unique device identifier  Possession (with intent) of tool and offering to re-program  Maximum 5 years imprisonment In the last 2 years, 5 investigations, no convictions*  Problem – most tools were dual use (maintenance, SIMlock removal AND IMEI change). Very difficult and costly to prove  Other offences involved are often more serious  e.g money laundering  Deterrent effect? Copyright © 2011 Copper Horse Solutions Limited. All rights reserved * Source: National Mobile Phone Crime Unit
  13. 13. http://www.mobilephonesecurity.org RECYCLING AND EXPORT  Lots of stolen phones are exported, re-sold abroad through the web or “recycled”  Recyclers Charter and Code of Practice  Check incoming phones are not stolen  Some foreign recyclers offering to take blocked phones from the UK  Very difficult to work out exactly how many stolen phones are exported as they just disappear  Each network looks after their own data  Evidence to suggest that stolen phones are exported to classic shipment hubs overseas such as Dubai Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  14. 14. http://www.mobilephonesecurity.org REGIONAL THEFT GUARD  Investigated at length by industry  An alternative method of disabling mobiles as not all operators were using the CEIR  3 solutions were investigated but proved to be at issue:  Could be subverted by other means once in place  High threat of collusion at a low level  Tough to prove originating operator / owner – e.g. whether stolen  Not a panacea by any means Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  15. 15. http://www.mobilephonesecurity.org SITUATION NOW From: http://www.dailymail.co.uk/news/article-2051414/iPhone- Copyright © 2011 Copper Horse Solutions Limited. All rights reserved BlackBerry-phones-targetted-thieves-leads-7-rise-knifepoint- robbery.html?ito=feeds-newsxml
  16. 16. http://www.mobilephonesecurity.org CURRENT STATS IN UK  Mobile phone theft is increasing (FY 2010/11)  Nationally mobile phone thefts in all crime: +9.7%  Nationally mobile phones stolen during personal robbery: +13.4%  And in London during robbery: +21.4%  60% of all mobiles stolen in personal robbery in London are Blackberry or iPhone Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  17. 17. http://www.mobilephonesecurity.org COUNTERFEITS From: http://reviews.ebay.com/Avoid-Buying-Fake-Nokia-Cell-Phone-Battery-On- eBay_W0QQugidZ10000000001916166 And: http://www.slashgear.com/uk-could-become-key-counterfeit-route-after-trademark-ruling-1452340/ Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  18. 18. http://www.mobilephonesecurity.org COUNTERFEITS (2) From: http://www.littleredbook.cn/2009/07/06/o bamas-sponsorship-of-shanzhai- Copyright © 2011 Copper Horse Solutions Limited. All rights reserved blockberry-chinese-netizens-reactions/
  19. 19. http://www.mobilephonesecurity.org GLOBAL BLACKLISTING PROBLEMS Blacklisting Social engineering for other User error – wrong Lost then IMEI of call centre staff found reasons such as fraud Jurisdictional Differences Network Operator A cannot trust data from Network Mass duplicates of Operator B IMEIs from counterfeit devices Not blacklisting quickly enough Counterfeit devices Is the IMEI “personal data”? deliberately copying legitimate IMEIs Human error What about other features of the in call centres phone that are not disabled? Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  20. 20. http://www.mobilephonesecurity.org NEAR FIELD COMMUNICATIONS  Samsung, RIM, Google Wallet and others… Another reason to steal a phone  Demo application developed for capturing credit card numbers  Numerous attack scenarios outlined already  Peer-to-peer payments Copyright © 2011 Copper Horse Solutions Limited. All rights reserved From: http://www.retroworks.co/scytale.htm
  21. 21. http://www.mobilephonesecurity.org Access control is becoming much more important Copyright © 2011 Copper Horse Solutions Limited. All rights reserved From: http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm
  22. 22. http://www.mobilephonesecurity.org BIOMETRICS  Still immature on mobile devices  Early solutions easy to defeat (e.g. gummy finger etc.)  Requires significant processing power  May see some kind of cloud-based solution emerge (e.g. voice biometrics)  Android 4.0 has facial recognition based on acquisition of Pittsburgh Pattern Recognition  Increased risk for the user  User as unlock key means user becomes the target of attack  Same issue as car crime Copyright © 2011 Copper Horse Solutions Limited. All rights reserved From: http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm
  23. 23. http://www.mobilephonesecurity.org CHALLENGES FOR BIOMETRICS  False negatives:  Eyelashes too long  Long fingernails  Arthritis  Circulation problems  People wearing hand cream  People who‟ve just eaten greasy foods  People with brown eyes  Fingerprint abrasion, includes: Manual labourers, typists, musicians  People with cuts  Disabled people Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  24. 24. http://www.mobilephonesecurity.org BIOMETRICS (2) Copyright © 2011 Copper Horse Solutions Limited. All rights reserved From: http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm
  25. 25. http://www.mobilephonesecurity.org RESULT OF: “USER IS THE KEY” Copyright © 2011 Copper Horse Solutions Limited. All rights reserved Sources: ITV, Evening Standard, BBC
  26. 26. http://www.mobilephonesecurity.org HELPFUL TECHNOLOGY  “Cloud” and 3rd party client applications:  Offline backup  Lock and wipe functionality  Locate my phone  Traditional anti-virus vendors are providing packaged functionality  Parental controls  Not just technology – also consumer awareness and education  Mobile industry is still well aware of the problem and willing to help Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  27. 27. http://www.mobilephonesecurity.org TRACKING STOLEN PHONES  Being introduced as standard on many handsets  Privacy concerns if misused  What good is it if your phone appears abroad? From: http://www.apple.com/iphone/built-in-apps/find-my-iphone.html Copyright © 2011 Copper Horse Solutions Limited. All rights reserved And: http://www.samsungdive.com/DiveMain.do
  28. 28. http://www.mobilephonesecurity.org 3RD PARTY SOLUTIONS  Traditional AV vendors can finally add real value  Packaged, holistic apps: Copyright © 2011 Copper Horse Solutions Limited. All rights reserved From: https://www.mylookout.com/features/missing-device/
  29. 29. http://www.mobilephonesecurity.org 3RD PARTY SOLUTIONS (2)  Design Out Crime Competition  Usual “detect if user walks away” etc  Over The Air event – Competition sponsored by NMPCU  Winner: “Freeze Punk”  Motion sensor using camera – e.g. in hotels / on tables  Another app for users without PINs:  dummy banking app which initiates a tracking feature as it connects to the web  can inform friends nearby to the phone  Real life usage is often not compatible with anti-theft solutions  Barrier to disable feature – e.g. PIN  Not easy to design something useful Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  30. 30. http://www.mobilephonesecurity.org POINT OF SALE REGISTRATION?  http://www.immobilise.com Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  31. 31. http://www.mobilephonesecurity.org WILL THE POLICE BE OVERWHELMED?  Problem could become not one of theft, but of recovery  Users are able to track and identify the location of their stolen goods  No lawful way of users recovering them  Users expect Police to do something  Recovery of the phone is the most important thing  Detection of crime is becoming extremely successful  Need to think more carefully about how to manage theft and robbery problems  Prevention becomes an imperative Copyright © 2011 Copper Horse Solutions Limited. All rights reserved
  32. 32. http://www.mobilephonesecurity.org THE ENGINEERING REQUIREMENTS OF AN UNSOLVABLE PROBLEM?  Design a phone that is usable but immediately useless when stolen  The phone may have multiple bearers and functions  A phone that can be locked but reactivated if lost and found  A global blocking system which is accurate and that works around the world for every phone  A phone that keeps users‟ data private and safe from disclosure if stolen or lost Copyright © 2011 Copper Horse Solutions Limited. All rights reserved From: http://www.retroworks.co/scytale.htm
  33. 33. http://www.mobilephonesecurity.org DISCUSSION Contact Email: david.rogers@copperhorses.com Twitter: @drogersuk Blog: http://blog.mobilephonesecurity.org Copyright © 2011 Copper Horse Solutions Limited. All rights reserved

×