or Connect
AppleInsider › Forums › Mobile › iPhone › SF DA initially pleased in antitheft testing of Apple's iOS 7 Activation Lock, Samsung's LoJack
New Posts  All Forums:Forum Nav:

SF DA initially pleased in antitheft testing of Apple's iOS 7 Activation Lock, Samsung's LoJack

post #1 of 54
Thread Starter 
San Francisco's District Attorney George Gasc?n described the smartphone theft deterrent systems demonstrated by Apple and Samsung as "clear improvements" in the City's efforts to thwart crime.

activation


Last week, Gasc?n and New York's Attorney General Eric Schneiderman announced efforts to test the two company's new security technologies to "see if they stand up to the tactics commonly employed by thieves" in an program that partnered with experts from the Northern California Regional Intelligence Center.

In a followup report by the San Francisco Examiner, Gasc?n said he was "very optimistic that they came and were willing to share their technology with us."

He also noted that neither Microsoft's Windows Phone nor Google's Android had similar technology to demonstrate for their own mobile platforms.

Stealing smartphones is a big business, with the US Federal Communications Commission stating that one third of robberies nationally involve a cellphone. In tech savvy San Francisco, the figure is closer to half of all robberies.

Gasc?n declined to detail how the technologies used by Apple and Samsung work, stating that they are not yet finalized. Apple's "Activation Lock" feature remains under NDA as part of iOS 7, while Samsung has contracted with a third party for a security subscription service.

Apple the first OS vendor to announce platform theft security



Apple's new Activation Lock was however demonstrated this summer at the company's Worldwide Developer Conference.

The new feature involves embedding the users' iCloud account into the device's low level firmware, so that even if thieves attempt to wipe the device, it will refuse to subsequently "activate" until the account and password are entered.

iOS "activation" involves the device contacting Apple's servers, an additional step that the company can tie to a specific iCloud account and device's UUID. Apple can therefore refuse to activate a device that has been reported as stolen until both authentication factors (the device and the account) are supplied.

Apple has recently added new layers of security to iTunes and iCloud to support two factor authentication (Apple calls it "two step verification").

two factor authentication


This means that a user can configure their account require access to both a verified hardware device and their account credentials password, preventing a remote third party from simply guessing at their credentials or using an illicitly acquired username and password by itself.

Apple is also using this same heightened security to support secure, encrypted sync of users' passwords and credit card numbers via iCloud Keychain in iOS 7 and OS X Mavericks, and will use this security apparatus to secure iOS 7 Activation via iCloud.


Source: Apple


Apple's existing "Find My iPhone" feature already allows users to track stolen devices or remotely wipe a device after it is stolen, but it is currently easy for a thief to take a stolen device off the network and erase it to "factory new" condition, allowing for easy resale because iOS 6 doesn't yet tie activation into the users' iCloud account.

Stitching "Find My iPhone" into the low level firmware in iOS 7 means that a thief would at least need to crack the device's security via a jailbreak, a practice Apple actively seeks to make impossible (even as hobbyist crackers work to find security exploits to defeat this, enabling root access and making it possible to pirate stolen third party apps).

It appears that Apple's additional activation steps would also require phone thieves to spoof the device's hardware UUID and install new, modified firmware omitting support the Activation Lock feature, both non-trivial tasks.

Until the feature is released and tested by security experts, it's hard to say how difficult it will be for determined thieves to defeat it. It will, however, provide significant new hurdles for criminals to jump.

iOS 7 users can remove Activation Lock and resell their device; the new buyers will be able to use Activation Lock to tie the device to their own iCloud accounts. However, if a user locked and then forgot their account password, they may be unable to reactivate the device until their account credentials are reset.

Samsung selling an app with firmware ties



Without anything similar provided by Google for Android, Samsung has partnered with third party developer Absolute Software to deliver a "LoJack" branded solution, at least for one model of its smartphone lineup: the Galaxy S4.

Samsung's security app solution is conceptually similar to its use of third party Knox software to shore up Android's missing enterprise security features on certain new Galaxy phones.

Tied into the phone's firmware by Samsung, the LoJack app says it can allow users to remotely lock, wipe and locate a missing device similar to iCloud's Find My Phone, but also says it will "work with law enforcement globally to get the device back."

The service is supplied with a $29.99 annual fee, whereas Apple's iCloud and Find My Phone are free to iOS users.

While Absolute says its LoJack app "cannot be removed by a factory reset once the app is installed by the user and activated," thieves are likely to be savvy enough to go beyond a "factory reset" and perform a ROM flash of the firmware itself after rooting the device, as noted by Android Police

The "openness" of the Android platform in general makes it harder to secure such a firmware-level solution, because Google itself does not oppose rooting and reinstalling an Android system's firmware with new code missing the necessary security app support.

Samsung and other Android licensees often do take efforts to make it more difficult to root some of their devices, just as Apple does, both to secure their software and their business model.

However, removing security elements from Android's core firmware is also much easier than with iOS because the underlying Android software is open source and can be compared against the core Android firmware that lacks such security.
post #2 of 54
I'll believe it when I see this in action. At the moment I've had two different iPhones from the "Genius (refurbished) stock" that have caused me problems because despite being pulled out of the box "new" (refurbished new), they actually still had details of the previous owner stuck inside in some fashion, causing me no end of problems.

If a supposedly clean phone out of the box has those problems now, I have little faith in their ability to clear out the firmware when the users information will be even more deeply integrated with the device. We shall see.
post #3 of 54
So pay $29.99 subscription each year secure in the knowledge that LoJack can be defeated by rooting it your stolen S4?

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #4 of 54
The problem with Samsung's implementation is it relies on a third-party app with subscription while Apple's solution is built into iOS, is available for free and runs by default. Of course, iPhone parts are still worth money so this might not deter that many thieves. In fact, it might only deter the ones who actually understand what they are stealing. Thieves will always steal no matter how difficult the manufacturer makes it to use again. All this is doing is keeping honest people honest.
post #5 of 54
But will a simple "hacktivation" as currently implemented be able to bypass this?
post #6 of 54
Quote:
Originally Posted by Gazoobee View Post

I'll believe it when I see this in action. At the moment I've had two different iPhones from the "Genius (refurbished) stock" that have caused me problems because despite being pulled out of the box "new" (refurbished new), they actually still had details of the previous owner stuck inside in some fashion, causing me no end of problems.

If a supposedly clean phone out of the box has those problems now, I have little faith in their ability to clear out the firmware when the users information will be even more deeply integrated with the device. We shall see.

 

 

You do understand that turning on Activation Lock isn't really any more complicated to change or remove than your other iCloud account information?

 

What sort of "details of the previous owner stuck inside in some fashion, causing me no end of problems" have you experienced?

 

If a phone is wiped, there shouldn't be any data on it. If a refurb is not wiped, wiping it should solve any problems. 

post #7 of 54
Quote:
Originally Posted by AppleInsider View Post

The service is supplied with a $29.99 annual fee, whereas Apple's iCloud and Find My Phone are free to iOS users.
 


Had it been reversed and Apple was the one charging the fee, all the iHaters, fandroids, and general all-around-basement-dwellers would be screaming at the top of their lungs as to how Apple should be ashamed to try extracting more money from the consumer.

But no... sh!tty Android users have zero or low expectations of their OS so not a peep of complaints in the Android community.

post #8 of 54
Quote:
Originally Posted by TokyoJimu View Post

But will a simple "hacktivation" as currently implemented be able to bypass this?

 

Well the point is that activation is changing. One would think that if Apple were advertising this as a feature, they'd make it basically functional. But without more available information, it's hard to say too much about how it works.

post #9 of 54
Quote:
Originally Posted by Suddenly Newton View Post

So pay $29.99 subscription each year secure in the knowledge that LoJack can be defeated by rooting it your stolen S4?

 

Well when you put it THAT way....

Agree. But how long before the phone is not worth the subscription cost?

post #10 of 54
"subscription service"?? I don't see how law enforcement could praise that.
post #11 of 54
Quote:
Originally Posted by nagromme View Post

"subscription service"?? I don't see how law enforcement could praise that.

Indeed. had it been Apple it will be met with harsh criticism. 

post #12 of 54
Quote:
Originally Posted by Suddenly Newton View Post

So pay $29.99 subscription each year secure in the knowledge that LoJack can be defeated by rooting it your stolen S4?

It's not just rooting. A ROM has to be flashed and I'm sure that the devs will soon incorporate it into their ROM.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #13 of 54

Note to self: kill or kidnap smartphone users rather than simply taking their phones. 

post #14 of 54
Quote:
Originally Posted by Suddenly Newton View Post

So pay $29.99 subscription each year secure in the knowledge that LoJack can be defeated by rooting it your stolen S4?

 

This will be like KNOX. You won't be able to root a device with this enabled otherwise what's the point of having it installed? The clue is in their mentioning firmware upgrades.

 

Now wait until the Android geeks find out you have to choose between having this security software installed OR being able to flash a custom ROM. But not both.

 

The Android and Windows situation is really quite pathetic in this regard. This should be an OS level feature, not a third party feature (I've been called stupid for saying this in the past, wonder what the apologists have to say now).

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #15 of 54
Quote:
Originally Posted by TeeJay2012 View Post

Well when you put it THAT way....
Agree. But how long before the phone is not worth the subscription cost?

The day after you buy it?

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #16 of 54
Quote:
Originally Posted by sflocal View Post


Had it been reversed and Apple was the one charging the fee, all the iHaters, fandroids, and general all-around-basement-dwellers would be screaming at the top of their lungs as to how Apple should be ashamed to try extracting more money from the consumer.

But no... sh!tty Android users have zero or low expectations of their OS so not a peep of complaints in the Android community.

 

The $30 subscription fee is totally asinine.  The reason you won't hear massive complaints from the Android community is that Android already has less expensive alternatives (some are even free) to 'remotely lock, wipe and locate a missing device' and those alternatives can do much more then that.  Samsung could come out with a YouTube app tomorrow that costs $200 a year and the Android community wouldn't be up in arms.  They'll just laugh at them and continue using other sources.  If Samsung were to take actions to block their customers from being able to use alternatives, then you'd hear complaints.

post #17 of 54
Quote:
Originally Posted by DroidFTW View Post

 

The $30 subscription fee is totally asinine.  The reason you won't hear massive complaints from the Android community is that Android already has less expensive alternatives (some are even free) to 'remotely lock, wipe and locate a missing device' and those alternatives can do much more then that.

 

Biggest crock ever. Those Apps are useless as they can be easily bypassed/deleted. Only with a device that's locked and can't be rooted would you ever have any chance of getting it back after it's stolen.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #18 of 54
$30 annual fee for the Low-jack feature? Ouch.
post #19 of 54
Quote:
Originally Posted by EricTheHalfBee View Post

 

Biggest crock ever. Those Apps are useless as they can be easily bypassed/deleted. Only with a device that's locked and can't be rooted would you ever have any chance of getting it back after it's stolen.

 

There's no such thing as a device that can't be rooted. There are even people putting Android on iPhones. 

post #20 of 54
Quote:
Originally Posted by drblank View Post

$30 annual fee for the Low-jack feature? Ouch.

Beats the alternative by quite a bit.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #21 of 54
Quote:
Originally Posted by EricTheHalfBee View Post

Biggest crock ever. Those Apps are useless as they can be easily bypassed/deleted. Only with a device that's locked and can't be rooted would you ever have any chance of getting it back after it's stolen.

Most people don't even know what rooting is nor have ever heard of it. While a few SGS 4s might be forever lost I'd say that the overwhelmingly majority get recovered.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #22 of 54
Quote:
Originally Posted by dasanman69 View Post


Beats the alternative by quite a bit.

 

I'll take free over $30 a year, but to each their own. 

post #23 of 54
Quote:
Originally Posted by dasanman69 View Post


Most people don't even know what rooting is nor have ever heard of it. While a few SGS 4s might be forever lost I'd say that the overwhelmingly majority get recovered.

 

Incorrect.  Most people stealing phones are tech savvy professional criminals who can root any iPhone/Android phone within minutes.  Only super hackers on steroids steal phones.  /s

 

1biggrin.gif

post #24 of 54
Quote:
Originally Posted by dasanman69 View Post


Most people don't even know what rooting is nor have ever heard of it. While a few SGS 4s might be forever lost I'd say that the overwhelmingly majority get recovered.

 

Anyone who steals a phone to resell knows that it needs to be turned off immediately (or battery removed if it has one). Then they sell it to their "fence" who will know what to do with the device to make it saleable to the next person.

 

The people stealing property (cell phones, electronics, whatever) are just the "scavengers". The people buying are the ones with the know-how. I guarantee you the people buying the phones from these "scavengers" are very familiar with what to do to erase and reset a phone.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #25 of 54
Quote:
Originally Posted by Arlor View Post

 

There's no such thing as a device that can't be rooted. There are even people putting Android on iPhones. 

 

Please explain to me, then, how you can root a GS4. And no, I'm not talking about the common methods circulating. I want to you find someone who has done it on a GS4 that has KNOX installed.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #26 of 54
Quote:
Originally Posted by EricTheHalfBee View Post

 

Please explain to me, then, how you can root a GS4. And no, I'm not talking about the common methods circulating. I want to you find someone who has done it on a GS4 that has KNOX installed.

 

This thread's about whether devices are useful after theft, not whether a thief can access encrypted partitions on the phone. Knox can be flashed over just like anything else.

post #27 of 54
Wait until the DA does nothing to increase police presence etc and the thefts keep happening cause they can always be sold for parts. Stolen phones are a great source for Apple displays, batteries. Etc

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #28 of 54
Quote:
Originally Posted by charlituna View Post

Wait until the DA does nothing to increase police presence etc and the thefts keep happening cause they can always be sold for parts. Stolen phones are a great source for Apple displays, batteries. Etc

 

I didn't realize the average iPhone user was savvy enough to fix a broken iPhone using stolen parts.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #29 of 54
Quote:
Originally Posted by Arlor View Post

Note to self: kill or kidnap smartphone users rather than simply taking their phones. 

You sat that in jest but there was a case here where a Mercedes owner had his hand chopped off to get around the car's fingerprint recognition lock
post #30 of 54
Quote:
Originally Posted by Arlor View Post

 

This thread's about whether devices are useful after theft, not whether a thief can access encrypted partitions on the phone. Knox can be flashed over just like anything else.

 

Where's your proof?

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #31 of 54
Quote:
Originally Posted by longfang View Post

You sat that in jest but there was a case here where a Mercedes owner had his hand chopped off to get around the car's fingerprint recognition lock

I thought they required the conductivity only living tissue could provide.

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already f*ed.

 

Reply

Originally Posted by Slurpy

There's just a TINY chance that Apple will also be able to figure out payments. Oh wait, they did already… …and you’re already f*ed.

 

Reply
post #32 of 54
Quote:
Originally Posted by charlituna View Post

Wait until the DA does nothing to increase police presence etc and the thefts keep happening cause they can always be sold for parts. Stolen phones are a great source for Apple displays, batteries. Etc

 

There's only so many spare parts needed by the repair depots. Once phones can no longer be re-sold there will be a glut of stolen phones, prices will drop and they won't be so lucrative anymore. This will have a significant effect on stolen phones.

 

For example, there are numerous places that sell iPhone 5 screens and batteries for dirt cheap. This means that used screens/batteries will be worth even less, making a phone stolen for parts far less valuable than one stolen to resell. The logic board itself is useless since it's locked. When you can go to Apple and get a new screen for $149 then the only reason to go to an independent shop is if they can do it for significantly less. I just don't see selling iPhones for parts being nearly as profitable as selling an actual working phone.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #33 of 54
Quote:
Originally Posted by Tallest Skil View Post


I thought they required the conductivity only living tissue could provide.

 

What the thief thinks might work may be more important.

post #34 of 54
Quote:
Originally Posted by Tallest Skil View Post


I thought they required the conductivity only living tissue could provide.

 

Obviously the thieves weren't too smart.

post #35 of 54
Keep up the lobbying George. I can't quite put my finger print of all this Ha Ha. The good news is that spare parts will now be slightly cheaper on ebay.
post #36 of 54
I hope people understand, apple had the phone under NDA cause it has a fingerprint reader...no one going to unlock a stolen iPhone again, and I'm sure "find my phone" will have enough battery to send out a GPS lcation.

What would be really runny, if the phone can read the criminals fingerprint or send it to police after stolen, as said reader could be in home button or embedded into the actual screen...

Checkmate - Apple
post #37 of 54
Quote:
Originally Posted by DroidFTW View Post

I'll take free over $30 a year, but to each their own. 

There's device recovery included in the price. With find my iphone you're on your own, and lucky if you find a police officer to help you.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #38 of 54
Quote:
Originally Posted by matrix07 View Post

This is exactly why I never listen to all fandroids posting here. if they can't be objective, why give them a credit. 

 

Sounds like you were listening to me. LMAO.

post #39 of 54
Quote:
Originally Posted by Arlor View Post

 

What the thief thinks might work may be more important.

 

I see you did return to this discussion. I'm still waiting for proof you can take a KNOX GS4 and replace it with new software, thereby bypassing all security on the device and allowing a thief to use it.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #40 of 54
QUOTE:
"Well the point is that activation is changing. One would think that if Apple were advertising this as a feature, they'd make it basically functional. But without more available information, it's hard to say too much about how it works."

Please remember that it is not a feature that's included in the present IOS - only in the upcoming IOS 7.
Having tested it on an iPHONE 4 (enabling the security, then wiping, then trying to set-up as new user) I can confirm IT WORKS.

I was not able to re-set the phone and set-up for a new user without going through the additional motions.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • SF DA initially pleased in antitheft testing of Apple's iOS 7 Activation Lock, Samsung's LoJack
AppleInsider › Forums › Mobile › iPhone › SF DA initially pleased in antitheft testing of Apple's iOS 7 Activation Lock, Samsung's LoJack