POTENTIAL FOR ABUSE STALLS CELLPHONE KILL SWITCH DEBATE KILL SWITCHES IN CELLPHONES MIGHT BE A THEFT DETERRENT, BUT THEY MIGHT ALSO INVITE OTHER TYPES OF CRIME THAT COULD HAVE GRIM CONSEQUENCES -- FOR EXAMPLE, DISABLING THE PHONES OF GOVERNMENT OFFICIALS. THATS THE ARGUMENT CARRIERS ARE MAKING AGAINST INSTALLING THE SWITCHES, AT ANY RATE, ALTHOUGH CYNICS ARE INCLINED TO THINK THEIR OBJECTIONS ARE MORE ABOUT REVENUE LOSS. Law enforcement officials and mobile phone makers last week knocked heads with wireless carriers over planting kill switches in smartphones. Led by a district attorney in San Francisco and attorney general in New York, law enforcement would like all smartphones to contain firmware that allows a consumer to brick a mobile thats lost or stolen. The largest mobile phone maker in the world, Samsung, is on board with the program, and a developer of kill-switch software has offered its program to Samsung for free. Problem is, the wireless carriers are cool to the idea. One possible reason is that carriers make good money from replacement of lost and stolen phones, but there are some less cynical explanations for their balking. For example, if hackers should gain control of a phones kill switch, they could deny the owner access. They might be able to disable the phones of government employees, such as those working for the FBI or Department of Homeland Security. NSAS SHADOW There is definitely a concern that hackers might be able to use this feature, which not only puts our citizens privacy at risk, but also our government agencies, Tom Kemp, CEO of Centrify, told TechNewsWorld. But there is more to it. Given the recent issues with the NSA phone taps and companies like Facebook and Google being asked to hand over their users private information, I think that the carriers are working to keep themselves as independent from government control as possible, he observed. Ive said before that if we grant carriers more controls, the government will step in and want access to that control, and I just dont see carriers willingly allowing that to happen, added Kemp. KILL GOOD, RECOVER BETTER Nevertheless, there are those who argue that kill switches can go a long way toward reducing cellphone thefts, which, according to the Federal Communications Commission, account for 30 to 40 percent of all robberies in the nation. A kill switch can protect consumers against theft and will act as a deterrence in the market and reduce the theft epidemic, said John Livingston, CEO of Absolute Software, which makes software kill switches. Absolute also has a LoJack-like recovery service for stolen phones, which can be an even greater deterrent to cellphone thieves, according to Livingston. If you catch a thief, then theyre deterred from ever stealing a phone again, he explained. A kill switch is a good first step, but having the option to also recover is even better. BREACH COVER-UPS Despite movement in some states to require data breaches be reported to the public, large numbers of companies are still covering up their information sins, according to a study released by ThreatTrack. The survey of 200 malware analysts at U.S.-based enterprises revealed that more than half of them (57 percent) confessed theyd investigated a data breach that their company ultimately did not disclose. Thats pretty shocking in todays day and age, Dodi Glenn, senior director of ThreatTracks Security Intelligence and Research Labs, told TechNewsWorld. Some companies want to brush these things under the carpet because they want to avoid any penalties that might come down the line, he added. That could result in a financial hit or damage to their brand. Large companies were more likely to cover up data breaches than small companies, according to the survey. Sixty-six percent of malware analysts at companies with 500 employees or more said they hadnt disclosed a data breach, compared to 18 percent at businesses with 50 employees or less. Of course, larger companies pose a bigger target to malware creators than do smaller companies because of their larger presence in the market and more information they possess, the report notes. BREACH DIARY • Nov. 18. Six more alleged thieves are arrested by federal prosecutors in New York in connection with US$45 million worldwide ATM robbery. • Nov. 19. Google agrees to pay $17 million to settle lawsuit resulting from discovery that the company installed tracking cookies in Apples Safari Web browser without user permission. • Nov. 19. MegaPath Corporation announces release of data breach calculator to assess the risk to a company of a data breach. • Nov. 20. Brian Krebs reports data breach in January at online dating site Cupid Media exposed information on 42 million consumers, including names, email addresses, unencrypted passwords and birthdays. • Nov. 20. Sachem Central School District on Long Island in New York informs parents and students that 15,000 student records containing names, school IDs and lunch designations were posted online after a data breach. • Nov. 20. Anthem Blue Cross of California notifies an unspecified number of physicians that their names, business addresses and Taxpayer ID/Social Security numbers were in documents posted at the companys website from Oct. 23-24. Anthem is offering the affected physicians one year of ID protection services. • Nov. 21. IT consultant Jason Huntley blogs that his smart TV made by LG transmitted data about his personal viewing habits as well as names of files on a hard drive connected to his TV despite his activation of privacy controls for the device. • Nov. 21. Milwaukee Alderman Michael Murphy says city is pursuing all its options in connection of the theft of a USB drive from an employee of Dynacare, which manages the burgs wellness program. Drive contained sensitive information on flash drive with the personal information of 9,414 city employees, their spouses or domestic partners. By John P. Mello Jr. TechNewsWorld
Posted on: Mon, 02 Dec 2013 04:48:28 +0000