There is an ongoing compeition in England about combining design and security to improve the security of mobile phones, and more precisely, to limit the stealing of phones. This sounds like a wonderful idea, because design can make attacks unpractical and/or more difficult to implement, therefore making a stolen phone less valuable. I can’t wait to see the results (to come next year).
There is a nice brochure describing the challenge, which explains the terrible things that may happen to people that get their phone stolen. The funny thing is that this brochure ignores some of the effective defenses that are currently in use.
- In two cases, the victims are unhappy because of the loss of their contacts. Today, it is often quite easy to back them up, either through a PC connection for feature phones and smartphones, or through the operator when this is not available.
- In at least one case, the phone is stolen while not in use. In such a situation, it is simple to use a password protection, which makes it difficult to use the phone, at least for a casual thief. Of course, that doesn’t work in the other cases: in one instance, the phone is snatched while in use (i.e., unlocked); in the other case, the phone is stolen with violence (i.e., with any required password).
- In one case, Amazon’s “1-click shopping” is mentioned as a way to rob the victim by using the Internet connection. I am not sure of the particular combination if “iPhone+1-click shopping”, but I know that, when I use Amazon and I try to register a new delivery address (useful for a thief), all my stored credit card numbers are reset.
Of course, I am acting like a technologist here. A designer would tell me that at least my two countermeasures are so painful to use that nobody uses them. Well, that’s quite right, and I hope that they will find solution that automatically backs up phone data, or alternative ways to authenticate (actually, I personnally think that entering codes is painful, and I would love to use a quick touch-based authentication method on devices that include a touch interface).
Overall, just thinking about all this for 5 minutes convinces me that this competition is a really great idea, because combining tech and design is the right way to go.
Hmmm…
This seems too easy to me.
1. Store all sensitive data on the SIM
2. Install an app that automatically backs the data up over Bluetooth
3. Install the carrier-approved self destruct application
4. When it is determined that the phone is lost, then call the carrier and tell them to issue a self-destruct SMS
5. Problem solved. You data is backed up, so even if you get a unintended self-destruct SMS from the carrier, you should be fine.
Am I missing something here?
Waooh! I immediately looked up your site to check if you were a SIM vendor of any kind. I actually am related to a SIM vendor, and I may not have suggested what you did.
Maybe it goes a long way to show how depressed the SIM industry has become, or maybe it is something else. In particular, the fact that it is hard to believe that the Nokia’s, Apple’s and Google’s of this world are ready to let apps store stuff on the SIM.
Still, this is a technological answer, and unless it becomes widely accepted, it will not become a theft deterrent. Globally, this is where people like us stop being efficient, and where designers (object designers, not software designers) come in the loop.
No,
I’m not a SIM vendor employee, but I got a huge background in Bluetooth.
– Bruce