Kill Track Mode for Find my iPhone

Discussion in 'iPhone' started by MrXiro, May 20, 2014.

  1. MrXiro, May 20, 2014
    Last edited: May 20, 2014

    MrXiro macrumors 68040

    MrXiro

    Joined:
    Nov 2, 2007
    Location:
    Los Angeles
    #1
    What would the caveats be for a Kill/Track mode on the iPhone through Find my iPhone?

    I can't be the only one who has thought of a mode that basically renders the touch screen and buttons as dead (or close to it) but turns on all the radios (4G/LTE/Wifi/GPS) and basically lets you track it to wherever it is. The only way to unlock is either punching in your code via iTunes or unlocking from your Find My iPhone app/website.

    This way any thief basically has a useless brick. You can even have it so that you can send messages to the phone if you want or only your contact info pops up on the screen if a button is pressed but the phone cannot be turned off and there is no access to anything besides a home screen message, not even a restore from a computer would work.

    Just wondering why they don't put in a feature like this? Too easy to hack and give someone control of another person's phone? I feel like even the way Apple currently has it set up that it's still easy to have your phone stolen, wiped and sold.
     
  2. I7guy macrumors G5

    Joined:
    Nov 30, 2013
    Location:
    What Exit?/Saguaro Country
    #2
    That Is actually interesting, not sure why apple hasn't implemented it or something like it.
     
  3. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #3
    Probably because killing the touch screen prevents the ability to call 911. Which, stolen or not, a phone should still be able to call 911... perhaps if, say, its rightful owner has managed to snatch the phone back from the thief, and said thief is now chasing the owner with a knife.

    Killing the touch screen would also disable the "call back" function when the phone is set to Lost Mode. When you turn on lost mode, a message displays on the screen and a call button appears, which will allow the phone to call a number you've specified in iCloud in the event someone happens to find your phone, and wants to give it back to you.


    I think the way Lost Mode is set up now is actually fine. It locks the phone and only allows you enter a passcode, call 911 or a number the owner sets. At that point, you pretty much have about as much of a brick as you can get... only it's a brick that gives the person finding it every chance to return that brick to its rightful owner.
     
  4. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #4
    All the thief would have to do is turn off the phone or take out the sim and then the phone cannot be tracked.
    And even if they do wipe it, its still a useless brick if you have find my iphone turned on. The activation lock works great for that.
    Find my iphone is just to find a general location, not a full blown theft recovery Lojack solution for a cellphone.
     
  5. MrXiro thread starter macrumors 68040

    MrXiro

    Joined:
    Nov 2, 2007
    Location:
    Los Angeles
    #5
    As I said... you won't be able to turn off the phone because it kills access to the buttons (including hard reset). Popping the SIM is an option but most people don't carry around a pin or SIM tool with them... but that still leaves access to any open Wifi to track.
     
  6. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #6
    Yes, not everyone does but its very easy to pop out the sim tray.
    And open wifi doesn't automatically connect to in order to track it.
     
  7. MrXiro thread starter macrumors 68040

    MrXiro

    Joined:
    Nov 2, 2007
    Location:
    Los Angeles
    #7
    I don't know if this is possible or not. But maybe a line code can written for your iPhone to ping it's last known location were the SIM popped out. In which case one would most likely know where the phone was still, since most of the time a thief would wait til they got home to do that, rather than risk getting caught on the street. Especially if the owner of the phone had a case or (in my case) a skin adhered onto the phone.

    You do know you're not naming a caveat for a Kill Track mode but just reasons how the current solution can't work.

    ----------

    Well the reason I ask is that thief could still turn off your phone. Blocking that ability would be additionally useful.
     
  8. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #8
    Lol
    A line of code? It will not be able to send anything out once the sim is popped out:D
    Again, lets not get crazy about it. Its only a cellphone.
    If its lost/stolen then it becomes unusable.
    Its not a recovery tool for everyone to go around hunting for their lost phones. That can bring way more trouble than its worth in the end IMO.
     
  9. MrXiro, May 20, 2014
    Last edited: May 20, 2014

    MrXiro thread starter macrumors 68040

    MrXiro

    Joined:
    Nov 2, 2007
    Location:
    Los Angeles
    #9
    The SIM card is merely data storage holding codes to your phone carrier. It's not like the phone can't hold the signal for a second longer and pinging the location before cutting off after popping out the SIM. It's not a battery :rolleyes:

    That's why it takes a few seconds for your phone to connect when you insert the SIM or turn your phone on.

    I'm only making discussion... trying to come up with better solutions to the issue.

    Recently a single mother and her teenage daughter came to my building looking for her phone and one of my thieving neighbors had it... she was so happy when she recovered it as she was poor (it was an iPhone 4 or 4S before you go judging her) and her husband had just left her after she came down sick with cancer or something, I forget. If it wasn't for the fact that my idiot neighbor didn't turn off the phone after he stole it off of her bicycle she would have never had gotten it back. I'm sure the next time he swipes a phone he'll be sure to turn the device off.
     
  10. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #10
    Right... but if they've already turned off the phone before you got the chance to put the phone in Nuke-Buttons mode via iCloud, then you won't be able to put the phone in Nuke-Buttons mode, and this feature will be unable to do its job. Same problem that exists today.

    Anyway, even if the buttons are inaccessible, they could just sell it parts-only, just like they do Activation Locked phones today. There's nothing to be gained from this.

    ----------

    Evidently, you don't know how GSM phones are supposed to work. You're right that it's not a battery, but the moment the SIM is removed from the phone, the phone MUST stop registering with that SIM.

    That's not the same thing at all.

    ----------

    Right, and we're discussing why all this does is make it harder for a person who lost their phone to find it.
     
  11. MrXiro thread starter macrumors 68040

    MrXiro

    Joined:
    Nov 2, 2007
    Location:
    Los Angeles
    #11
    Because you're an expert at GSM technology? Please enlighten me of the evidence that a GSM phone MUST be cut off as soon as the SIM is removed... I would like to understand this...
     
  12. scaredpoet, May 20, 2014
    Last edited: May 20, 2014

    scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #12
    A UICC card (what most people call a "SIM" card, though true SIMs are kinda outdated these days) contains at minimum a 128 bit cipher key that is unique to that UICC, called a Ki. Your home GSM network holds a copy of a UICC's assigned Ki value in its Authentication Centre (AuC) database. The phone is never provided the Ki value; it always remains stored on the UICC.

    In order to initiate any non-911 call communication over the mobile network, the network issues a challenge, where a random number is sent to the phone. The phone must then pass that number to the UICC's USIM application and call the "run GSM algorithm" function, which signs the number with its Ki value, and that gets passed back by the phone to the GSM network. If the number matches the answer that the network got using the same Ki stored in the AuC, then the phone can initiate its call or data connection.

    No UICC or SIM? No Ki.
    No Ki? No network access.

    There is no delay permitted. If the "SIM" is gone, the phone can't authenticate from that moment forward, until a card with a valid USIM application is put back in. Period.

    My background: cellular network deployments, GSM included. But, to be honest, typing all this out is a complete waste of time, since clearly you feel you're more of a GSM "expert" than I. So, I suggest you go build a build a radio that can connect to a modern cellular network without the authentication ciphers in place. I'm sure Apple would be very interested in buying it off you once you've built it. I'm sure a few three-letter agencies would be very curious about your invention, too.

    I fully understand your intentions, and that you'd like to build a better mouse trap. But it's already been explained to you what the pitfalls are with what you propose. It's not only impractical, there are scenarios where it's downright dangerous, and it's already clear that there will be nothing gained from it.

    Right now, politicians have in their heads that legislating "kill switches" will win them votes, and the proposals look a lot like this. While their hearts are (sort of) in the right place, this isn't the answer, and will cause more problems than it solves.
     
  13. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #13
    I don't think you understand the hardware behind it.
    It's not something that can be executed with software or a few lines of code like you think.
    As soon as the sim is popped out any communication with the tower such as data and others are terminated immediately.
    For it to happen the way you suggest will need new hardware and software on future devices.
    Does it suck losing or getting your device stolen? I agree, it sure does.
    I have iGotYa installed on my jb iPhone.
    I think features included in that hack should be implemented on future find my iPhone updates. And it truly is just lines of code without any hardware modifications. If a jb package developer can do it why cant Apple step up and include more features? That's my suggestion.
     
  14. MrXiro thread starter macrumors 68040

    MrXiro

    Joined:
    Nov 2, 2007
    Location:
    Los Angeles
    #14
    Your long answer is appreciated. I have a better understanding of it now.

    But as I said, the matter isn't having the authentication cipher, it's holding onto it for 1-2 seconds longer. It seems that, based on what I'm reading that you wrote, that it's more of a "rule" than a physical law.

    Let's say for the sake of argument that my phone has a 2 second latency problem. So everything I do, touch the screen, push the button, etc, is 2 seconds behind. If I eject the SIM card, wouldn't my phone still be connected for 2 seconds before it "recognizes" that the SIM card is ejected?

    I'm not saying I'm any sort of expert on this, but as any semi-intelligent person would bring up, I don't know if what you were spouting before your previous answer had any facts to back it up or if it was merely just someone on the same uninformed level as me telling me that I don't know what I'm talking about.
    Thanks again for your reply.

    ----------

    It's too bad that Apple won't let iGotYa be on stock phones. I don't JB, the times that I did my phone slowed down a fair bit and eventually I'd upgrade to the newest FW for the features and it wasn't worth it for me to constantly JB after an update.

    Thanks for the comment.
     
  15. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #15
    It's a fact that your phone will immediately seize all connections the fraction of the second the sim moves out of it's position.
    There is no 2 second delay or any delay at all. But you don't have to believe us, just test it out yourself.
     
  16. scaredpoet, May 21, 2014
    Last edited: May 21, 2014

    scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #16
    There is nothing to hold on to. The cypher is never shared with the phone, so there is nothing to keep in memory, even for a few seconds. Not even one second. Not even HALF a second.

    If you share the Ki, the security is broken. Granted, 128-bit security isn't all that great and might be hackable in some cases, but if you make an "exception" for this one purpose (which again, has more negatives than any useful positives), then you've caused even more problems than you've tried to solve.


    No, precise timing is a necessary function of how cellular networks operate. You could get away with massive timing asymmetries back when the networks were analog, but as networks switched to digital, timeslots became both mandatory and precise. If you slack on timing, the network breaks down. These aren't arbitrary rules. They involve laws of physics and mathematics.

    The bigger problem here is you're fixating on this one part of the discussion, to make your "improvement" work, while ignoring the broader issue here: You're basically asking the GSMA to blow a massive functional and security hole in a globally-recognized standard, in order to hopefully brick a phone when it gets lost. How is opening up all phones running in that standard to potential fraud - assuming the phones even continue to work at all - justified by this?

    And again, it's already been pointed out: All of this assumes that you can realize your phone is missing, find a computer or iOS device, log into Find my iPhone and send the kill signal before the thief turns the phone off. Which is no different from how things work now.


    More than likely, if the latency were THAT bad on the OS side, people wouldn't buy it. And if it was on the baseband, the carrier would reject the phone outright and you wouldn't be able to connect with it. The Ki authentication would time out every single time, for starters. The phone would be both a fraud risk, and interfere with the operation of all other phones in the vicinity that don't have this latency.

    Precise timing is absolutely necessary on a cellular network, and the timing tolerances get even more strict with the more recent cellular standards (GSM, UMTS, HSPA/+, LTE). A timing asymmetry of several nanoseconds is enough sometimes to drop a call and prevent network authentication. Two seconds? The network won't even acknowledge your phone exists after a few tries. Of course you could program your phone to keep trying, but before long it'll just start knocking other nearby phones off the network too, as its latent signals end up colliding with the correctly-timed signals of the other phones sharing the same pilot signal.

    These aren't just arbitrary rules, either. These ARE physical and mathematical laws, part of basic communication theory. The way the network functions depends on precise timing. You can't just introduce timing asymmetries and expect everything to be all right.

    Yeah, okay. As I said earlier, this is a waste of time, especially since anyone who can use Google and look up articles on wikipedia can pretty much verify what I'm saying is correct and you seem unwilling to accept any facts that disagree with your idea. I wish you the best of luck as you invent this latency-ridden, network-skewing phone that does what you want at the expense of the broader telecommunications networks. Though you might find that what you've "invented" not only already exists, but might actually be against the law.
     
  17. 960design macrumors 68000

    Joined:
    Apr 17, 2012
    Location:
    Destin, FL
    #17
    Isn't what you are asking already implemented?
    iCloud.com -> Find My Phone

    If it is offline, check Notify Me when Found and Lost Mode: Put in a message and a phone number to contact to return the device.

    If the thief turns the phone on, it will lock and notify you of its last known location. They cannot do anything, they now have a brick.
     

Share This Page