News: 1728356353

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Google brings better bricking to Androids, to curtail crims

(2024/10/08)


Google has apparently started a global rollout of three features in Android designed to make life a lot harder for thieves to profit from purloined phones.

The search and ads giant [1]announced the features in May, to coincide with its I/O developer conference. The tech has since been trialed in Brazil, and now appears to have popped up on people's phones across the world, according to [2]posts on social media.

The three features are:

Theft Detection Lock – If a phone is grabbed from someone's hand and then moves away at high speed, such as on a bike or in a car, the device will detect the unusual motion using its accelerometers and Google AI. It will then immediately lock, requiring a password or biometrics to open.

Offline Device Lock – If the device is offline for "prolonged periods of time," then the device will lock itself even when out of range of a signal.

Remote Lock – If the device has been stolen, Android users will be able to remotely lock it just by citing the phone number rather than by inputting login credentials. Google said that people were often too upset to remember their logins, so a phone number lockdown would work more effectively.

[3]Victims lose $70K to one single wallet-draining app on Google's Play Store

[4]Google I/O is Google A/I as search biz goes all-in on AI

[5]Google's Rust belts bugs out of Android, helps kill off unsafe code substantially

There are more device security tools coming down the line – probably with the general release of Android 15, expected later this month. The factory reset command, commonly used by thieves to wipe a handset so that it can be easily resold, will in future require credentials.

Login info can of course be obtained my means as simple as “shoulder surfing” – watching someone use their phone. Even if they do, though, Google is hardening up the requirements to change important settings – such as resetting the PIN or accessing other system privileges – which will require biometric proof of ownership, if enabled. The same is true for disabling the Find my Device, used to find lost handsets.

[6]

While mobile phone theft remains a very common crime, the resale value of stolen devices is small compared the potential haul from using unlocked devices access lucrative apps such crypto wallets, banking and credit card apps, and money transfer services. ®

Get our [7]Tech Resources



[1] https://blog.google/products/android/android-theft-protection/

[2] https://www.reddit.com/r/Android/comments/1fwg6oc/google_is_starting_to_roll_out_theft_detection/

[3] https://www.theregister.com/2024/09/26/victims_lose_70k_to_play/

[4] https://www.theregister.com/2024/05/14/google_io_is_google_ai/

[5] https://www.theregister.com/2024/09/25/google_rust_safe_code_android/

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZwSuY9FJjItPH3TcefBxAQAAAME&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[7] https://whitepapers.theregister.com/



What could go wrong?

Yorick Hunt

"If the device has been stolen, Android users will be able to remotely lock it just by citing the phone number rather than by inputting login credentials."

Got an ex you want to grind an axe with? You already have their 'phone number. Miffed with your boss? You have their number.

The work [of software development] is becoming far easier (i.e. the tools
we're using work at a higher level, more removed from machine, peripheral
and operating system imperatives) than it was twenty years ago, and because
of this, knowledge of the internals of a system may become less accessible.
We may be able to dig deeper holes, but unless we know how to build taller
ladders, we had best hope that it does not rain much.
-- Paul Licker