How do you stop the growing epidemic of stolen smartphones? Lawmakers in California seem to think its by mandating providers to sell devices with built-in kill switch capabilities that would make stolen phones inoperable. This month, when the California Senate approved a bill that would require smartphone providers to build a kill switch feature into their devices, a key question was left unanswered: Is this the solution to smartphone theft?智能手机日新月异的同时,随之而来的是被拿走的手机更加多。如何能既防贼偷走、又防贼惦记?美国加州的立法者们或许指出,只要强迫手机厂商给手机福一个“自杀身亡电源”,就能一劳永逸地解决问题这个问题。本月,加州参议院通过了一项强迫手机提供商在设备上安装“自杀身亡电源”的法案。
但是一个关键的问题目前依然没答案:“自杀身亡电源”是否是手机防盗的终极方案?Youd be hard-pressed to find a consensus among industry experts on the matter. Whats clear is that cell phone theft is a growing problem. In 2013, more than three million devices were stolen in the U.S., up from 1.6 million in 2012, according to Consumer Reports. And in San Francisco alone, 2,400 cellphones were stolen in 2013, up by 23 percent from the year before, according to the San Francisco Police Department. Police departments across the U.S. are starting to drown in smart phone thefts,says Tom Kemp, CEO of Centrify, a software and cloud security provider.行业专家们针对这个问题还没构成共识。但是手机被盗毫无疑问早已是一个更加相当严重的问题。根据《消费者报告》(Consumer Reports)的数据,2013年美国有多达300万部智能手机被盗,近超强2012年的160万部。另据旧金山警局回应,光是在旧金山,去年就有2400部手机被偷走,比前年下跌了23个百分点。
软件与云安全服务提供商Centrify公司的CEO汤姆o坎姆认为:“全美各地的警察局完全都被智能手机被盗的案子给水淹了。”The bill, SB 962, introduced by State Senator Mark Leno and sponsored by San Franciscos district attorney, George Gascón, is an attempt to curb these alarming figures. If approved by the California State Assembly and Governor Jerry Brown as early as August, it would require all smartphones sold after July 1, 2015 in California to include a kill switch function that would effectively brick stolen phones. Those sellers who dont comply would face fines of up to $2,500 per device.这个编号“SB 962”的法案是由加州参议员马克o雷诺明确提出的,并且取得了旧金山地区地方检察官乔治o加斯尼克的反对。如果这份议案最先在八月初能取得加州众议院以及州长杰瑞o布朗的批准后,它将意味著从2015年7月1日起,所有在加州销售的智能手机都要加装一个能让手机变为板砖一块的“自杀身亡电源”。
如果手机销售商违背这项法案,则将面对最低每部手机2500美元的罚款。The bill, which was originally rejected by the California Senate in April and opposed by major providers including Apple (AAPL) and Microsoft (MSFT), passed this month with a vote of 26 to 8. While it targets the state of California, its effects would be national, as added features mandated by the state would likely make it into phones sold across the country.这项法案最初在今年四月被加州参议员上诉,而且还遭了还包括苹果(Apple)和微软公司(Microsoft)在内的几大主流厂商的杯葛,但它最后还是在本月以26对8的比率投票通过。虽然这项法案主要侧重加州,但是由于加州强迫推展的手机可选功能很有可能渐渐普及到在全美各地销售的手机上,因此它的影响将是全国性的。
Opponents of the bill including CTIA, the wireless association that represents providers, believe forcing providers to put a solution in place state-by-state will only hurt consumers in the end. The group believes that the industry itself should drive innovation in the field. State-by-state technology mandates stifle innovation to the ultimate detriment to the consumer, according to a statement released by Jamie Hastings, CTIAs vice president of external and state affairs. In an attempt to take matters into its own hands, last month, CTIA released a Smartphone Anti-Theft Voluntary Commitment, an agreement signed by major industry players like Apple, Samsung, ATT (T) and Verizon (VZN) who pledge that smartphones they manufacture after July 2015 will include free built-in antitheft tools.美国无线通信与互联网协会(CTIA)也是这项法案的反对者之一。这个协会代表了无线服务商的利益,它指出如果强迫手机提供商一个州一个州地安装防盗装置,最后只不会伤害消费者的利益。
同时CTIA也指出,行业本身最后不会强化在手机防盗领域的创意。CTIA的对外与对公事务副理事长杰米o哈斯廷斯说道:“逐一州实施技术拒绝只不会脱节创意,最后受害者的是消费者。”为了在这个问题上掌控主动权,CTIA上个月公布了一份由苹果、三星(Samsung)、美国电话电报公司(ATT)、威瑞森(Verizon)等电信巨头公开信签订的《智能手机防盗强迫允诺》,效忠从2015年7月起生产的智能手机将安装免费的内置防盗工具。
But supporters of the bill arent convinced this is enough and see legislation as a way to speed up the process. What that California legislation does is a positive step in encouraging the industry to actually develop a solution faster, says DmitriAlperovitch, cofounder and CTO of CrowdStrike Inc., a provider of security technology and services.但是这项法案的支持者毫无疑问光是这样就充足了,他们指出法律途径是增进各大厂商强化手机防盗的一种有效地方式。安全性技术与服务提供商CrowdStrike公司联合创始人兼任技术总监德米特里o阿帕罗维奇指出:“加州立法机构这次迈进了大力的一步,促成行业确实减缓了研发防盗解决方案的步伐。
”Others see it as a sign of meddling in the industry. Proponents of a kill switch know nothing about how technology works, says Robert Siciliano, a McAfee Online Security expert. Whatever kill switch is implemented, will be hack-able and rendered useless by anyone with ill intent.也有人指出这项法案表明出有介入行业长时间发展的迹象。迈克菲在线安全性专家罗伯特o西西里亚诺认为:“反对‘自杀身亡电源’的人显然不告诉科技是怎样运作的。只要犯罪分子抱有蓄意,不管你用什么样的自杀身亡电源,都是可以密码的,最后只不会形同虚设。”Software-only based approaches have the potential to backfire. For one, they can be worked around by clever thieves. If someone steals a phone, there are ways to block it from receiving communications that would kill a device, says Greg Kazmierczak, CTO of Wave Systems, a provider of hardware-based encryption technology. For instance, a thief could place the stolen phone in a signal-blocking phone case that would prevent all electromagnetic communications from reaching the device. According to Kazmierczak, it could be possible to put it into one of those cases and perform whatever you need to in order to stop the kill signal from coming in.纯粹依赖软件的技术手段必定有可以动手脚的空间,因而也必定不会被聪慧的骗子利用。
基于硬件的加密技术提供商Wave Systems技术总监格雷格o卡兹米耶尔扎克说道:“如果有人偷走了一部手机,那就有办法制止它从外部接管自爆指令。”比如骗子只要把偷走的手机放到一个能阻断无线信号的手机壳里,就能切断这部手机的所有电磁通讯。据卡兹米耶尔扎克回应,将被盗手机放到这种手机壳里,然后再行展开各种切断拒绝接受自杀身亡信号的操作者,的确具备可能性。
Another alternative solution is to use hardware, rather than software to make stolen phones inoperable -- an approach thats becoming more widely recognized in the industry. This would involve embedding actual hardware into the phone that would prevent thieves from circumventing software technology to get access to data encrypted on the phone.另一种手机防盗方案是用硬件、而不是用于软件,让手机逆“板砖”,而且这种方法早已受到业界更加多的接纳。这种方案拒绝在手机内部植入一个硬件设备,它可以避免骗子跨过软件程序盗取手机内部的加密数据。Hardware technology offers a much more secure solution, says Kazmierczak. But the question of which technology to use is not arbitrary. It hinges on what drives thieves to steal phones in the first place. We need to understand what the motivation is in the theft before instilling a solution, Kazmierczak says. Whats the most valuable component -- the hardware or the data you are storing in your device?卡兹米耶尔扎克回应,硬件技术获取了一种更为安全性的解决方案。
但是现在就断言应当用于哪种技术依然是不合理的,它应当各不相同骗子偷窃手机的动机。卡兹米耶尔扎克指出:“安装解决方案之前,我们必须理解一下骗子偷窃手机的动机。你的手机里最有价值的到底是硬件,还是储存在手机里的数据?”A software-based approach could protect a phone from getting wiped and reset to factory default, but it would not be as effective in protecting the users data encrypted on hardware in the device. A hardware-based approach, on the other hand, might make it possible for thieves to reactivate the phone for resale, but would protect encrypted personal data about the original owner from getting stolen. As we put more and more into these devices, the data is more valuable than the device itself, Kazmierczak says.基于软件的技术可以避免手机被格式化或者重设为出厂设置,但它无法有效地维护储存在手机硬件里的加密数据。
而基于硬件的技术虽然令其骗子有可能新的转录手机用来转手,但是却能维护原机主储存在手机里的加密个人信息。回应,卡兹米耶尔扎克说道:“随着我们放入智能手机的东西更加多,手机里储存的数据往往比机器本身更加有价值。”Attempts to offer a solution to the problem are already in place by some providers. Anti-theft software like Apples Activation Lock rolled out in 2013 as part of iOS 7 and last month Samsung released a Reactivation Lock, both of which would allow consumers whose phones were stolen to lock them remotely and prevent thieves from wiping and reactivating their devices to be resold.有些厂商早已针对这个问题发售了自己的防盗工具。
比如苹果就在2013年与iOS7一道发售了一款防盗软件“转录瞄准”,上个月三星也发售了“新的转录瞄准”功能。这两项功能都能让消费者远程瞄准被盗的手机,避免骗子读取手机中的数据,新的转录设备,再行转卖给其他人。
And a few phone manufacturers are putting a hybrid of hardware and software technologies in place in their newest models. Samsung phones with Knox technology in them do this, as do newer iPhones that include proprietary hardware to protect encrypted data. The downside of such a hardware solution, of course, is that it cant be introduced remotely to older modeled phones in the same way a software update can be.有些手机厂商还在最新款的手机中采行了硬件与软件技术相结合的模式。比如三星在最新款的手机中统合了Knox技术,新款iPhone也内置了用来维护加密数据的专有硬件。不过硬件解决方案的缺点是没有办法远程“种”到老款手机里,不像软件方案只需一次软件升级就能解决问题这个问题。Regardless of whether smartphone makers take a software, hardware, or combined approach to theft prevention, one of the biggest challenges they have yet to figure out is where the manpower to monitor and regulate a kill switch function will come from. When someone wants to resell a used phone legally, for example, how can they transfer kill switch capabilities to the new owner safely and securely? How do you validate that its the right person trying to kill the device? Someone could kill your phone if they know your password, Kemp says. So far no one has figured that out yet.不管手机厂商用于的是软件方案、硬件方案还是软硬件结合的防盗方案,目前他们仍有一个仅次于的挑战没解决问题,那就是由谁来监管手机的“自杀身亡”功能。
比如说,如果有人想合法地转手自己的手机,那么他应当如何把“自杀身亡”功能安全性地出让给新的用户?坎普说道:“你怎样证明这个让手机‘自杀身亡’的人不是骗子?因为只要有人告诉你的密码,他就可以让你的手机‘自杀身亡’。目前还没有人搞清楚这个问题。”Other solutions beyond the kill switch have been attempted, including a database of blacklisted IMEIs or identification numbers for stolen phones, better policing and a proposed bill by New York senator Jeffrey D. Klein, that would require those people selling more than one used phone to provide receipts of purchase to prevent black-market business. But CTIAs blacklist, which was proposed in 2012 hasnt helped reduce crime numbers and Kleins bill has been stuck in a Senate Committee since it was proposed last October.除了“自杀身亡电源”之外,也有人尝试了一些其它防盗方案,比如给被盗手机IMEI串号或验证码创建一个“黑名单”数据库,再行比如纽约参议员杰弗里o克雷恩的议案建议,出售一台以上二手手机的人必需获取出售发票以防止黑市交易。
但是CTIA在2012年明确提出的“黑名单”方案并没起着减少犯罪率的效果,而克莱恩的议案自从去年十月明确提出之后,至今仍卡在参议院委员会没能通过。With robberies of smartphones reaching an all-time high, California cannot continue to stand by when a solution to the problem is readily available, said Senator Leno in a statement. But while solutions to the problem are available, how effective theyll be at actually curbing smartphone theft still remains to be seen.参议员雷诺在一份声明中称之为:“随着偷窃智能手机的案件超过有史以来的最高峰,既然就这个问题有数解决方案能用,那么加州就无法之后坐视不理。”但是尽管有数最合适的防盗方案能用,但它们否能有效地减少手机盗窃案,目前依然尚待仔细观察。
本文来源:NG体育-www.hjwy.net