Re: Itch3: Anti-lost/theft protection
Marcel de Jong wrote: On 3/4/07, t3st3r [EMAIL PROTECTED] wrote: snip FYI: just to let you know, an anti-thief\anti-lost system for phones already exists.Here is the story.Maybe someone already heard that proprietary Siemens mobile phones (x55 series based on 80C166 CPU and x65 and x75 series based on ARM9) were reverse-engineered deeply and people has bypassed boot loader protection (preventing user's code from being uploaded) so everyone can run it's own code on phone's CPU.Also I heard some other vendors were hacked successfully as well.Some SonyEricsson for example. One of the first firmware patches has been the anti-thief subsystem.How does it works?It does detects SIM card change (by IMSI checking IIRC) and then SMSes to predefined number(s) (should be someone of your family or friends of course).This reveals new phone number (allowing to take a legal actions) and can allow owner to regain remote control, get coordinates (actually, on Siemens phones you can get Cell ID at very most, funny enough anyway). But how does this affect resale of the device? Because then the new owner inserts a new SIMcard, and then this mechanism would go active, wouldn't it? This subsystem was invented by geeks and intended for smart users only - you have to apply binary patch to firmware to use this. Of course you have to shut this subsystem down before selling phone. Or tell new owner how to deal with it if he\she is smart enough.But actually I have to admit that before selling phone it is a good idea to 1) revert all patches, if any (upload factory firmware) 2) reset all phone settings to factory defaults (and address books\SMSes as well) 3) revert filesystem to factory state. At this point at least you're free from being bothered by new owner with any sort of firmware\settings problems and do not leak your private data.Ideal solution is to make FULL firmware backup of new phone (whole flash IC dumped) and when you're about to sell phone, just upload this backup before you're selling it (therefore returning device to backed up state, completely trashing private data and all things you messed up).Unfortunately, at home this is possible for some phones only (yep, Siemens phones for example) and this may require unreasonable efforts for some others. I'm just curious, it sounds like an interesting idea. Btw there is some problem.If this solution is default and popular, thieves and lucky people may become aware of it and may do something against this.So in general this will work only while solution is not very popular\custom\invisible. snip --- Marcel de Jong ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
Paul Wouters wrote: On Wed, 28 Feb 2007, Wolfgang S. Rupprecht wrote: Personally I like the idea of periodic SMS messages with the lat/lon/altitude. When in stolen mode, having the phone receive SMS msgs containing commands for the phone would seem to be very useful. The first thing that happens to a stolen phone is that the SIM is chucked. You won't be able to *send* SMS messages, since you will not know the phone number. Unless you make sure it SENDS you its new phone number as well. FYI: just to let you know, an anti-thief\anti-lost system for phones already exists.Here is the story.Maybe someone already heard that proprietary Siemens mobile phones (x55 series based on 80C166 CPU and x65 and x75 series based on ARM9) were reverse-engineered deeply and people has bypassed boot loader protection (preventing user's code from being uploaded) so everyone can run it's own code on phone's CPU.Also I heard some other vendors were hacked successfully as well.Some SonyEricsson for example. One of the first firmware patches has been the anti-thief subsystem.How does it works?It does detects SIM card change (by IMSI checking IIRC) and then SMSes to predefined number(s) (should be someone of your family or friends of course).This reveals new phone number (allowing to take a legal actions) and can allow owner to regain remote control, get coordinates (actually, on Siemens phones you can get Cell ID at very most, funny enough anyway). Btw, few interesting things to mention... - People did implemented own run-time and executable files loader.It loads ARM .ELF files (lots of arm compilers can produce these files).Amazing hack.It allows direct code execution by user on main phone's CPU easily (almost as easy as launching Java apps). - Trojans do you say?Well... you should be a real idiot to download real executable code from untrusted place.Anyway, I _never_ heard about ELF trojans and even Window$ Mobile allows to run unsigned code but it still lacks trojans hell as well.But there is already JAVA trojans targeted for USUAL restricted phones.Virtualization does not helps.Users are often stupid enough to confirm Java SMS send few times before they recognize it costs them few US $ per sms.The ONLY way to prevent abuse is to make users smarter. Otherwise no matter what is protection, it will fail due to user stupidity.The only perfect solution is either to disable to execute anything (even Java!) and have dumb dialer instead of smart phone or to educate users a bit so they're aware of potential issues. Also I guess that there is very few native code trojans just because stupid users are usually using stupid phones (which are able to dial and send smses and able just to run Java at very most) since they're cheaper.Smart phones users are usually smarter itself (they have to know why they're paying for more expensive device, right?) and hence they're less vulnerable to trojans. - Also I have to admit funny thing.Those cell operators who afraid of network hacking and disable to run native code on the phones because of this are a *real morons*.There is already a dozens of hacked phones where user's code runs on main phone's CPU and while this is 1-chip solution, this code has COMPLETE access to cell networks, their internals and can craft absolutely any data to network.However I never heard about cell operator network hacked.But if someone will decide to hack network, he has just to use own hacked phone, replace SIM to target operator's one and (possibly) craft IMEI allowed to log in to network (perfectly possible of course once your code has full control on the whole phone, this can be illegal in some countries but hacking networks is illegal as well so who cares?).So, operators are better to secure their networks.Disabling to run native code just will cause users unhappy but it will actually never stop persons with evil intentions from doing something wrong with network.Actually looks like an ostrich :).Hiding just an head will not save their ass, even if they can no longer see danger when head is hidden. Something as simple as having a way of remotely submitting a short shell script would do the trick. Stuffing something useful in 160 chars is hard. It's better to design things beforehand, so you can just send simple commands with arguments. I wonder if you can send SMSes on the Neo without the user noticing anything, or wether things like the backlight will be turned on (by the closed off chip hardware). Paul ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
On 3/4/07, t3st3r [EMAIL PROTECTED] wrote: snip FYI: just to let you know, an anti-thief\anti-lost system for phones already exists.Here is the story.Maybe someone already heard that proprietary Siemens mobile phones (x55 series based on 80C166 CPU and x65 and x75 series based on ARM9) were reverse-engineered deeply and people has bypassed boot loader protection (preventing user's code from being uploaded) so everyone can run it's own code on phone's CPU.Also I heard some other vendors were hacked successfully as well.Some SonyEricsson for example. One of the first firmware patches has been the anti-thief subsystem.How does it works?It does detects SIM card change (by IMSI checking IIRC) and then SMSes to predefined number(s) (should be someone of your family or friends of course).This reveals new phone number (allowing to take a legal actions) and can allow owner to regain remote control, get coordinates (actually, on Siemens phones you can get Cell ID at very most, funny enough anyway). But how does this affect resale of the device? Because then the new owner inserts a new SIMcard, and then this mechanism would go active, wouldn't it? I'm just curious, it sounds like an interesting idea. snip --- Marcel de Jong ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
t3st3r wrote: so, operators are better to secure their networks. You do realise that this essentially means 'throw away all existing GSM phones' ? If you can clone the IMEI of a phone, the network has no way of telling it from the cloned phone. Yes, you can do potentially clever things on the network thing, like disabling new clones of phones in distant locations, but with existing phones, there is no way of doing it. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: A new approach to Re: Itch3: Anti-lost/theft protection
The thing has bluetooth so it should be able to connect to the Wiimote. Using one instead of an internal accelerometer makes sense, because when you move your phone around, it's hard to keep looking at the screen. Ortwin On 3/1/07, adrian cockcroft [EMAIL PROTECTED] wrote: I would like to include an accelerometer in a phone design (my own homebrew design or a future Neo perhaps?), then all the Nintendo Wii style interactions become possible. If my phone is locked it asserts that it should be at rest, if someone picks it up it needs a code or a secret gesture on the touchscreen to unlock it or set moving locked mode. if it doesn't get the code it asks to be put down again, if that fails it complains loudly in speakerphone help, I'm being stolen, put me back! or whatever audio you like. It also posts its location to a web service. Should be easy enough to code, I'm just waiting for the hardware to catch up... Adrian On 2/28/07, Attila Csipa [EMAIL PROTECTED] wrote: On Wednesday 28 February 2007 21:44, Steven ** wrote: Caveat emptor. Possession of stolen property is still a crime where I live, even if you didn't do the actual stealing. All I'm saying (IANAL of course) that for many of those items (especially on places like ebay) it is very hard for the buyer to establish whether the good is actually stolen or not (receipts and boxes can be photoshopped all too easy), and he has to rely on a level of reasonable doubt (based on seller rating, price, provided images, etc) to determine whether he is getting the good from a trustworthy source. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
Attila Csipa wrote: Only if the thief actually sets up SMS (if his SIM is of a different provider, the service center likely needs to be changed). I have one unlocked phone and I'm changing between two SIMs (different providers) and somehow it seems to configure that automagically. I guess, the configuration is on the SIM. It's like that for all Austrian providers i tried. So at least here in Austria that should work fine. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
On Thursday 01 March 2007 14:20:32 Christian T. wrote: I have one unlocked phone and I'm changing between two SIMs (different providers) and somehow it seems to configure that automagically. I guess, the configuration is on the SIM. It's like that for all Austrian providers i tried. So at least here in Austria that should work fine. I agree, I have never had to configure anything to use SMS with any phone I ever used. Or for that matter with someone else's SIM in my phone if their battery was empty or some such. pgpercY02wkt5.pgp Description: PGP signature ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: A new approach to Re: Itch3: Anti-lost/theft protection -THE REAL PROBLEM APPEARED!
On Thursday 01 March 2007 08:41, you wrote: later someone will write a Troyan Horse, some king of dialer (like for application made calls and sent smses. Openmoko kernel should log any What do you think? There are two sides to this problem - one, the origin of software. This has actually been dealt with so we have examples like the Debian repositories which verify (gpg signatures, etc) packages so you know that the thing you are installing actually came from a place/person you trust. The other problem is just as present on regular PC-s, as you have trojans which, when run, change your dialup settings so you dial a high-price number on the other side the globe instead of your regular ISP. The second aspect is protection from malware. There are several solutions on this - proper user rights, virtualization, and filtering on the API level of the phone itself, best to combine all of these, since kernel logging won't help much if the trojan has root access and hides/works in the kernel as a module, for example. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
On Thursday 01 March 2007 14:20, Christian T. wrote: Attila Csipa wrote: Only if the thief actually sets up SMS (if his SIM is of a different provider, the service center likely needs to be changed). I have one unlocked phone and I'm changing between two SIMs (different providers) and somehow it seems to configure that automagically. I guess, the configuration is on the SIM. It's like that for all Austrian providers i tried. So at least here in Austria that should work fine. OK, so to correct myself - it IS working by default - apparently stored on the SIM and preconfigured by the provider in most places. The correct statement is thus if the thief doesn't disable SMS by changing the SMSC (less likely, but possible without much effort). ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
On Wed, 28 Feb 2007, Wolfgang S. Rupprecht wrote: Personally I like the idea of periodic SMS messages with the lat/lon/altitude. When in stolen mode, having the phone receive SMS msgs containing commands for the phone would seem to be very useful. The first thing that happens to a stolen phone is that the SIM is chucked. You won't be able to *send* SMS messages, since you will not know the phone number. Unless you make sure it SENDS you its new phone number as well. Something as simple as having a way of remotely submitting a short shell script would do the trick. Stuffing something useful in 160 chars is hard. It's better to design things beforehand, so you can just send simple commands with arguments. I wonder if you can send SMSes on the Neo without the user noticing anything, or wether things like the backlight will be turned on (by the closed off chip hardware). Paul ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: A new approach to Re: Itch3: Anti-lost/theft protection
I would like to include an accelerometer in a phone design (my own homebrew design or a future Neo perhaps?), then all the Nintendo Wii style interactions become possible. If my phone is locked it asserts that it should be at rest, if someone picks it up it needs a code or a secret gesture on the touchscreen to unlock it or set moving locked mode. if it doesn't get the code it asks to be put down again, if that fails it complains loudly in speakerphone help, I'm being stolen, put me back! or whatever audio you like. It also posts its location to a web service. Should be easy enough to code, I'm just waiting for the hardware to catch up... Adrian On 2/28/07, Attila Csipa [EMAIL PROTECTED] wrote: On Wednesday 28 February 2007 21:44, Steven ** wrote: Caveat emptor. Possession of stolen property is still a crime where I live, even if you didn't do the actual stealing. All I'm saying (IANAL of course) that for many of those items (especially on places like ebay) it is very hard for the buyer to establish whether the good is actually stolen or not (receipts and boxes can be photoshopped all too easy), and he has to rely on a level of reasonable doubt (based on seller rating, price, provided images, etc) to determine whether he is getting the good from a trustworthy source. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
I like the idea. I agree with Cayco, that you cannot ask police to catch the thief. Actually in some contries that might work. :) But sending coords would be very interesting solution. As the GPS coords may be not very accurate I'd extend the idea to bluetooth connection which is a very short range, to point person who owns the stolen phone. The phone might change it's bluetooth device name to some special string (like stolen NEO :-) ) so we might detect it in a short range and point person who owns it. That's a really good idea. Phone after detecting theft should work with thief's SIM card as usual but also send GPS coords. Remember that if you use PIN code thief cannot use your SIM until he types right PIN. He/she should use his own SIM card. Here's the problem: Although it's a good idea that the thief has to use his own SIM (that's what he expects anyway) but it won't be easy to get a GPRS-connection for sending the coordinates. If he is using another provider, the settings will differ. Many providers even demand a password for opening a data-connection... The theft-problem _could_ be solved by the providers. They can locate any cellphone anyway and should be able to give information to the police, when a cellphone with an IMEI that's reported stolen connects to their network. But they don't want to! And a professional thief who is able to change the IMEI somehow will also be able to reflash the Neo1973... ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
Hi all, In addition to the data suggested to be sent when a phone is in stolen mode, such as GPS, perhaps the phone could even send other data. If the person uses a stolen phone to store contacts, send the contacts. in fact, send the numbers dialed, too. If they use it to manage email, forward the email. What I imagine is the phone passively building a profile of the thief. The more info gathered, the easier to find the phone. I understand this could give rise to privacy concerns, but I think ideally be an issue only for the thief. And with respect to over which connection to send this data, I imagine it would be possible to just rely on the underlying connection manager. It would handle establishing connections, and then kick-off the anti-theft measures as required. Just my thoughts after seeing some of the discussion on this list. Thanks, Chris ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
2007/2/28, Bartłomiej Zdanowski DRP AC2 [EMAIL PROTECTED]: Hi. That's the solution! Let thief pay for data transmission :-) How about silently calling 0700 and othe highly price erotic phone lines? :-D cayco ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
Bartłomiej Zdanowski DRP AC2 wrote: I asked my colleagues for a solution. For non-existent or disabled GPRS connection our devices use SMS messages for reporting current status and position. That's the solution! Let thief pay for data transmission :-) well, of course. didn't think of that. how was that with the forest and the trees? :) you can pack a lot of information into 160bytes - it doesn't have to be human-readable - and SMS are almost realtime as long as the provider doesn't have problems. and if you have an sms-email-gateway somewhere that solves the problem where to send the data (since your phone is gone). IMO sms should be the standard-method, because it should always work. Christian. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
[EMAIL PROTECTED] napisał(a): Locking the phone and receiving GPS position is great but how do you find your Neo in a crowd when the thief as it in is pocket. I would add 2 more options to the list. It was solved a few answers ago via bluetooth. How will you detect the bluetooth stolen name if you don't have a phone anymore ?. Not all phones have bluetooth and not everybody uses it. Bluetooth enable phones don't look for devices indefinitely and bluetooth is not always on and being on all the time is considered a security hole. So i wonder how someone loosing or getting is Neo stolen can retrieve it via bluetooth without having to get a bluetooth phone or enabled device capable of reading the tag. The idea is great and should be kept but how don't see myself running to the closest cellphone dealer to get a 50$ bluetooth enable cellphone to pinpoint my 400$ Neo. Sounds illogical to me ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
Bartłomiej Zdanowski DRP AC2 writes: I like the idea. I agree with Cayco, that you cannot ask police to catch the thief. But sending coords would be very interesting solution. As the GPS coords may be not very accurate I'd extend the idea to bluetooth connection which is a very short range, to point person who owns the stolen phone. The phone might change it's bluetooth device name to some special string (like stolen NEO :-) ) so we might detect it in a short range and point person who owns it. And when your bluetooth headset gets near enough it could start screaming help! I'm stolen! at the top of its 1 watt lungs :) ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
this also looks like these things can be categorized into different groups. First, there are events or situations that set off the stolen-mode (such as wrong pin, owner sending a message to the phone, possibly even getting close to a gps coordinate, etc.). Then there are actions to be taken: emit noise, turn off calling features, phone home, send email home, broadcast message over bluetooth, etc. Then, it's just a matter of letting the user determine which actions to kick off when an event occurs, which should be pretty simple to configure/understand for even the non-tech savy users. Semi-related: Does anyone know of a page on the wiki that deals with this anti-theft discussion? Perhaps someone could add a page if it doesn't? (I don't know how restricted the wiki is). It seems like a good place to keep track of the ideas in addition to this list. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
On Wed, 2007-02-28 at 11:13 -0500, Christopher Tokarczyk wrote: Semi-related: Does anyone know of a page on the wiki that deals with this anti-theft discussion? Perhaps someone could add a page if it doesn't? (I don't know how restricted the wiki is). It seems like a good place to keep track of the ideas in addition to this list. http://wiki.openmoko.org/wiki/Wishlist:Tracking_lost_phone (I think I created that page same day I mailed idea, but should have done other way around: create page and then mail ;-) -- Aloril [EMAIL PROTECTED] ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
On Wednesday 28 February 2007 15:09:47 Krzysztof Kajkowski wrote: 2007/2/28, Bartłomiej Zdanowski DRP AC2 [EMAIL PROTECTED]: Hi. That's the solution! Let thief pay for data transmission :-) How about silently calling 0700 and othe highly price erotic phone lines? Improving on the idea: get someone to operate one of those 0900 numbers in each country (usualy they dont really work cross country very well) who will then give the proceeds to the owner of the stolen phone so he can buy a new one... Or even just sending over priced SMS, that's even less obvious. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
Once the phone goes into Stolen Mode the Bluetooth radio could be turned on continuously. You don't need to use another phone to detect Bluetooth, many laptops (most Macs) have built-in BT and if they don't you can get a dongle. -Aaron On Feb 28, 2007, at 7:08 AM, [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] napisał(a): Locking the phone and receiving GPS position is great but how do you find your Neo in a crowd when the thief as it in is pocket. I would add 2 more options to the list. It was solved a few answers ago via bluetooth. How will you detect the bluetooth stolen name if you don't have a phone anymore ?. Not all phones have bluetooth and not everybody uses it. Bluetooth enable phones don't look for devices indefinitely and bluetooth is not always on and being on all the time is considered a security hole. So i wonder how someone loosing or getting is Neo stolen can retrieve it via bluetooth without having to get a bluetooth phone or enabled device capable of reading the tag. The idea is great and should be kept but how don't see myself running to the closest cellphone dealer to get a 50$ bluetooth enable cellphone to pinpoint my 400$ Neo. Sounds illogical to me ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
This seems like it would encourage the thief to destroy the phone, remember, he/she stole it it isn't worth much to them. Now if the audible message were something like, I'M LOST, HELP ME FIND MY OWNER the the thief might be guilted into giving the phone back and might not be as likely to smash the thing under their heal. An option would be to have the owner record what ever message they want. On Feb 28, 2007, at 6:22 AM, [EMAIL PROTECTED] wrote: This way not only will the thief will be surprised it would obviously alarm everyone around him and the only way to turn the msg off would be to remove the battery. Either way the thief would stand out from the crowd and be more easy to spot. *Better yet why not modify the phone to incorporate a small watch battery under a screwed cover to keep the Stolen Mode active even if the thief manages to pry open the back panel and remove the primary battery. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
A new approach to Re: Itch3: Anti-lost/theft protection
A lot of ideas have been written on anti theft protection, but much of it from a geek/user's standpoint, and almost completely forgetting the possible ramifications of the suggested techniques. First of all, none of the techniques presented PROTECT your phone from being stolen (they fall more to the find-your-lost-phone category). Second, in most countries I know of you cannot act on your own without the help/presence of law enforcement persons. Although this may sound strange and ineffective at first, it makes a lot of sense from a police perspective. What would you do if you confronted a criminal who stole your phone ? What if he is dangerous ? What if you get hurt in the process ? What if the person who has the phone and whom you are shouting at/calling a thief is actually innocent and knows nothing of the origin of the phone ? Which brings us to the next concern - stolen phones usually do not get regularly used by the persons who actually stole them, and most certainly not used by their money - their SIMs are just as stolen. They might drain your account with expensive calls, but chances are high that the phone will soon get sold through ads and/or ebay. If the persons in charge do this 'professionally' they will surely flash the phone (the Neo1973 is here at a little advantage by not being a widespread/common phone). Thus there is no guarantee that you are spending the thiefs money - in fact, it is much more probable that you are tracking and wasting an unsuspecting victims money. How would you feel if you bought a slightly used Neo1973 only to find out that it is sending expensive foreign/roaming SMS-es because the previous owner 'forgot' to turn off a silent alarm/anti theft application ? As you can see the problem of phone theft is not that simple as relaying coordinates back to yourself - a much broader topic must be analysed to tackle this issue - and although the GPS might help a little, it is not really a silver bullet in this matter. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
Le mercredi 28 février 2007 à 18:00 +0100, Gabriel Ambuehl a écrit : snip Improving on the idea: get someone to operate one of those 0900 numbers in each country (usualy they dont really work cross country very well) who will then give the proceeds to the owner of the stolen phone so he can buy a new one... Or even just sending over priced SMS, that's even less obvious. snip That's exactly what I'm thinking too :-) Globally, the idea to protect the phone against the theft has already been expressed many time before: http://lists.openmoko.org/pipermail/community/2007-February/002910.html And even much more before (12 Dec 2006): http://lists.openmoko.org/pipermail/community/2006-December/000748.html It could be good to summarize on the wiki all these ideas expressed before on this mailing list (google: site:openmoko.org phone thief). It seem to me that two ideas are news: - the overtaxed calling number (for the profit of the victim) - bluetooth localisation (with the headset or another phone) Regards, ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
True but most cellphone get lost mostly on the bus, metro, restaurants,etc. Misplacing the phone home is not as dramatic as losing it in a public place. Looking for it with your laptop at home maybe the solution but is it most viable for the metro or the restaurant or any public places ?What i don't like is the idea that a must pay to find my lost phone. Sure it's better to pay a small amount and recover your phone but i don't find the idea practical.- Original Message -From: Aaron Coats [EMAIL PROTECTED]Date: Wednesday, February 28, 2007 2:38 pmSubject: Re: Itch3: Anti-lost/theft protectionTo: community@lists.openmoko.org Once the phone goes into Stolen Mode the Bluetooth radio could be turned on continuously. You don't need to use another phone to detect Bluetooth, many laptops (most Macs) have built-in BT and if they don't you can get a dongle. -Aaron On Feb 28, 2007, at 7:08 AM, [EMAIL PROTECTED] wrote:[EMAIL PROTECTED] napisał(a): Locking the phone and receiving GPS position is great but how do you find your Neo in a crowd when the thief as it in is pocket. I would add 2 more options to the list. It was solved a few answers ago via bluetooth. How will you detect the bluetooth stolen name if you don't have aphone anymore ?. Not all phones have bluetooth and not everybody uses it. Bluetooth enable phones don't look for devicesindefinitely and bluetooth is not always on and being on all thetime is considered a security hole. So i wonder how someone loosingor getting is Neo stolen can retrieve it via bluetooth withouthaving to get a bluetooth phone or enabled device capable ofreading the tag. The idea is great and should be kept but how don't see myselfrunning to the closest cellphone dealer to get a 50$ bluetoothenable cellphone to pinpoint my 400$ Neo. Sounds illogical to me ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
Aaron Coats writes: This seems like it would encourage the thief to destroy the phone, remember, he/she stole it it isn't worth much to them. Now if the Remember, my version of the stolen behavior called for the phone to pretend it's a brick (while sending SMS messages giving its position, as somebody else suggested), and not crying for help until it's *within* range of the owner's bluetooth. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
I think the disagreement over what the phone ideally should do when stolen is even more support for the proposition that there should be a way for the owner to configure this behavior. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: A new approach to Re: Itch3: Anti-lost/theft protection
Caveat emptor. Possession of stolen property is still a crime where I live, even if you didn't do the actual stealing. That said, I agree that attempting to rack up a large bill will not prevent theft nor lead to the return of the phone. Any anti-theft mechanisms should focus on locating the phone. We could maybe have the option of disabling the phone. But the only way to disable this open-source phone would be with some hardware lock. I don't particularly like the idea that my phone could be locked. Even if it should only happen to a thief, if it has the capability, it could be abused. We're treading too closely to the blasphemous idea of trusted computing. -Steven On 2/28/07, Attila Csipa [EMAIL PROTECTED] wrote: A lot of ideas have been written on anti theft protection, but much of it from a geek/user's standpoint, and almost completely forgetting the possible ramifications of the suggested techniques. First of all, none of the techniques presented PROTECT your phone from being stolen (they fall more to the find-your-lost-phone category). Second, in most countries I know of you cannot act on your own without the help/presence of law enforcement persons. Although this may sound strange and ineffective at first, it makes a lot of sense from a police perspective. What would you do if you confronted a criminal who stole your phone ? What if he is dangerous ? What if you get hurt in the process ? What if the person who has the phone and whom you are shouting at/calling a thief is actually innocent and knows nothing of the origin of the phone ? Which brings us to the next concern - stolen phones usually do not get regularly used by the persons who actually stole them, and most certainly not used by their money - their SIMs are just as stolen. They might drain your account with expensive calls, but chances are high that the phone will soon get sold through ads and/or ebay. If the persons in charge do this 'professionally' they will surely flash the phone (the Neo1973 is here at a little advantage by not being a widespread/common phone). Thus there is no guarantee that you are spending the thiefs money - in fact, it is much more probable that you are tracking and wasting an unsuspecting victims money. How would you feel if you bought a slightly used Neo1973 only to find out that it is sending expensive foreign/roaming SMS-es because the previous owner 'forgot' to turn off a silent alarm/anti theft application ? As you can see the problem of phone theft is not that simple as relaying coordinates back to yourself - a much broader topic must be analysed to tackle this issue - and although the GPS might help a little, it is not really a silver bullet in this matter. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: A new approach to Re: Itch3: Anti-lost/theft protection
On Wednesday 28 February 2007 21:29, kkr wrote: out that it is sending expensive foreign/roaming SMS-es because the previous owner 'forgot' to turn off a silent alarm/anti theft application Is the same for car alarm... When you sold something, you do have to do the necessary action (in other case, you're too responsive for the damage) It seems I have been a bit too cryptic - I put the word forgot in '' exactly because that way a Neo seller can fraud you by _intentionally_ doing this. Image the suggestion in a previous message in this context: overtaxed calling number (for the profit of the victim). If someone sells you a phone with that enabled _on purpose_, so he would get both the price of the phone AND some money frauded from the unsuspecting buyer (and claim later that he either did not get any money or that the theft alarm was not on on purpose). If he does this on a small scale, he could even get away unnoticed for months or years sipping a few $ per month from the real victim which is in that case the new owner of the phone. That's one of the main reasons why proactive theft reactions, especially financial, are NOT really an option. In this case, when you buy on ebay, you do have to receive the prove that the phone is not stolen, in other case (even if I'm not a lower), the buyer is too in fault... Since in our case it is already a second hand item proof of purchase is not readily available on most of the ebay items in that category - not many customers keep the papers, or even boxes that came with the phone. Sure, you can say that it is unwise or even illegal, but many of the used items on ebay have absolutely no 'proof of ownership' (do you ask proof of ownership on a garage sale or a flea market ?). ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: A new approach to Re: Itch3: Anti-lost/theft protection
On Wednesday 28 February 2007 21:44, Steven ** wrote: Caveat emptor. Possession of stolen property is still a crime where I live, even if you didn't do the actual stealing. All I'm saying (IANAL of course) that for many of those items (especially on places like ebay) it is very hard for the buyer to establish whether the good is actually stolen or not (receipts and boxes can be photoshopped all too easy), and he has to rely on a level of reasonable doubt (based on seller rating, price, provided images, etc) to determine whether he is getting the good from a trustworthy source. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
Christopher Tokarczyk writes: I think the disagreement over what the phone ideally should do when stolen is even more support for the proposition that there should be a way for the owner to configure this behavior. In addition, it would be very useful if the phone was reconfigurable *after* it was stolen. It would be very frustrating to have a good idea and then not be able to implement it because the phone could only be programed while having physical access to it. Personally I like the idea of periodic SMS messages with the lat/lon/altitude. When in stolen mode, having the phone receive SMS msgs containing commands for the phone would seem to be very useful. Something as simple as having a way of remotely submitting a short shell script would do the trick. -wolfgang -- Wolfgang S. Rupprechthttp://www.wsrcc.com/wolfgang/ ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Itch3: Anti-lost/theft protection
When phone is lost and somebody picks it up, it would first ask PIN and have message in screen that says something like If you don't know PIN, give 1234. If user types 1234 then it presents 2 buttons: Contact owner of phone and Use phone (==I'm stealing this). If user selects Use phone, then it would present factory looking interface with empty address book, etc.. and quietly contact owner anyway and tell current coordinates ;-) Idea is keep thief using phone until police arrives and recovers it. If phone notices new SIM, it would go directly to I'm stolen mode. Maybe run under Linux-VServer http://www.linux-vserver.org/ in stolen mode. With suitable arrangement remote ssh connection to phone should be possible which would give nice control over stolen phone. There could also be a bluetooth headset and/or bluetooth watch. If it loses contact to phone, phone would complain loudly and if bluetooth gadget is enough smart it could complain too. This gadget could warn about low battery too. -- Aloril [EMAIL PROTECTED] ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
2007/2/27, Aloril [EMAIL PROTECTED]: Idea is keep thief using phone until police arrives and recovers it. Yeah, and maybe call nearest SWAT team to clear the area :-P I doubt if police would bother in chasing thief for one phone (at least where I live). They should at least have some warrant ;-) To be serious I would rather do not want that thief could tallk on my bill. Better solution would be to pretend that phone is turned off and silently sent GPS coords. cayco ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Itch3: Anti-lost/theft protection
Euhhh, I do not want the thief to make international calls on my bill May be the phone should simulate that it's switched off ( to save power ) and send from time to time the coordinates. Jan. On 2/27/07, Aloril [EMAIL PROTECTED] wrote: When phone is lost and somebody picks it up, it would first ask PIN and have message in screen that says something like If you don't know PIN, give 1234. If user types 1234 then it presents 2 buttons: Contact owner of phone and Use phone (==I'm stealing this). If user selects Use phone, then it would present factory looking interface with empty address book, etc.. and quietly contact owner anyway and tell current coordinates ;-) Idea is keep thief using phone until police arrives and recovers it. If phone notices new SIM, it would go directly to I'm stolen mode. Maybe run under Linux-VServer http://www.linux-vserver.org/ in stolen mode. With suitable arrangement remote ssh connection to phone should be possible which would give nice control over stolen phone. There could also be a bluetooth headset and/or bluetooth watch. If it loses contact to phone, phone would complain loudly and if bluetooth gadget is enough smart it could complain too. This gadget could warn about low battery too. -- Aloril [EMAIL PROTECTED] ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community -- If you don't like something, change it. If you can't change it, change your attitude. Don't complain. ___ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
