Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Can a smartphone kill switch improve enterprise mobile security?

A smartphone kill switch aims to reduce device theft by rendering a device unusable if stolen. Expert Michael Cobb discusses what the technology means from an enterprise point of view.

Can you please explain how a kill switch works for smartphones/tablets? Do you see this functionality as an effective enterprise mobile security control for lost or stolen devices? Is it something we should be looking for in either enterprise-provisioned devices or employee-owned devices connecting to our network?

In 2013, over three million Americans had their smartphone stolen -- often at knife- or gunpoint. Additionally, around 40% of total reported robberies in every major metropolitan area involved the theft of a smartphone.

In response to this growing crime, politicians and law enforcement officials are pressing for a kill switch to be added to smartphones to render them useless when stolen. The rationale behind the call for a smartphone kill switch is that if a device cannot be reset and reused once it has been killed, then it will have no resale value and be far less attractive to thieves. Take the theft of car stereos, for example: It is half of what it was in the early 1990s in large part due to factory-installed car stereos requiring an activation code to be entered if they're disconnected from the car battery.

Remote lock and wipe tools are already are built into all Apple, Android and Windows Phone 8 devices (called Find My iPhone, Android Device Manager and Find My Phone respectively). Samsung phones with Knox technology and newer iPhones include a hybrid of hardware and software to protect encrypted data. While these technologies protect corporate data, they do not reduce the value of a stolen phone, so theft and possible physical danger are still potential problems. Google and Microsoft announced that they intend to add a kill-switch feature to their Android and Windows Phone operating systems, but it will be some time before we see a kill switch that works on every type of phone and has safeguards against hackers.

How a kill switch should or would work in practice is far from clear. There are two different proposed kill switches: a hardware kill switch that renders a device permanently unusable, or a software alternative that makes a phone unusable to all but the legitimate owner. The technical implementation of transmitting and authenticating the validity of a kill command is some way off, as is the safe and secure transfer of kill switch capabilities to a genuine new owner of a secondhand phone. Also, the top four wireless carriers in the U.S. earned an estimated $7.8 billion in phone protection plan premiums in 2013, so there is unlikely to be a big in a rush to research kill switch products and provide the manpower needed to monitor and regulate a kill switch function.

Various states are in the process of making a preloaded kill switch a legal requirement, and Congress is also considering national legislation. If state laws are passed, it could speed up the development of software and hardware kill switch technology by carriers and phone makers to prevent phone calls, Internet access and the ability to run apps on a stolen phone.

Until it is a more mature technology, enterprises should continue to rely on encryption, remote lock and wipe, and tracking apps to safeguard enterprise data. Also, enterprises should ensure employees always take the physical security of their mobile devices -- whether they are employee-owned or corporate-owned -- seriously. Asset registers should record the serial and IMEI numbers of all devices, as these will be required along with any locations identified by the device's tracking app when reporting a stolen device.

Next Steps

Read an overview of mobile device security

Uncover best practices for enterprise mobile security

This was last published in November 2014

Dig Deeper on BYOD and mobile device security best practices

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Is a smartphone kill switch a good idea? Will it work in an enterprise setting?
I think it could work, but how and when the kill switch is employed should be made very clear to employees, otherwise there's the risk of false 'kills' and loss of trust.