A violent cellphone crime wave sweeps the US

iPhones and other smartphones are attractive theft targets, and the industry is struggling to find a technology solution

On Feb. 27 in the middle of the afternoon, a 16-year-old girl was walking through San Francisco's Mission District when she was ordered at gunpoint to hand over her cellphone. The robbery was one of 10 serious crimes in the city that day, and they all involved cellphones. Three were stolen at gunpoint, three at knifepoint, and four through brute force.

Incidents of cellphone theft have been rising for several years and are fast becoming an epidemic. IDG News Service collected data on serious crimes in San Francisco from November to April and recorded 579 thefts of cellphones or tablets, accounting for 41 percent of all serious crime. On several days, like Feb. 27, the only serious crime in the city was cellphone thefts. (See the interactive map with the details of these thefts.)

[ If you're in San Francisco, watch out! Here's where your cellphone is likely to be stolen. | Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter. ]

In just over half the incidents, victims were punched, kicked, or otherwise physically intimidated for their phones, and in a quarter of robberies, users were threatened with guns or knives.

The cellphone crime wave spans the nation
This isn't just happing in tech-loving San Francisco, either. The picture is similar across the United States.

In Washington, D.C., cellphone thefts account for 40 percent of robberies, while in New York City, they make up more than half of all street crime. There are no hard numbers on which phones are most popular, but those most in demand  by thieves appear to be those most in demand by users: iPhones.

It's easy to see why the thefts are so rampant. Criminals can quickly turn stolen phones into several hundred dollars in cash, and phone users are often easy targets as they walk down the street engrossed in the screen and oblivious to their surroundings.

It shouldn't be this way. With built-in satellite positioning and reliance on a network connection, it should be easier to track them down. So why is theft still such a problem?

A big reason is that, until recently, there had been little to stop someone using a stolen cellphone. Carriers quickly suspend phone lines to avoid thieves running up high charges, but the phone itself could be resold and reused. It was and still is easy with modern smartphones that accept SIM cards, which were introduced to allow legitimate users to switch phones easily.

What the carriers are doing to make theft less profitable
Reacting to pressure from law enforcement and regulators, the United States' largest cellphone carriers agreed early last year to establish a database of stolen cellphones. The database blocks the IMEI (international mobile equipment identity) number, a unique ID in the cellphone akin to a car's VIN (vehicle identification number). The number is transmitted to the cellular network when the phone connects and remains with the phone no matter what SIM card is inserted.

In theory, once added to the list, a phone cannot be activated on any U.S. carrier. But the system is not perfect. For it to work, phone users must notify their carrier of the theft and in some cases provide the IMEI themselves. There are also limitations to its scope. "The blacklist is good, but one of the easiest things we can do to make it more effective is more worldwide data sharing," said Kevin Mahaffey, CTO of mobile security company Lookout. "There is some sharing in different parts of the world, but not all operators share their lists."

In the United States, that's beginning to happen, said Chris Guttman-McCabe, vice president of regulatory affairs at the CTIA, an industry trade group. AT&T and T-Mobile, which share a common network technology, have a common database and all U.S. carriers plan to have a single database up and running by November that covers phones based on the new LTE cellular technology.

U.S. carriers have also begun supplying information to an international database that covers 43 countries, and the FCC has been talking to Canada, Mexico, and some South American countries about getting on board, said Guttman-McCabe.

So now, the main push is to educate users about the existence of the block list and get them to secure their phones with a password, screen lock, and software that can remotely track or wipe a stolen phone. Smartphone makers committed to include this information with new phones sold from the beginning of this year.

Even if universal, a global blocklist still would have shortcomings. While technically difficult, it's possible in some phones to rewrite the IMEI number, providing them with a new identity and bypassing the network lock-out.

What Congress and law enforcement is advocating
In an attempt to combat this, Sen. Charles Shumer (D-N.Y.) introduced a bill into the U.S. Congress last year (S.3186) that sought a five-year jail sentence for anyone who rewrites an IMEI number. The bill was referred to the Judiciary Committee, but it died when the congressional session came to a close.

"To me, while well intended, that's not necessarily where the solution is," said George Gascón, San Francisco's district attorney. "We already have way too many people in prison, we have enough laws on the books, and the last thing we want to do is continue to take young people and put them in prison for long periods of time. What we need to do is remove the marketability of these items," he said.

Gascón, who has become one of the most outspoken members of the law enforcement community on the issue, is proposing the electronic equivalent of a self-destruct command. "What we need is a technical solution, we need a kill switch that, when a phone gets reported stolen, the manufacturer or the carrier or a combination of both are going to render that phone inoperable anywhere," he said.

To work, it would have to rewrite the phone's basic software so the device becomes completely useless and cannot be restored, even if it was later recovered. Think of it as a "nuclear wipe" option.

Carrier resist the notion of a "nuclear wipe" option
Gascón says his message hasn't been received well by the carriers. "I started last year by meeting with one of the carriers," he said. "They seemed to be genuinely concerned and wanted to set up a follow-up meeting."

The second meeting, between Gascón, representatives of the four major carriers, and the CTIA didn't get far. "It became very clear to me from the beginning, as the lobbying group took the lead on this, that they felt they had done all they were going to do," he said.

The CTIA disagrees with his assertion."I really think it's important for people to know that we recognize this is important for law enforcement," said Guttman-McCabe. But he doesn't support the idea of an electronic kill switch. "Think of all the times people lose their phone and then find it, and imagine how consumer-unfriendly it would be if the carrier hit a kill switch," he said. "All of a sudden, you have a high-end smartphone that's useless, and you have to buy an unsubsidized phone." For now, the CTIA is sticking to its stolen phone database plan and isn't looking at other possible solutions.

The kill switch wanted by Gascón would probably not be perfect, but could help, said Lookout's Mahaffey. "It would be very difficult to build anything that is impossible to take off a device," he said. "You can make it so difficult that all but the most sophisticated thieves can get around it. As we've seen with jailbreaking, no matter how much effort Apple put in, there will always be a way around it."

For now, the best thing phone users can do is try to avoid having their phones snatched in the first place. "If you need to talk on your phone, we ask that you just step to the side of a building, put your back against the building, make your phone call or make your text, but then also be aware of what's going on around you as well. That makes a huge difference," said Officer Dennis Toomer of the San Francisco Police Department. He said most thefts occur because users are texting or talking on phones while walking and not paying attention to their surroundings. "Day or night, you should always be aware of what's going on around you," he said.

In Washington, D.C., a series of crime-prevention posters show photographs of people using cellphones in public. In the pictures, the cellphones are overlayed with an image of a hundred-dollar bill and the tag line "This is how thieves see you on the street."

Phone users are also encouraged to install tracking software in their phones. Apple has the Find My iPhone feature, and a number of applications exist for other phones that allow users to remotely track a phone's position and delete data stored on the device. They require the phone to be switched on and connected to a network, but often thieves don't immediately switch off stolen phones.

If a phone is promptly reported stolen, police can sometimes locate the device and the thieves using such applications. "As with any security, there is no silver bullet, there's no one thing you can do," said Mahaffey. "But that doesn't mean we shouldn't do it. We should continue to find better ways to solve these problems."

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies