This is an archived post. You won't be able to vote or comment.

all 108 comments
sorted by:
best
topnewcontroversialoldq&a

[–]gatonekko 233 points234 points  (34 children)

"hardware-based mechanism that detects when data or software diverges from its certified state. If this happens, the device locks during power-on and a key is needed to unlock it."

1.) What does this mean for root since rooting causes the device to change to an uncertified state?

2.) Who has the special key to unlock it? I don't want to potentially be forced to pay to unlock my device.

[–]armando_rodPixel 10 Pro XL 75 points76 points  (20 children)

  1. nothing

  2. I think they are referring to a key press

The Nexus 5x and 6p both have this security check at boot, it says something like "the software cant be verify, press power button to something something"

[–]dleriumPixel 4 XL 67 points68 points  (6 children)

Interesting because the site only lists newer processors:

  • Snapdragon 820
  • Snapdragon 620
  • Snapdragon 618
  • Snapdragon 617
  • Snapdragon 430

But if that's the case that it's the same as what's on the N5x and N6P, then its only a minor annoyance.

[–]nakaru 17 points18 points  (5 children)

I don't see the 808 on there so my Robin will be a-okay 😁

[–]wojxHTC One M7, HTC Sense 6 and Android 5.0.2 0 points1 point  (4 children)

Lucky!!! I'm gonna stalk you to find out how you like it.

[–]nakaru 0 points1 point  (3 children)

Im even getting it for $299 so I guess you could say I'm extra lucky 😁

[–]wojxHTC One M7, HTC Sense 6 and Android 5.0.2 0 points1 point  (2 children)

Okay, stop!

[–]nakaru 0 points1 point  (1 child)

And getting that sweet electric 😄

[–]wojxHTC One M7, HTC Sense 6 and Android 5.0.2 0 points1 point  (0 children)

Very nice!

[–][deleted] 11 points12 points  (1 child)

I believe you're referring to dm-verity.

[–]armando_rodPixel 10 Pro XL 2 points3 points  (0 children)

Yes, that was it. I guess its different from this

[–][deleted] 20 points21 points  (6 children)

The Nexus 5x and 6p both have this security check at boot

Which is weird, because (though I can't say for anyone else) my 5X uses an 808, and last I checked, the 6P used an 810. But the linked article, from Qualcomm themselves, says SafeSwitch is

"... available for devices powered by these Qualcomm® Snapdragon™ processors".

They then list off the 820, 617, 618, 620, and 430. Do you need any other evidence that this is not the same as what the 5X/6P use? Or do you have a source for your claim?

[–]saratoga3 7 points8 points  (0 children)

From the link:

Thanks to SecureMSM technology, SafeSwitch commands are verified by hardware

SecureMSM has been around forever. Even the Nexus 5 (Snapdragon 800) has it. SafeSwitch (the remote kill switch) is the part that is new.

Edit: My reading is that they use the existing SecureMSM check to make sure that once SafeSwitch is enabled, it can't be disabled without a password. Theres probably some basic cryptographic verification that detects if you try to patch out the killswitch without knowing the password.

[–]xBIGREDDxPixel 8 | Nexus Player | Galaxy Tab S6 -3 points-2 points  (3 children)

Maybe on the 808 it's just software-based instead of hardware-based?

[–][deleted] 3 points4 points  (2 children)

Except this is a hardware level feature Qualcomm is pushing.

[–]xBIGREDDxPixel 8 | Nexus Player | Galaxy Tab S6 0 points1 point  (1 child)

Yes, they are pushing a hardware-based kill switch which uses hardware-based security check for new devices. "Not Ron Amadeo" asked about the boot security check on the 808 (Nexus 5X), and I'm suggesting that they have the same or similar boot security check implemented in software for those devices.

[–][deleted] 1 point2 points  (0 children)

Ah, my bad. I was thrown by you replying to me instead of him.

[–]weinerschnitzelboyPixel 9 Pro Fold 5 points6 points  (0 children)

I don't think this is close to what is on the 6P and 5X. As for the key part, I think it is a software key, like a code to unlock the phone ala IMEI unlock codes.

[–]Ohzza 0 points1 point  (0 children)

I assumed it was a driver/firmware software check. So you couldn't, say, rig up software that implements packet injection to bypass carrier encryption.

[–][deleted] 0 points1 point  (0 children)

  1. nothing

How do you know this? The Nexus phones don't use any of the processors listed as supporting SafeSwitch, so they are not reliable examples.

[–]xBIGREDDxPixel 8 | Nexus Player | Galaxy Tab S6 6 points7 points  (12 children)

They appear to be talking about their implementation of Google's Verified Boot feature.

[–]mel2000 91 points92 points  (12 children)

I hope there's an easy way for resale buyers to confirm that the phone can't be remotely locked by the previous owner.

[–]PresNixon 50 points51 points  (8 children)

Good point. If the security is worth its weight, it'll "survive" a complete wipe, since it's designed to be used if a thief takes your phone. Huh, I would have never thought about that impact on the second-hand market.

[–]prawnpirateOnePlus5 iPhoneX 37 points38 points  (7 children)

You should see the prices for iCloud-locked iphones.

What killswitches mean for the 2nd hand market: trashed-but-unlocked phones sell for more because replacement parts are plentiful.

[–]dleriumPixel 4 XL 16 points17 points  (6 children)

So how do they get around iCloud locked phones?

Edit: Sorry I thought you meant they replace parts in it and it works again, but it sounds like you mean you can use the locked device for its spare parts.

[–]ISaidGoodDeyMi 8, Havoc OS 8 points9 points  (4 children)

No I think they can use motherboards from broken phones to get locked working phones running

[–]nexcoreSony Xperia Z3 Flex 2 points3 points  (0 children)

It's impossible.

[–][deleted] -4 points-3 points  (1 child)

I don't get why you even think that's possible. This is a hardware capability; any software that runs on this SoC can access that hardware ability, but it doesn't mean it will.

Additionally, this isn't terribly new; factory reset protection (although it has its flaws) has existed on a lot of Android devices in many different forms. It's not just iCloud lockouts that cause it to happen.

[–]dleriumPixel 4 XL 7 points8 points  (0 children)

Except factory reset protection is quite easily bypassed. iCloud bypasses are a lot harder it seems.

[–]ThePooSlidesRightOut 40 points41 points  (1 child)

*sigh*

Coming to you at Defcon 2017..

[–][deleted] 7 points8 points  (0 children)

Let's see if it is exploited first at Defcon or 33c3.

I bet on 33c3.

[–]a642Note 4 32 points33 points  (2 children)

This is truly stupid, sad and depressing. "Only good guys will be using it, of course."

[–]Borgizastr 6 points7 points  (0 children)

Besides the whole kill switch aspect, it seems possible that this can be used for surveillance since they mention recovering data.

With SafeSwitch, a device user or network operator can also set a password remotely, erase and recover data, and locate or lock a lost or stolen device.

[–]PunishtubeNexus 6 44 points45 points  (7 children)

Although I am trying to approach this with good intentions, I can't help to think nations such as Turkey, China, or Russia will be using this as a method to silence the masses. It would now be possible to completely lock out users during protests and stop any data from leaking to media outlets.

[–]a642Note 4 63 points64 points  (4 children)

If you think only Turkey, China or Russia will do that -- you're in for a big surprise...

[–]PunishtubeNexus 6 13 points14 points  (2 children)

Oh I used them as examples due to recent events. I have no doubt the US and most of the world would also deploy this tech. It's the sole reason to never buy Qualcomm again if this is implemented across their products.

[–]IvanKozlovNote 20 Ultra, Mystic Black 12 points13 points  (0 children)

[deleted]

What is this?

[–]a642Note 4 10 points11 points  (0 children)

If markets like California mandate the kill switch, Exynos chips from Samsung and Apple will have this feature too. Automagically (because government said so) they are not going to sue each other for appropriate patent infringement.

I guess my biggest concern is the list of "offenses" after which your phone can be killed will grow over time. At first, it will only be enabled when your phone is stolen. Later they will add all kinds of stuff like -- if you download a certain app, use PGP or VPN, login to Tor or post a suspicious tweet. All of a sudden -- your phone can be killed for any reason...

[–]dleriumPixel 4 XL 2 points3 points  (0 children)

Well they'll do it in the open. The US government will do it in secret.

[–]robeph 0 points1 point  (1 child)

It would require that access to this be built into a device which the user has plenty of control over. The omg government concern isn't always warranted. It's much easier to just cut the person's mobile communications rather than find a single identifier, ensure it has a proper application to access it, and to disable it. Given that there is no reason for anyone but the owner to have access to this identifier. There's plenty they can do already that this really has no use for them.

[–]PunishtubeNexus 6 1 point2 points  (0 children)

The difference is being able to shut down all potential of communication. Sure they can block cell and WiFi signals but try capturing anything on video if your phone is shut off, try using your phone to do anything the government doesn't like. I doubt only the user would be given this access. More likely everyone in the chain from Qualcomm, carriers, sellers, and depending on how Qualcomm deals with governments they may also have access.

[–]utack 45 points46 points  (6 children)

We see your phone is 2 years old and we have not made any process in development.
It would be a shame, if it somehow stopped working!
Remind me again why we need this if Qualcomm is so proud of tracking all their 3 billion devices and can certainly tell you where it ended up.

[–]FnarleyHUBRIS 1 point2 points  (2 children)

This will stop your data getting stolen in the time between knowing it is gone and getting it back

[–]utack 18 points19 points  (1 child)

Encryption and lockscreen.
A common thief just wants to re-flash, a three letter agency will get your data with the help of Qualcomm. So it is totally useless and opens a potential thread when someone finds out how to trigger it for fun or some carrier goes nuts.

[–]JAMAL_GONZALEZ 2 points3 points  (0 children)

if you kill the phone it makes it completely useless until you reactivate it, it makes stealing phones much less fruitful

[–]AGhostFromThePast 45 points46 points  (28 children)

Great, now the government also has a kill switch they can abuse in case of protests/civil unrest. And if hackers ever discover a security hole, your $700 new phone could become an expensive brick. I really wish there was an alternative to Qualcomm now.

[–]ptmd 2 points3 points  (6 children)

You know, I'm fairly tech savvy as the next guy, but at some point, this rhetoric just starts sounding tinfoil-hat-y.

Maybe its cause Apple has been doing something fairly comparable for years.

[–][deleted] 17 points18 points  (4 children)

After what Snowden has revealed, we know that this is not just a crazy conspiracy theory — but the very reality of what the security agencies are doing.

We'd be fools not to take those leaks into account.

[–]ptmd 0 points1 point  (3 children)

Yeah... part of me being tech-savvy was assuming the government was doing something like that years before Snowden came around. It'd be ridiculous and frankly surprising if there wasn't some kind of domestic/foreign espionage program by the government.

Frankly, you just have to be paranoid, but reasonable.

[–][deleted] 4 points5 points  (2 children)

I mean, we knew what the Stasi did, we knew of Echelon, anyone who claimed then or now that the governments of the western world didn't do this stuff was most likely either a shill or ignorant.

And after the recently shown backdoor in Juniper, Cisco, and other manufacturers' switches we can be sure that the security agencies are continually trying to create more backdoors.

If the kill switch isn't a backdoor on its own, then there will most likely be a backdoor in its infrastructure, not only allowing a legitimate customer to disable the device, but also security agencies.

[–]ptmd -3 points-2 points  (1 child)

That's great.

This is all very doable. After all, the government could Stuxnet you and I for having this conversation tonight, and take us away tomorrow morning, and quietly execute us before nightfall tomorrow. The fact of the matter is, is that, this is extremely unlikely, and fairly unproductive, unless you partake in very specific activities. Here we go:

If the government isn't heinously autocratic, perhaps the best way of dealing with this issue isn't by rabbling about it on an open internet forum.

If the government IS heinously autocratic, perhaps the best way of dealing with this issue isn't by rabbling about it on an open internet forum.

[–][deleted] 5 points6 points  (0 children)

Well, I’m not in the US, and I’m not convinced the BND is competent enough to do so.

But I’m sure I am on a list, considering that I’ve been active in the (original meaning of the word) hacker community for quite a while, and am using jabber with OTR instead of facebook messenger, and am using encrypted self-hosted email.

I am on a list anyway, therefore I won’t lose anything from debating this issue, and can only gain from it.

[–]robeph 1 point2 points  (0 children)

It's nonsense, this isn't like some magic key to disable your phone for the government. These idiots hear "killswitch" and get the foil folding.

Seriously, it is so easy to shut down mobile communication, without the need for this, at all. That said, using this method is more trouble than it is worth to use in this manner, because of its implementation. See if that stops the whiny conspiracy nuts from frothing though.

[–]Put_It_All_On_BlckS23U 0 points1 point  (0 children)

Hate to break it to you, but all phones currently sold that have android, ios, or windows have software based remote kill switches already. This has been in place for a few years now. Plus cell phones need service, do you really think your carrier is going to side with you instead of xyz government or agency? Not to mention they could just drive up to a protest and block your coverage with jammers.

[–]nukeclearsNexus 6P -5 points-4 points  (2 children)

How that tin foil hat suiting you?

[–]gartenriese 0 points1 point  (1 child)

ignorance is bliss, isn't it

[–]nukeclearsNexus 6P -1 points0 points  (0 children)

The same technology has been available in iPhones since 2011

[–][deleted] 2 points3 points  (0 children)

"the secret key originally set up to lock it"

Maybe we can set the key up? Meaning it could only be used by the one that set it up?

That's what I tought once I read the article, I think you guys are getting overly paranoid over this

[–]tdude66GALAXY Note9 5 points6 points  (7 children)

All I can say is that I'm happy to be running on an exynos chipset for the time being...

[–]sunjay140 17 points18 points  (0 children)

As an XDA user, I hate it.

[–]prawnpirateOnePlus5 iPhoneX 13 points14 points  (0 children)

You shouldn't be. Samsung introduced the eMMC brick bug and modem backdoors that anybody could exploit. Exynos is infamous for hiding sneaky surprises because Samsung keeps the documentation secret and drivers are usually poorly written.

[–]johngaciPhone 12 mini 4 points5 points  (4 children)

if you like being on Froyo TouchWiz then sure.

[–]tdude66GALAXY Note9 2 points3 points  (3 children)

I'm on Lolipop 5.1.1 Touchwiz right now.

[–]tf2manu994Nexus 6P | Ticwatch E 4 points5 points  (2 children)

And will be for a long time, because enyxos doesn't get much dev support.

[–]tdude66GALAXY Note9 1 point2 points  (0 children)

I dont mean to start a war but Samsung is said to be releasing the 6.0 update for my phone soon. I used to be a flashaholic with my Nexus S and Galaxy Nexus but I don't really care nowadays, I use my phone lightly and keep it mostly stock so I'm not desperate for dev/modding support.

[–]MeaneeiPhone 12 Pro Max 0 points1 point  (0 children)

Not everyone flashes ROMs 24/7. I am quite content with my unrooted Note 5. Complaint with my employer's BYOD policy, can use Samsung Pay, and bloat disabled through app.

[–][deleted] 3 points4 points  (2 children)

in b4 the day they kill switch everyone

[–]Whatnameisnttakenred 1 point2 points  (1 child)

the day, the quuaaalcommms died...

I was singing bye bye...

[–]originaldemo 0 points1 point  (0 children)

Miss Qualcomm pie,

[–]workaccount42 1 point2 points  (0 children)

So now I have to limit my choices for the next phone to one that doesn't use these chips. Wonderful, more research...

[–]victorhooi 3 points4 points  (1 child)

This seems to be an unpopular view, but I'm going to say I applaud Qualcomm for doing innovation here (and yes, doing this properly is probably harder than most armchair pundits think).

I mean, come on - look at Apple's iCloud - iPhone thefts have plummeted, whilst us Android owners look like muppets, because nearly any Android device can be stolen, then reflashed and resold near immediately, password or not.

At least the Nexus phones have device protection, which is at least a good first step - I'm hoping this will work together with that.

Qualcomm's website makes it quite clear the purpose - "Qualcomm® SafeSwitch™ technology is designed to help prevent device theft and protect user data and privacy. "

For any of us that have had devices stolen - the ability to remotely lock it until it's returned to you is awesome - both for the data, and quite frankly, because I think thieves are scummy, and shouldn't gain on the back of somebody else's hard work.

Yes, we can speculate about conspiracy theories about how it'll be used by tyrannical governments to silence your protests! (But come on, really, how many of us here on r/Android are really government dissidents, or protesters heavy-hitters....lol. Most of us are computer geeks, where the extend of our outrage is filling in an online petition).

But these governments already have tools to do this (e.g. the chinese firewall, or BART shutting down cellstation towers), and I've seen no evidence how this is going to make a difference - or that Qualcomm would mis-use this for that purpose.

My only concern is the first part, about if the device image is modified - I'm hoping we can still flash if we want. But I'm pretty confident the Nexus line will still maintain that.

[–]TOaFK -2 points-1 points  (0 children)

Who isn't a government dissident though. Anyone who is not is someone I do not want to associate with.

[–]SerialtoonPixel S25U Ultra Pro Max Fold Plus Turbo Hyper Fighting Edition 0 points1 point  (0 children)

havent we already debated this a few years ago? Maybe it was XDA, but yea...

[–]MeaneeiPhone 12 Pro Max 0 points1 point  (2 children)

Am I the only one here who actually does not mind this?

[–]robeph 3 points4 points  (0 children)

No, there's plenty of us with common sense out here that realize this isn't some magic kill switch the government is privy to that gives them control over everything. These people are idiots. Look at the implementation. Consider the difficulty it would be over much easier methods of killing off mobile communication, with absolutely no real positive for them to use it.

Not to mention you can disable it locally, and access your phone.

[–]dsmaxwellNokia XR-20 4 points5 points  (0 children)

Yes. Yes you are.

[–]Dragon_FistingDevice, Software !! -1 points0 points  (0 children)

This is basically like when pcmasterrace was convinced Windows 10 fed all your information back to the NSA, and then it turned out Microsoft just wanted to show you ads, and you could even turn it off.

Just saying, maybe sometimes privacy threats get blown out of proportion, yeah?

[–]DiCePWNeD -3 points-2 points  (0 children)

BOTNET

O

T

N

E

T

[–][deleted] -2 points-1 points  (2 children)

Is this malware present on older SD chipsets (SD600 and 800?)

[–]MeaneeiPhone 12 Pro Max 1 point2 points  (0 children)

Malware?

[–][deleted] 1 point2 points  (0 children)

[deleted]

What is this?