← Back to team overview

ubuntu-phone team mailing list archive

Re: [Development] anti-theft

 

Hi,
Well, bricking down the device fits perfectly on the category (3) of
actions to be taken after the device is declared lost and unrecoverable.
However, I don't think this is too important. I understand this is more a
revenge rather than a direct benefit.

Any plans on how to do that?  An attack to the bootloader? Isn't it
platform dependent?

Interesting Project.

Best Regards,
Felipe.


On Wed, Apr 23, 2014 at 10:13 PM, Yasmany Cubela Medina <yasmanycm@xxxxxxxxx
> wrote:

> Daniel about you say: "That said, being able to remotely "brick" the
> phone (more like locking it down) is probably a vital function for some."
> its like that "lock it down".
>
> I think this app will be a greate one
>
>  S.U.C.C.E.S.S
> Success is a journey, not a destination.
>
>  Ing. Yasmany Cubela Medina:
> Linux user 446757
> Ubuntu user 13464
>
>
> On Wed, Apr 23, 2014 at 8:30 PM, Daniel Holm <d.holmen@xxxxxxxxx> wrote:
>
>> I agree with those goals.
>>
>> About encryption (1) I think that should be taken care of by the system,
>> just like on the desktop. Of course third party apps could take care of
>> parts of that, like LastPass about passwords, but it is not a focus for my
>> app right now. That said, being able to remotely "brick" the phone (more
>> like locking it down) is probably a vital function for some.
>>
>> But the other two goals is definitely a focus.
>>
>> I've named the project and created a project and a team: Redeo (Latin for
>> "I return") its on Launchpad.
>>
>> Vänlig hälsning / Yours sincerely,
>>    Daniel Holm
>>    IT Consultant
>>    Web Developer
>>    Student, Political Science
>>    d.holmen@xxxxxxxxx
>>    http://www.danielholm.se
>> Den 24 apr 2014 01:49 skrev "Yasmany Cubela Medina" <yasmanycm@xxxxxxxxx
>> >:
>>
>>  I think that 3 goals are really the base of a good anti-thief, but the
>>> idea i propose in the first email have one more propose set the phone or
>>> device under some brick status if the owner dont not provide the password
>>> for say something. The idea of having this app preinstalled or under the
>>> main code of the OS its that even if the theif reflash the OS and try to
>>> startit this service or app will ask the first owner password because it
>>> was registered with the device imei under the owner account.
>>>
>>> I dont know if i explain my self i know my english its no so good im
>>> from spanish mother language
>>>
>>> S.U.C.C.E.S.S
>>> Success is a journey, not a destination.
>>>
>>>  Ing. Yasmany Cubela Medina:
>>> Linux user 446757
>>> Ubuntu user 13464
>>>
>>>
>>> On Wed, Apr 23, 2014 at 6:16 PM, Felipe De La Puente <
>>> fdelapuente@xxxxxxxxx> wrote:
>>>
>>>> Hi Guys,
>>>>
>>>> I think it's important to separate the different goals that an
>>>> anti-thief strategy (not necessarily a single app) for the Ubuntu OS should
>>>> meet.
>>>>
>>>> In my opinion, the goals are 3 and different:
>>>>
>>>> 1. Data Protection
>>>> 2. Location Tracking
>>>> 2. Remote access and control
>>>>
>>>> (1) could be addressed by password protection and filesystem
>>>> encryption. I think password protection is a must. The thief won't be able
>>>> to uninstall applications without having the right password for such tasks.
>>>>
>>>> (2) Just about determining location and sending the data through the
>>>> available comm channels.
>>>>
>>>> (3) This will let the owner take actions on the device, such as
>>>> deleting sensitive data, and so on.
>>>>
>>>> If the OS provides a good solution to (1) I think the freedom and
>>>> privacy problems are solved. (2) and (3) are the real goals an anti-thief
>>>> app/daemon should address.
>>>>
>>>> What do you guys think?
>>>>
>>>> Best Regards,
>>>> Felipe.
>>>>
>>>> On Wed, Apr 23, 2014 at 6:26 PM, Daniel Holm <d.holmen@xxxxxxxxx>wrote:
>>>>
>>>>> Hi again guys,
>>>>>
>>>>> >Hello Daniel, thats the idea i was thinking of. I will be happy to
>>>>> help.
>>>>> >
>>>>> >Also i support the idea of pre installed app or merge into the main
>>>>> code of OS to be available by default and unable to uninstall or disable
>>>>> it. What its your approach to sync location and account data?
>>>>>
>>>>> Lovely! I'd give you a ping when the project is up.
>>>>> I want to use U1DB for this since I found it to be absolutely perfect.
>>>>> As long as the app is running, the devices will sync. And due to the
>>>>> convergence, the app will be able to handle all of your Ubuntu devices on
>>>>> any platform.
>>>>>
>>>>> Right now the app will show every added device using your Ubuntu One
>>>>> account. Device is added on start up and identifiers such as IMEI, serial,
>>>>> model and IP will be stored (IP). Also location data if turned on. This is
>>>>> the idea. Let's say that I've lost my phone. I just start up the app on my
>>>>> laptop, click on the phone in device list and set it as lost. May the
>>>>> search begin! See phone on the map using the Location module with the help
>>>>> of the systems built in map support.
>>>>>
>>>>> Also, later (hopefully, otherwise if) when hooks are supported for
>>>>> incoming SMS and calls, the app could hook into the message service and use
>>>>> codes to set the device as lost if no internet is available. Just like Prey.
>>>>>
>>>>>
>>>>> >The system has support for click packages which cannot be removed by
>>>>> the
>>>>> >user. However, if the phone is plugged in to USB and the Android
>>>>> >development tools are used, then the device can be wiped completely
>>>>> >clean, from underneath the OS. There's nothing we can do about that in
>>>>> >the OS itself right now, and any anti-theft support at that low level
>>>>> >would have to be implemented by the hardware vendors, not necessarily
>>>>> as
>>>>> >part of the Ubuntu OS that runs on the device.
>>>>> >
>>>>> >But as far as click packages go, it is perfectly reasonable to have a
>>>>> >pre-installed package that cannot be removed by the user, in normal
>>>>> >operation of the phone. The click package system already supports
>>>>> this.
>>>>>
>>>>> That's wonderful news! Of course ADB could be an issue with lost
>>>>> Android devices as well, right? Hardcore theivs that knows how to wipe
>>>>> phones and stuff will always be a problem. But for the petty thief, which
>>>>> are a majority of the stealer of found devices using Prey are, it's still
>>>>> better than nothing. And as stated, we don't want this to be too low of a
>>>>> level. If there already is support for not that easily removed click
>>>>> packages already, that’s great, and if the app could ship as a part of the
>>>>> system that would be even better - which leads us to the next question:
>>>>> liberty.
>>>>>
>>>>> >Ubuntu-Phone and any other GNU/Linux phone should be all about
>>>>> >digital-freedoms, NOT digital-constraints.  The Ubuntu Phone will be
>>>>> >about YOU, about do-it-yourself(DIY).  Purist DIGITAL-FREEDOM hardware
>>>>> >buyers WILL BUY a phone where you can install/change whatever you want
>>>>> >whenever you want.
>>>>>
>>>>> This is a fine line. Of course the app somehow needs to be removed
>>>>> somehow if it can be installed. But not that easilty that the thief can
>>>>> remove it, than it looses all of it's point and meaning. But HOW easilty
>>>>> removed is the question. Or deactivated from settings. The device has to be
>>>>> added to the device list in the app, if you don't want it, don't add your
>>>>> device.
>>>>>
>>>>> >I support the idea of DIGITAL-FREEDOM and the final user have the
>>>>> real control over the device (software/hardware), but what its the point of
>>>>> having an anti-theft software that any user can disable
>>>>> or uninstall at any moment?
>>>>>
>>>>> Bullseye.
>>>>>
>>>>> And, just as Popey states, there is already a lot of stuff that could
>>>>> be considered as "digital constraints". In this case the app will be fully
>>>>> open source and the user will have all of the authority to handle the
>>>>> devices.
>>>>>
>>>>> /Daniel Holm
>>>>> http://www.danielholm.se
>>>>>
>>>>>
>>>>> 2014-04-23 20:27 GMT+02:00 Rodney Dawes <rodney.dawes@xxxxxxxxxxxxx>:
>>>>>
>>>>>> The system has support for click packages which cannot be removed by
>>>>>> the
>>>>>> user. However, if the phone is plugged in to USB and the Android
>>>>>> development tools are used, then the device can be wiped completely
>>>>>> clean, from underneath the OS. There's nothing we can do about that in
>>>>>> the OS itself right now, and any anti-theft support at that low level
>>>>>> would have to be implemented by the hardware vendors, not necessarily
>>>>>> as
>>>>>> part of the Ubuntu OS that runs on the device.
>>>>>>
>>>>>> But as far as click packages go, it is perfectly reasonable to have a
>>>>>> pre-installed package that cannot be removed by the user, in normal
>>>>>> operation of the phone. The click package system already supports
>>>>>> this.
>>>>>>
>>>>>>
>>>>>> On Sat, 2014-04-12 at 18:53 -0430, Yasmany Cubela Medina wrote:
>>>>>> > I study the idea of prey but it would be an installed app so if you
>>>>>> > could remove it from your phone there is no protection enymore, i
>>>>>> mean
>>>>>> > if the theif could uninstall de app then this solution its no so
>>>>>> > definitive.
>>>>>> >
>>>>>> >
>>>>>> > The main idea its to protect the phone(device) from the core main
>>>>>> > code, some service that will be configured at start and can be
>>>>>> > uninstalled form the system, and only let the phone start if there
>>>>>> is
>>>>>> > an authorized account in the phone(device)
>>>>>> >
>>>>>> > S.U.C.C.E.S.S
>>>>>> > Success is a journey, not a destination.
>>>>>> > Ing. Yasmany Cubela Medina:
>>>>>> > Linux user 446757
>>>>>> > Ubuntu user 13464
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > On Sat, Apr 12, 2014 at 2:11 PM, Daniel Holm <d.holmen@xxxxxxxxx>
>>>>>> > wrote:
>>>>>> >         Hi,
>>>>>> >
>>>>>> >         I've been thinking about this kind of app as well and would
>>>>>> >         very much like one. Since I already use Prey I started there
>>>>>> >         and asked them about an app, but they were not yet
>>>>>> interested
>>>>>> >         in making one for Ubuntu Touch.
>>>>>> >
>>>>>> >         However, as they pointed out, and which already has been
>>>>>> >         discusses, Prey is open source and we could perhaps try to
>>>>>> do
>>>>>> >         a port. Start a project and let people that want,
>>>>>> participate.
>>>>>> >
>>>>>> >         An app like this is our course a very much wanted one. I
>>>>>> don't
>>>>>> >         want to loose my lovely Ubuntu phone ;)
>>>>>> >
>>>>>> >         Vänlig hälsning / Yours sincerely,
>>>>>> >            Daniel Holm
>>>>>> >            IT Consultant
>>>>>> >            Web Developer
>>>>>> >            Student, Political Science
>>>>>> >            d.holmen@xxxxxxxxx
>>>>>> >            http://www.danielholm.se
>>>>>> >
>>>>>> >         Den 11 apr 2014 14:59 skrev "Yasmany Cubela Medina"
>>>>>> >         <yasmanycm@xxxxxxxxx>:
>>>>>> >
>>>>>> >                 Yes i know about prey and of course we dont need to
>>>>>> >                 reinvent the wheel. deliver prey pre instaled and
>>>>>> >                 configured on ubuntu phone will be a very good
>>>>>> >                 starting point, the main idea its that the phone
>>>>>> will
>>>>>> >                 be unsusable if its not unther the first owner
>>>>>> >                 account.
>>>>>> >
>>>>>> >                 S.U.C.C.E.S.S
>>>>>> >                 Success is a journey, not a destination.
>>>>>> >                 Ing. Yasmany Cubela Medina:
>>>>>> >                 Linux user 446757
>>>>>> >                 Ubuntu user 13464
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >                 On Fri, Apr 11, 2014 at 7:27 AM, Facundo Batista
>>>>>> >                 <facundo.batista@xxxxxxxxxxxxx> wrote:
>>>>>> >                         Simos Xenitellis escribió (el 11/04/14
>>>>>> 08:52):
>>>>>> >
>>>>>> >                         >     Did you hear about Pray?
>>>>>> >                         >
>>>>>> >                         >       https://preyproject.com/
>>>>>> >                         >
>>>>>> >                         >
>>>>>> >                         > And to take it a bit further, you are
>>>>>> >                         suggesting to port the client code for Prey
>>>>>> to
>>>>>> >                         Ubuntu Phone,
>>>>>> >                         > https://github.com/prey
>>>>>> >                         >
>>>>>> >                         > (other clients are available at
>>>>>> >                         https://preyproject.com/download )
>>>>>> >
>>>>>> >
>>>>>> >                         It may be an excellent idea if we deliver
>>>>>> Prey
>>>>>> >                         pre-installed.
>>>>>> >
>>>>>> >                         My experience: I just bought a Moto-G phone,
>>>>>> >                         and tried to setup the "location service in
>>>>>> >                         case of theft" of Motorola...
>>>>>> >                         it was too complicated, needed to go between
>>>>>> >                         phone and web several times, couldn't make
>>>>>> it
>>>>>> >                         work.
>>>>>> >
>>>>>> >                         Setting up Prey is a breeze. It's a very
>>>>>> well
>>>>>> >                         thought product.
>>>>>> >
>>>>>> >                         My point is: let's not reinvent the wheel :)
>>>>>> >
>>>>>> >                         Regards,
>>>>>> >
>>>>>> >                         --
>>>>>> >                         .   Facundo
>>>>>> >                         .
>>>>>> >                         Canonical - Ubuntu Engineering
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >                         --
>>>>>> >                         Mailing list:
>>>>>> >                         https://launchpad.net/~ubuntu-phone
>>>>>> >                         Post to     :
>>>>>> ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>>>>>> >                         Unsubscribe :
>>>>>> >                         https://launchpad.net/~ubuntu-phone
>>>>>> >                         More help   :
>>>>>> >                         https://help.launchpad.net/ListHelp
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> >                 --
>>>>>> >                 Mailing list: https://launchpad.net/~ubuntu-phone
>>>>>> >                 Post to     : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>>>>>> >                 Unsubscribe : https://launchpad.net/~ubuntu-phone
>>>>>> >                 More help   : https://help.launchpad.net/ListHelp
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Mailing list: https://launchpad.net/~ubuntu-phone
>>>>> Post to     : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>>>>> Unsubscribe : https://launchpad.net/~ubuntu-phone
>>>>> More help   : https://help.launchpad.net/ListHelp
>>>>>
>>>>>
>>>>
>>>> --
>>>> Mailing list: https://launchpad.net/~ubuntu-phone
>>>> Post to     : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~ubuntu-phone
>>>> More help   : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>
>

References