39

In connection with recent events, I, as an ordinary citizen of Russia, wonder - can smartphone manufacturers (Google, Apple, Huawei, etc.) or any another (such as Microsoft, Cisco etc) remotely turn off my phone (or any another device)? I see questions like this have been asked, but they usually say "remote enable" and mine says otherwise.

Recently, there have been constant warnings on various forums that it is urgent to disable all updates on both desktop computers and mobile phones, saying that with the next update, all phones will turn into a pumpkin. As I understand it, this is more of an informational occasion to collect likes and views, but nevertheless the question remains serious - how much can manufacturers influence their customers and have there been similar precedents in world practice?

RoyalGoose
  • 1,005
  • 6
  • 9
  • 1
    I think your observation is spot-on: "this is more of an informational occasion to collect likes and views". Trolls like to stir up fears, especially during times of crisis. Ignore them. – John Deters Mar 06 '22 at 16:44
  • 4
    Short answer: [yes](https://www.gnu.org/proprietary/proprietary-drm.html). [Tesla too](https://www.gnu.org/proprietary/malware-cars.html). – Trang Oul Mar 07 '22 at 08:51
  • Wouldn't your phone "turn into a pumpkin" (or, to be more precise into a Nokia 3310) if Google/Apple online services are blocked? This is much more likely to happen than outright remote bricking. – Dmitry Grigoryev Mar 07 '22 at 15:04

8 Answers8

38

All of these devices (iPhones, Android phones, even laptops with Windows and macOS) have some kind of "Find my lost device" capability these days. All of them also feature the ability to lockdown and disable device remotely (for purposes of theft prevention).

There's nothing stopping the device vendor (Apple, Samsung, Google, Microsoft, etc.) from sending such a lockout signal themselves and locking you out of your device. They only really need to know your Apple ID/Samsung/Google account. And it doesn't even require a software update.

Of course, it's just much easier to ban the device from mobile network via IMEI/IMSI (also commonly used to disable stolen devices) and that can be done with by the local mobile operator without cooperation of American corporations.

Mavrik
  • 537
  • 1
  • 3
  • 7
  • 2
    Apple’s had the ability to remotely brick iPhones since iOS7: https://www.cultofmac.com/255262/big-u-s-carriers-dont-want-iphone-muggings-to-go-down/ Police had been asking for it for a year or more at that point due to the number of iPhone muggings – Joe Mar 06 '22 at 14:00
  • 2
    “There's nothing stopping the device vendor (Apple, Samsung, Google, Microsoft, etc.) from sending such a lockout signal themselves and locking you out of your device” - citation needed? It’s plausible that the iPhone require the iCloud password to obey the lockout signal - a password Apple doesn’t have. – Tim Mar 07 '22 at 14:27
  • It's plausible, but nothing especially points towards that - especially not the rest of iCloud design from the time the feature was introduced. But feel free to correct me. And let's not forget that there are many other venues in how Apple can disable a given iPhone remotely (they have ability to push carrier configuration silently for example). – Mavrik Mar 09 '22 at 09:35
31

Examples of this happening? The Samsung Galaxy phones (I forget which model) that had the bad battery design that kept exploding. Multiple updates were pushed out that, among other things, disabled charging of the battery and eventually that simply shut them down. There was also one that disabled many of their features before this happened.

https://duckduckgo.com/?q=exploding+samsung+galaxy+gets+firmware+update+to+stop+charging

ALL mobile phones have this "capability" should the manufacturer use it. They make and control the firmware updates sent to each phone. In a way (more by lack of action than by something done), it happens all the time, since the manufacturer usually won't bother to make more than a token few software updates before it gets dropped in favor of the next model or Android version (I've been corrected; they are supposed to remain updated for at minimum two years. This still seems short, though). This means that they become outdated sooner than their actual hardware specifications should imply. I actually know someone with a higher-spec phone than mine running a fairly recent Android who can't run some apps because said app expects Android updates for that version from the last 6 months and the manufacturer already stopped updating it (also, some manufacturers don't usually provide updates that fresh, period).

(I'm also told you can disable updates, but if there's a "device disabler" feature in some specific one, it's not like you're going to be told that. Usually you'd want to keep it updated, too.)

There are also numerous "find my device" apps and utilities baked into many phones, which can certainly do this (that's what they're for). Since this is done through the OS provider, we're forced to trust that said company won't just activate it themselves for some reason (or that some government won't ask them to do it either). You frequently can disable these, but again, most usually won't or won't even know it's an option.

As for desktops - it's very possible as well. Many do have "LoJacK" or equivalent enabled, which again has very low-level access to the computer (on some, it's even built into the BIOS rather than the operating system). There are few details available to the public, but it's quite likely that even with it "off" (that is to say, you've never activated it yourself) it can still be used at the option of the manufacturer.

Dell, for instance, puts it in the BIOS - https://duckduckgo.com/?q=dell+bios+lojack

Making matters worse, Intel, AMD, and ARM produce various "security" (usually more for the security of media streaming companies via DRM/rootkits-by-any-other-name than security for you) or "management" systems for their CPUs that are used in enterprise-grade machines to monitor, locate, control, and manage said machines. This hardware module has beyond-top-level hardware access over the Internet (it can read your RAM or hard drive without your knowledge or ability to detect, and attempting to completely remove it will cause your computer to shut itself down on its own after a few minutes of usage).

(NOTE: I was not referring to TPMs here. I think it can be argued that those are beneficial. What I meant was sandboxing like ARM TrustZone or equivalent, where usually the only or main thing running on there is your DRM engine. I suspect, but do not know, that tracking software like LoJack would also be run in these. Windows 11 will now be using this feature to "protect" certain OS components as well, but my personal suspicion is that this is also to protect against pirated Office installs and to better secure their DRM.

I'm not sure about how long ARM (TrustZone) has also been doing this, but theirs is present in all smartphone-grade processors produced by them at minimum. Even a lot of their microcontrollers have some version of one of these features.)

Interestingly, modules like ME are also present (but allegedly turned off via software) in every single consumer-grade CPU sold from the former two manufacturers since approximately 2006.

https://github.com/corna/me_cleaner

I've looked more into this, and if Wikipedia can be trusted on this, it runs on a separate physical chip near the CPU and presumably does have backdoored access into at least the Ethernet connection (probably not Wireless, though):

The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system, for what support exists in various Ethernet controllers, exported and made configurable via Management Component Transport Protocol (MCTP).

https://en.wikipedia.org/wiki/Intel_Management_Engine

RDragonrydr
  • 491
  • 1
  • 3
  • 6
  • AMT is a premium feature you have to pay for, not something that is surreptitiously enabled without your awareness. ME and PSP have nothing to do with DRM, and their TPM function is in fact of big help for security. Also, it's already some good number of years that every legit Android phone is required to be provide at least two years of updates. And TrustZone doesn't do anything if the main CPU isn't requesting "services" from it. – mirh Mar 05 '22 at 14:15
  • If this is true about CPUs, wouldn't it mean that any information that is meant to be secure can never be put inside a system with an Intel, AMD or ARM CPU? What do government agencies such as CIA, MI6, etc use as CPUs? – Blueriver Mar 05 '22 at 14:30
  • "ALL mobile phones have this "capability" should the manufacturer use it" <-- this is largely untrue and at least oversimplified. On many/most devices, whether to accept updates is configurable and you can simply turn it off. And of course it can be blocked by network-level blocking of whatever server the device contacts to look for updates. – R.. GitHub STOP HELPING ICE Mar 05 '22 at 17:40
  • "This hardware module has beyond-top-level hardware access over the Internet" <-- this is also largely false. Depending on specific model, such access is likely on a separate physical ethernet port designated management, or depends on a particular configuration. There is indeed a risk that they inadvertently or purposefully exposed it on the main interface, but this would require munging network traffic in a way that would break things in ways visible to the actual OS, and it's not simple to make that work at all. – R.. GitHub STOP HELPING ICE Mar 05 '22 at 17:44
  • @Blueriver Looks like there's a special setting for the government that partially disables the IME: https://en.wikipedia.org/wiki/Intel_Management_Engine#%22High_Assurance_Platform%22_mode. – eesiraed Mar 05 '22 at 23:49
  • Thank you for the clarifications. I _have_ seen laptops with ME that don't have separate networking (no idea how that works either), but I didn't mean to imply that DRM was the same as ME/PSP there. The two *do* have different purposes. I also wasn't referring to TPM *per se*, but at least for x86 machines, stuff like SGX **is** mainly used for DRM (and now your Blu-Rays will show in low resolution because Intel's getting rid of it for new CPUs). TrustZone is the ARM equivalent, and again, frequently used to run DRM for all the apps/YouTube "cache videos for later" paid feature. – RDragonrydr Mar 06 '22 at 16:07
  • I wasn't aware that you could deny updates to your phone OS. I've never seen the option, but perhaps I don't know how to find it. However, I believe the Samsung shutdown updates *were* pushed somehow, if I recall correctly, so it might not be a hard shutoff. On another note, there's also a thing quietly known in the open phone industry that the "baseband" (radio unit) is running its own proprietary firmware. No one really knows what that does, but it's suspected to have potential surveillance applications and I've heard they're often badly implemented to have lots of hardware access. – RDragonrydr Mar 06 '22 at 16:12
  • Nvidia did also a distant shutdown of their shield tablets when they found an issue with some batteries controllers. It was done via an update that would brick the tablet. – f222 Mar 07 '22 at 11:39
19

In the case of smart televisions, not only can it be done, but it has been done - see this Samsung press release.

A number of Samsung televisions were stolen by looters. Samsung had a list of which televisions were stolen, so the moment anyone tried to activate the smart functions of one of those televisions, it was remotely disabled.

Simon B
  • 904
  • 5
  • 7
  • 2
    Pretty much any smart device has this feature. I'm also familiar with any number of smart devices that have been discontinued where all models of that device just stop working because they're older. Or the ones where the company didn't do their budgeting and ran out of money to run their cloud - same results. These aren't individualized/personal attacks, but I'm surprised that people just accept this as okay. – RDragonrydr Mar 04 '22 at 22:13
13

There are a couple of different ways to tackle this question:

  • is there, right now, a means for any manufacturer, using existing means, to send a signal that turns off a device?
  • is it possible for an update to add this feature?
  • has it happened?

It would be very dangerous for a manufacturer to include this feature as a normal function. This would mean that the device is not under the customer's full control. If this was known to customers, they would not buy the device. If the manufacturer were to use this feature, the lawsuits would pile up overnight. So, no, this is not a normal feature.

Could an update add this feature? Of course. Updates are designed to alter how the device functions. It would be trivial to add such a feature in an update.

But it has not happened. As soon as a manufacturer did it, no one would trust the manufacturer. So it is never in the manufacturer's best interest to do it.

A long time ago, there were attempts by TV and VCR makers to control what a customer did with their devices. These controls were built in at the time the device was made, so it wasn't an "update". But even that level of transparent control by the manufacturer was resisted and consumers "voted with their wallets" and forced manufacturers to change. So manufacturers have a long history of experience of what happens when they try to control something that their customers have bought.

  • so what control could a government exert?

Controlling the device is not the most efficient method. Especially since there are so many different devices. To control all devices at once, you simply control the network the devices use. And governments already have that control.

schroeder
  • 125,553
  • 55
  • 289
  • 326
  • Comments are not for extended discussion; this conversation has been [moved to chat](https://chat.stackexchange.com/rooms/134617/discussion-on-answer-by-schroeder-can-the-manufacturer-remotely-turn-off-my-devi). – schroeder Mar 07 '22 at 13:31
5

Fully controlling a modern networked device is quite a challenge even if the vendor doesn't actively sabotage you.

And a vendor that doesn't sabotage you in this regard is a rare find in itself.

There is quite a pressure over a smart device vendor:

  1. They want to protect their "intelectual property"
  2. They want to limit their liability if they mess something (see Samsung Note 7 battery fires or any published software vulnerability)
  3. They may want to add or remove features on the fly that depend on their partnerships with third parties.
  4. They may have legal obligations to assist law enforcement and/or simply the "legitimate government" (for any meaning of the "legitimate government").
  5. They need to be friendly to their partnering network operators by supporting their business model
  6. Security bugs happen. Some of them are bad enough to allow not only the manufacturer, but also unrelated third parties, to mess with your smart device functions - up to and beyond rendering it unusable.

etc, etc...

This is why they create backdoors here and there (sometimes in unexpected places) in the smart device software.

Smart phones and tablets with completely free (i.e. auditable and supposedly backdoor-free) software (both vendor-provided or installable by the customer) are rare, a lot of them obsolete and generally not attractive to the general consumer.

fraxinus
  • 3,458
  • 6
  • 20
3

Whether this is possible depends on whether the manufacturer shipped a backdoor in the product, and if so, whether that backdoor is exposed to them. Backdoors could take either a

  • passive form, listening for some specially crafted network traffic sent to them and performing an action as a result, or an
  • active form, continually executing code that reaches out to a command and control server (note: this term is usually used for malware, but I don't distinguish it here because it's the same thing) and either executing commands published by it, or downloading updated software from it.

The former is widely recognized as malicious, and not very useful to the manufacturer because they'd need to know your network location and have a way to route unsolicited packets to your device in order to attack it. However, "automatic updates" are widely acclaimed as a security "feature", and there's not consensus anymore that this kind of phone-home-to-c&c behavior is malicious.

If your device has an option to turn off automatic updates of the system and vendor-bundled software, it's likely that you can prevent them from having any such control over your device. Also, using it only behind a router configured to block access to their c&c (if you can find out what it is; you can probably see this by observing network traffic and looking for background connections to hosts with suspicious names), you should be able to prevent this.

Finally, if you can get third-party OS firmware for the device (e.g. LineageOS for many Android phones) that's not running the manufacturer's software (or at least not running it in a privileged context), they no longer have any backdoor to it.

  • "they no longer have any backdoor to it" => really? Anyone looked at the modem firmwares these days? They usually have a full-blown gnu/linux inside (and sometimes even a full-blown old Android). LineageOS people don't touch these. – fraxinus Mar 07 '22 at 18:35
  • @fraxinus: My understanding is that the modern SoC architectures actually isolate these reasonably well. The eMMC partitions for them are fairly small (IIRC in the tens of MB?) so I doubt they're running Android but they could be running a minimal Linux. And the manufacturer really has no reliable means to access them (although it's more plausible that the *carrier* might have a way). They're designed to be updated from the OS-side update process, if at all, not on their own. – R.. GitHub STOP HELPING ICE Mar 07 '22 at 22:42
  • Whether that's all actually the case? I'm not sure. It would make a good question in itself. – R.. GitHub STOP HELPING ICE Mar 07 '22 at 22:43
  • Of course, you are free to ask. Some architectures isolate, most don't and those who do are of particular interest of some groups (e.g. ReplicantOS, phones like PinePhone or Librem). The devices of interest are either designed like this or researched and documented. Modern designs tend to skip isolation because it requires additional circuity and power budget. And, in the context of the main Q it is irrelevant if there is isolation because the modem is a vital part of the phone. Turn the modem off and you have a shiny wifi-only gaming device. Wifi itself is not safe either (own cpu and fw). – fraxinus Mar 08 '22 at 07:54
2

There are different levels of “can”. For example, if Apple right now decided that they hate you, could they turn your phone off? Most likely not. Could they make a change to their infrastructure or to the software on your phone so they could turn off your phone? They probably could. Would they do it? Not likely, because the ability being there is a security hole, and doing it would cause very bad negative press.

You can register your phone with “Find my phone”. If you do, first it will report its location to apple who will report it to your other devices. Turning your phone off won’t prevent it. (Your phone will be whimpering on Bluetooth low energy “I’m lost” and any iPhone nearby will report it anonymously to apple. Including the iPhone of the thief stealing your phone).

You can shut down this phone from another device. This will sent a message to apple, which will send a message to your phone, which will shut itself down. I think this requires some code specific to your phone that only your other devices have and apple doesn’t so apple can’t shut down your phone that way - but they could. What you have to trust is the integrity of apple, and the integrity of its software developers, and if any of them had been asked to add this ability, someone would have told the public.

Apple can do automatic updates if you ask for them. Could they do automatic updates without you asking? Possibly. Can they? Possibly not. It has been said that apple could disable any app that you purchased, but apple has never done that, and supposedly apple would only do that to stop active malware where any sane user would be happy if it was stopped. And this is more of a rumour.

Last, software contacts apple servers to get services. That is something that apple could stop. There would be legal problems. Refusing to sell goods is one thing, but not delivering paid for services is something different.

(Don’t know enough about Android)

gnasher729
  • 2,107
  • 11
  • 16
1

Said elsewhere in more detail, and perhaps less directly.
This is the simple version.

  • IF your phone has a "find my phone feature" which also allows you to disable and control your phone in various ways, then the manufacturer very likely can too.

  • If your phone has NOT got a remote disable feature which you can access, then the manufacturer could have added or in future could add one without your knowledge, should they choose.

Both the above assume that various permissions can be overridden by manufacturers. This also is a case of "they can make it so that they can do it if they want to".