Windows 8 and Android kill switch, threats to privacy

The news is sensational and is associated with the imminent spread of the new operating system from Microsoft, Windows 8. The Redmond has announced in its systems the presence of a “kill switch” feature, a system that allows the company to remotely access the terminal to proceed with the killing of processes that could cause technical or legal problems to the system.
Obviously the news is creating a lot of noise, widely this mechanism is considered an attack on the privacy of every citizen and scare the audience. Microsoft defended itself first by clarifying that the applications that can be “killed” in the remote are solely those downloaded from their AppStore, all the others obtained by other means are excluded from this policy and the new OS allows users to install applications in freedom from any media (USB,DVD) or directly from the internet.

Microsoft also added that the feature has been developed to counter the growing threat in the mobile environment, a world in which the spread of malware is reaching alarming numbers. The feature would allow, in the event of a pandemic diffusion, to make a surgical and massive procedure against those agents that cause problems. Without doubt the approach suggested by Microsoft would be extremely effective in the fight against malware and would inhibit the spread dramatically of dangerous agents, however, raises many questions regarding the privacy of its users. Some experts say the mechanism could in fact be used for other purposes to which many fantasize.

Microsoft is not the only company that have developed a kill switch feature for its product, it is already happened for example with Google and its product Android. The Google’s Android Market has been targeted by attacks several timed during the last months. the platform has been used to spread malware hidden inside fake app and games. The unsuspecting user in this way, while accessing one official store, was circumvented and in a short his system was infected.  To fight the malware diffusion Google uses an unknown kill switch system to remove the malicious code from the user’s smartphone, consider that in this way more than 250,000 infected Android smartphones have been protected.

Anyone worried about this firms having complete access to our devices, the first way to have a complete control of our digital lives.

Do not forget that many of these devices are used not only by common people but also by politicians, government representatives and corporate executives. The more time passes the more I’alarmed by the improper use of this devices in critical sector without any perception of the cyber threat. Italian politicians make extensive use of systems such as iPhone and iPad, it is considered a status symbol for them, however they are completely unaware of the danger of exposure of their data and their interests.
The ability to work remotely using Kill Switch or through any other system over the air raises many questions about the status of these devices in sensitive areas. Companies should first openly declare the use of tracking mechanisms and remote management of terminals. Especially in critical areas it must be made carefully evaluated all technological features of used devices, unthinkable in my opinion that a political put their own reports and documents within a cloud architecture ignoring almost everything. Where are hosted on our information, who manage them and in what jurisdiction? At the risk of appearing anachronistic, I would prohibit absolutely the use of certain devices if not properly hardened.

Governments like the United States have been pioneers in this, the DoD (Department of Defense) has customized a version of the popular Android OS for internal usage. The hardened version of the Android operating system that the Defense Department is developing originated from research into improving the security of mobile devices for military use. For the Android kernel, DARPA built a secure host system consisting of a customized version of the Android 2.2 operating system. The DARPA team also added data and data-at-rest authentication, and the ability for the software to check data integrity.

Whereas the spread of mobile devices presents a significant trend of growth, even in areas such as military, it is essential an awareness campaign on cyber threats and it is also desirable that the manufacturers provide greater transparency on functional choices regarding its products and their impact on user’s privacy.

The success pass through collaboration.

Pierluigi Paganini