two messages (read both please) on Apple climbs on the cybergeddon bandwagon

[David Farber <dave () farber net>]

From: Richard Bennett <richard () bennett com>
Date: July 29, 2009 4:44:15 PM EDT
To: dave () farber net
Subject: RE: [IP] Re:  Apple climbs on the cybergeddon bandwagon
Reply-To: richard () bennett com

Dave -

Here's something on wireless entitlement, for IP if you wish.

The reactions to Apple's arguments against jailbreaking the iPhone  
display remarkable ignorance about how wireless networks are designed  
and operated. The assertion that the iPhone is no different in  
principle from the Princess phone is downright silly. The Carterfone  
regime worked because the PSTN's handset interface is inherently quite  
limited - 3 Khz of analog bandwidthm, a simple dialing protocol, and a  
simple ring protocol are all it contains. The interface between a 2G/ 
3G device and the network includes three different network protocols,  
mutiple QoS profiles, a number of power management protocols, and a  
host of control protocols. Not all devices implement these functions  
the same way, so the argument that "it works on Android, so it has to  
work on the iPhone" is nonsense.

Wireless network interfaces differ in terms of which functions are  
burned-in to hardware and which are implemented in software. To cite  
an example that's pretty well known, the Atheros Wi-Fi chips have a  
lot of knobs for power-level tuning implmented in software. Each  
device is calibrated during the manufacturing process and adjustments  
are made at system init time to compensate for manufacturing  
variations in the analog section. The open-source Madwifi driver for  
NetBSD and Linux has traditionally shipped with a binary-only version  
of the tuning code because adjusting these levels too high violates  
FCC regulations. The binary code can still be hacked, but there's a  
due diligence thing going on about making the hack too easy.

Android may very well be designed in such a way as to require wireless  
interface hardware that can't be hacked in such a way as to bring down  
the network or to flood the local tower. If that's the case, the  
software can afford to be more open than Apple's, which is apparently  
designed in such a way that software developers have more access to  
critical parts of the wireless protocol implementation. You'd think  
that people who like software-defined radios would appreciate the fact  
that such systems can be manipulated for ill as well as for good.

The EFF's arguments assume that the hardware underneath Android works  
the same way that the iPhone hardware does. This may or may not be the  
case, but the EFF's argument that "As far as I know, nothing like that  
has ever happened” is “more FUD than truth.” Hardly anybody has an  
Android phone, so it's not an interesting target for black hats.

Richard Bennett

Begin forwarded message:

From: Fred von Lohmann EFF <fred () eff org>
Date: July 29, 2009 5:47:56 PM EDT
To: David Farber <dave () farber net>
Cc: Seth Schoen <schoen () eff org>
Subject: Re: [IP] Re:   Apple climbs on the cybergeddon bandwagon

Dave-

If Apple and AT&T have network security weaknesses that could be  
exploited by modified iPhones, nothing about the DMCA is going to  
protect them.

According to the operator of the most popular independent app store  
for iPhones, Cydia, more than 4 million unique, jailbroken iPhones  
have accessed Cydia's servers in the past 2 months. So if Apple and/or  
AT&T are afraid that jailbroken iPhones could have their basebands  
modified and then be used to launch attacks on cell towers, that risk  
already exists. Obviously, other laws make these actual attacks  
unlawful, so no one is talking about legalizing attacks on cell towers  
(assuming these risks are real -- again, Apple just spreads FUD  
without any specifics or examples -- perhaps this will yield  
interesting presentations at next year's Defcon).

The question is whether all the *legitimate* uses for jailbroken  
iPhones (see, e.g., Google Voice, Cycorder, Sling, etc) should be held  
hostage by the DMCA because the iPhone could be misused (again,  
understanding that "bad guys" already have unlimited access to  
jailbroken iPhones).

Moreover, the issue that the Copyright Office must decide in the DMCA  
rule-making is whether jailbreaking violates copyright law, not  
whether it's good for cell tower security. And in any event, robust  
security testing using jailbroken iPhones is probably our best hope of  
getting network security improved. "Security through wishful thinking  
that iPhones will remain unmodified" sounds like "security through  
obscurity" to me.

The argument that jailbreaking must be forbidden by the DMCA really is  
the same one the MPAA is making about ripping DVDs -- if you allow  
people to rip DVDs, well, they might actually do it. And some people  
might use this power to infringe copyright. Of course, software like  
Handbrake and DVD Shrink are already in wide circulation, so the bad  
guys already have this power. But we have to stop all the good guys,  
because... well, just because.

Fred von Lohmann
EFF




From: David Farber [mailto:dave () farber net]
Sent: Wednesday, July 29, 2009 12:51 PM
To: ip
Subject: [IP] Re: Apple climbs on the cybergeddon bandwagon



Begin forwarded message:

From: "David P. Reed" <dpreed () reed com>
Date: July 29, 2009 3:31:35 PM EDT
To: dave () farber net
Cc: ip <ip () v2 listbox com>
Subject: Re: [IP] Apple climbs on the cybergeddon bandwagon

This reminds me of the rationale put forward by AT&T in the Carterfone  
case.  (I don't think the Hush-a-Phone case involved bringing the  
entire world to a crashing halt, but perhaps someone who was closer to  
that earlier case would know).

If this were actually true - that a single iPhone hack could bring  
down the world - then we are doomed already.  Frankly, I would be  
happy to testify based on facts on the Carterfone side of this  
ridiculous argument.  But more importantly, the "new AT&T" and its  
lawyers (and now Apple) would do well to see how well that argument  
prevented the catastrophe that hit AT&T due to Judge Green's breakup  
of the "old AT&T".   (well, it was a catastrophe to the old AT&T, but  
served the world quite well, IMO).

Monopolies with huge bank accounts to buy Congress's attention will  
always try these ridiculous scaremongering arguments. It's the  
corporate version of scare the people.   (remember that 802.11 was  
going to cause planes to crash, and even had some "experts" who  
claimed that planes *had* crashed, before we got the latest news that  
the corporate wifi provider market was locked up by a politically  
connected provider or two?)


Archives        






-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com