Daniel Eran Dilger in San Francisco
Random header image... Refresh for more!

Wired’s David Kravets assails Apple over the EFF’s DMCA iPhone case

Eff.Wired-1

Daniel Eran Dilger

Another day passes as Wired continues its populist belittling of the iPhone and Apple, this time uncritically posting the opinions of Electronic Frontier Foundation blogger Fred von Lohmann over his attempt to obtain an exemption from the DCMA that would prevent Apple from being able to use the law to stop copyright infringement of the iPhone’s software. But first, a train wrecks.
.
Arguing for the EFF, von Lohmann says that Apple shouldn’t be able to use the DMCA to maintain the business model that has resulted in the exceptional success of the iTunes App Store, and instead should allow anyone to sell anything to iPhone users, claiming that a Linux-style software market would promote innovation.

Apple argues that a DMCA exemption is simply an attack on its right to sell its product as it sees fit, and that rather than creating innovation, an exemption would destroy Apple’s ability to tightly police software security, stop malicious or abusive apps (including those that adversely impact its carriers’ networks), and promote low prices by curtailing piracy.

It also points out that the EFF presents no evidence for claiming that a Linux-style software market would improve things for the iPhone when it hasn’t worked out too well for Linux PCs or OpenMoko, Greenphone, Android, or another other open mobile platforms.

iPhone Jailbreaking Could Crash Cellphone Towers, Apple Claims | Threat Level | Wired.com
The EFF’s Oddly Informed War Apple’s iPhone Apps
Apple and EFF argue over iPhone jailbreaking
Jailbreak stores plot to plunder iPhone app revenue

Wired is so tired.
Rather than addressing any of the issues involved in this dispute, Wired author David Kravets presents a sensationalist spin which scoffs at the idea that jailbroken iPhones could be used to crash cell towers to disrupt the cellular network or spoof phones that could then be used by drug dealers to make anonymous calls.

Wired mocks the threats outlined by Apple while solely publishing von Lohmann’s opinion, which is that Apple’s claims are preposterous. Despite there being perhaps a million jailbroken phones in circulation, von Lohmann says, “As far as I know, nothing like that has ever happened.”

The point that both Wired and von Lohmann miss is that Apple’s argument says these threats, in addition to other costs and damages Apple claims it will suffer, would result from DMCA exemptions that would make it virtually impossible for Apple to pursue legal redress when problems begin happening. That puts Wired’s scoffing firmly in the position of Birthers laughing off climate change.

Apple has not sued or threatened to sue any individuals for jailbreaking their iPhones; quite obviously, Apple is primarily concerned about commercial attacks on its software, App Store, and consumers, not small scale hacking at home. With Wired and other sources aggressively publishing every possible and hypothetical security threat facing the iPhone, how would Apple fare if malicious attackers were given carte blanche to publish and distribute software exploits with a veneer of legitimacy? Apple’s platform would suddenly have the same overall security as Android and Windows Mobile, which is to say, none.

Nobody bats an eye when Google or Microsoft expose users to security problems, but Wired and other sensationalist rags are the first to suggest that people should cower in fear over hypothetical threats of people hacking into their MobileMe email session via Starbucks WiFi, or spies remotely installing background processes on their iPhone after jailbreaking it, or thieves who might obtain your iPhone to crack it open and read your calendar. Never mind that none of those issues are unique to Apple; Wired has always struggled to survive as a tapeworm attached to Apple’s colon, feeding from the bottom of the source it mindlessly attacks.

Wired Betray

Kim Zetter and the iPhone Root Security Myth
UnWired! Rick Farrow, Metasploit, and My iPhone Security Interview
Japanese “hate” for iPhone all a big mistake
Wired’s Leander Kahney Attacks Steve Jobs, Again

The arrogance of the ignorant.
The focus of Wired’s ironically named “Threat Level” article is applied to the idea of “crashing cell towers,” a subject that has been mocked ever since Steve Jobs described Apple’s work to secure and perfect the iPhone’s software platform as taking into consideration the security of the mobile network itself.

According to both pundits and plebes, there simply is no security threat from phones, and Jobs was just making up crazy talk because he hasn’t been paying attention at all during his last 40 years of soaking in the genius of Silicon Valley’s most competent technology experts.

These are the same critics who laugh when exploits are discovered, essentially preferring to believe that Apple isn’t vigilant enough in securing its web browser software, while also maintaing that Apple’s efforts to secure its radio network software are completely unnecessary.

Government and industry take mobile network security seriously.
In reality, the mobile industry takes the threat of cellular device attacks on networks very seriously. While Wired claims that Android’s “open” platform hasn’t resulted in any attacks on networks, that’s entirely because Google takes the same threat just as seriously.

In fact, while Android offers developers an open source, unrestricted app development platform, it does not expose open access to the baseband processor. Even OpenMoko and Greenphone, both earlier attempt to deliver a wide open phone aimed at hardware hackers in the tinker community, did not expose open access to the baseband processor. There’s a good reason why all these “open phones” don’t expose access to their baseband processor: it’s illegal.

Smartphones are essentially a general purpose computer (usually an ARM-based CPU) connected to a cellular radio (controlled by the baseband processor) via an interface that uses basic AT-style commands to place calls and transmit data, much like an old Hayes modem if you are old enough to remember that sort of thing. Vendors are free to do pretty much anything on the computer side of the device, just as anyone can release a Linux PC. On the baseband side however, the phone can’t be “open,” by law.

Apple iPhone vs the FIC Neo1973 OpenMoko Linux Smartphone
Mac OS X vs Linux: Third Party Software and Security

Why baseband processor firmware is always closed.
The reason for this is exactly what Apple is pointing out: if anyone could freely hack with the baseband processor, the stability of the cellular networks would be compromised. The phone and cellular towers negotiate authorization as well as radio signaling perameters.

A simple mistake in “open” baseband processor firmware could easily result in a phone hogging all the power available on a tower, or even crashing it. In fact, errata in immature baseband firmware frequently causes cellular network problems, which is why Apple works closely with AT&T, as do other vendors with their mobile providers.

So imagine what an expressly crafted attack could do, primarily when carried out over a series of mobile devices numbering into the millions. That’s why cellular radio is strictly regulated by every government on earth.

In other “open” phones, the GSM/UMTS or CDMA firmware is supplied as closed source, and the “open environment” on the general purpose computer side of the device, whether running the Linux kernel or Symbian OS or whatever, can only send it basic “dial this number” type commands.

The Inside Deets on iPhone 2.0.2 and Dropped Calls

Thwarting the DMCA isn’t for home hackers.
The iPhone is entirely closed apart from the capacity to load signed applications from the App Store. When users break the iPhone’s security system to enable the loading of unsigned “jailbreak” apps, they can also gain access to the phone’s baseband firmware, and could potentially replace or modify it.

Users can already do this, but with a DMCA exemption, commercial outfits could claim legitimate legal protection while they distribute jailbreak software installers to build widespread networks of iPhone-bots for DoS attacks on the mobile networks, anonymous cellular calling and phone spoofing, and other organized crime.

Without the ability to leverage the DMCA against software distributors of malicious firmware, Apple could do little to stop it until the problem was as pandemic as the Windows security nightmare that Microsoft has spend the last decade ineffectually trying to address at phenomenal cost, not even considering its vast lost opportunity costs.

With no legal recourse to block distribution of malicious software, you’d have more circumstances like the recent push notification issue where Apple was assailed by Tech Crunch for a “bug” actually caused by hackers distributing the wrong security certificates by mistake.

Hackers break iPhone push messaging, blame Apple
Five Factors Shifting the Future of Malware and Platform Security
Google’s Android Market Guarantees Problems for Users

Let’s see if communism works without a government mandate.
The EFF doesn’t care about the threat this would pose to Apple, just as Mozilla has no reason to worry about Apple being sued over Ogg Theora submarine patents. The EFF is only concerned with establishing a GPL-style mandate that forces Apple to pursue a communal software business model tended by anarchy rather than Apple itself.

What the EFF should do instead is promote Android and other open alternatives that fully support the idea of undirected mobile software anarchy, while letting the market decide whether unlimited tinkering is preferable to a reality-based software market for mobile devices maintained by a reputable vendor accountable for the security of its platform.

It is understandable that the EFF’s ideological politics blind it to the very real threats Apple is presenting in its defense with regard to protection under the DMCA. On the other hand, it is simply irresponsible journalism for Wired to write up a scathing attack on Apple that doesn’t even consult an unbiased source in the phone industry for comment on the legitimacy of Apple’s claims.

For what its worth, Apple’s iPhone engineers never tell me anything about how things work on the iPhone, so I have to consult experts at other companies, including my buddy at… Microsoft. But anyone with an engineering degree could have straightened Wired out, if only David Kravets were more interested in reporting the truth rather than blindly advocating the closed-minded ideological fantasy of Fred von Lohmann.

Ogg Theora, H.264 and the HTML 5 Browser Squabble
Symbiotic: What Apple Does for Open Source

24 comments

1 patrickwilliamwalker { 07.29.09 at 5:11 pm }

Newspapers go bankrupt but Wired is still around. Maybe that’s why I haven’t even touched Wired in over a decade or so. Literally can’t remember.

2 Dave { 07.29.09 at 5:18 pm }

Jailbreaking, in itself, cannot cause the problems that Apple had suggested. The baseband modem in the iPhone is separate and fully locked down. To me, it appears that this statement is coming from someone in Apple who doesn’t know too much about the technology.

The unlock, however, does modify the baseband (though only in RAM). But such an unlock is legal.

Also, when Apple is referring to the ‘exclusive chip identification number’ the seem to be talking about the IMEI. IMEI cloning hasn’t been possible with the iPhone 3G or 3G[s] because of the locked-down baseband. What happens if two phones have the same IMEI? Both get permanently added to the international blacklist.

I must side with the EFF on this; though Apple should not be forced to support software on jailbroken phones (i.e. If the phone is jailbroken, restoring to default state is the first step of diagnosis).

Just my two cents … And I hope I separated fact from my opinion well enough :)

3 bhuot { 07.29.09 at 6:17 pm }

Just because the EFF doesn’t seem to understand intellectual property does not mean that Mozilla is deliberately trying to get Apple sued by supporting Ogg Theora. There are many patents that can apply to MP4 as much or more as Ogg Theora plus the fact that Ogg Theora has not been challenged for so long, it would not be a legitimate challenge to come out now and claim patent infringement. You can have open formats with proprietary software. And even though I love Apple products I also find open formats to be superior in the advantages they offer. As much as Apple makes great products, I don’t want to give up computing if they fail financially and I don’t want people to have to use proprietary software to see my creations and have to pay license fees to access my own creations.

4 nat { 07.29.09 at 6:33 pm }

@bhuot,

Where did Dan say Mozilla was ‘deliberately trying to get Apple sued by supporting Ogg Theora’?

What Dan said was:

The EFF doesn’t care about the threat this would pose to Apple, just as Mozilla has no reason to worry about Apple being sued over Ogg Theora submarine patents.

5 bhuot { 07.29.09 at 6:45 pm }

He keeps on implying that somehow the open source community is somehow in some sort of antagonistic relationship with Apple, because the EFF or some other advocacy organization thinks something. Many open source forums seem to be antagonistic to Apple as well. I don’t see how they are in competition. And I know Daniel has alluded to that but then he throws in digs on open source. You can be pro open source and pro Apple. Just because some Apple supporter or open source supporter says something you don’t agree with, does not mean you have to reject either one.

6 erdgeist { 07.29.09 at 8:07 pm }

What a pity, always like RDM for its precise argumentation. And now this. It’s simply ridiculous defending Apple at this one.

I want to run the software I want on the hardware I pay loads of money for. Period. If Microsoft doesn’t stop me with my WiMo Phone, OpenMoko and Android even encourage me, I expect Apple not to harrass me with some absurd threats backed by outrageous FUD about potential havoc criminals could wreak. Those wouldn’t be so stupid using an extra-expensive baseband board wrapper from Cupertino.

[That's a nice idea, but the reality is that you already can 'run the software you want,' and Apple isn't harassing you with 'absurd threats' for doing so. Instead, as the article points out, Apple is maintaining that it should have the right to retain legal prosecution rights against companies that break its encryption, because doing so exposes the company and its platform to a variety of real problems.

You can disagree and advocate for a Linux-style software market (is that an oxymoron?), but you can't claim Apple has harassed you over jailbreaking.]

The huge amount of jailbroken phones clearly shows, that there is a widespread interest in using software Apple does not approve on an otherwise acceptable device. This interest must not be criminalized by a company locking in its users in a way Microsoft would never have gotten away with.

Daniel, I yearn for you defending Apple when they start dictate what you’re allowed to run on your MBP. I’m sure that will only for your own protection.

[I for one welcome our new overlords! If only Apple would turn my MBP's System Preferences into an App Store that enabled me to pay developers a buck or two in exchange for cool pref panes that added value to my system. I also might pay a buck for clever Dashboard widgets, and certainly for extension modules to Apple TV/FrontRow that enabled me to access things that nobody has the financial interest in doing today because of a lack of a marketplace. - Dan]

7 gwalsh { 07.29.09 at 8:09 pm }

Your defense of Apples practices would if we didn’t read stories like this http://infoworld.com/print/83773 and this http://www.techcrunch.com/2009/07/27/apple-is-growing-rotten-to-the-core-and-its-likely-atts-fault/. Apple seems to prefer fart apps and wet tee-shirt apps to serious ones like Google Talk or a simple book application.

[Or rather, Apple "prefers" to approve anything that doesn't violate its carrier agreements with AT&T. The outcry over app approval by frustrated developers is certainly understandable, but consider that there are +50,000 titles approved in the App Store, and a list of a dozen or two apps that are creating quite a disproportionate "outrage." - Dan]

8 The Mad Hatter { 07.29.09 at 8:45 pm }

OK, so let’s look at this:

1) Hacked IPhones could be a danger to the network – if this is true, it means that the network (and the cell phone towers) aren’t designed properly, and that AT&T and the other phone companies have been negligent.

2) The DMCA itself may not be legal, specifically the section which makes it illegal to modify a device that you have legally purchased.

3) The legislation that makes modifications to the baseband processor may also be illegal under the same arguments.

4) Botnets aren’t illegal. The uses they are put to on the other hand could be, or could attract legal action. No legitimate company would distribute botnet software.

5) The EFF is right, in that I (or anyone else) should be legally able to install any software on the purchased device, including Google’s phone software, even if it does annoy AT&T

6) None of this stops Apple from running it’s own software store successfully, any more than Frostwire and other Gnutella clients stop interfere with Apple’s successful running of a music store, or bittorrent interferes with Apple’s successful running of a video store.

That said, Wired is a poor excuse of a publication. On that I agree with you 100%.

9 studiodave { 07.29.09 at 9:06 pm }

Apple, Keep my phone locked, Keep me safe, Wired Keep sending me that free subscription that I toss into the trash before I open the cover.

Thanks, Dan

10 John E { 07.29.09 at 9:26 pm }

Wired is/are just hit whores. they sold out a long time ago. who cares?

EFF has real and important issues to worry about, no question. but they are flawed with a mile-wide jealous streak about Apple. the public just has not embraced Linux and other 100% open source products. and they won’t for the obvious reason of their fundamental lack of coordination that would make them easy to use and up to date with all the latest stuff, which is nearly all commercial if not also proprietary. so in frustration they piss and moan about most anything Apple does. they want Apple to be their “white knight” but instead it’s just … a business. and a business whose “walled garden” products consumers prefer – voluntarily choose – instead of their “free range” offerings. i feel their pain.

11 Dorotea { 07.29.09 at 10:40 pm }

If you jailbreak, you’re on your own. Don’t call Apple Support. Whether the phone works or it doesn’t is no longer their problem since you’ve changed what they sold you.

I have no idea if software on a jailbroken iPhone can cause problems. I do understand wanting to protect the cell phone company. If there is a decent possibility of causing network problems… then I guess I’m on Apple’s side.

It will be interesting to see what Apple does when the contract with AT&T is done.

12 hmciv { 07.29.09 at 10:54 pm }

We didn’t hear about the EFF’s campaign for a little while after that Shaken Baby app came out. Huh… I wonder why.

13 hmciv { 07.29.09 at 11:21 pm }

BTW as a general critique the article lacks irrationality. To successfully argue against David Kravets one must (for example) illustrate how an iPhone security flaw could allow terrorists to hack the Maps application, coercing motorists to crash into cell phone towers at highway speeds.

14 The Mad Hatter { 07.29.09 at 11:44 pm }

Dorotea:

I do understand wanting to protect the cell phone company. If there is a decent possibility of causing network problems… then I guess I’m on Apple’s side.

If the “decent possibility” for causing network problems is because the Cellular companies didn’t build their networks properly, than why defend them? If they brought this on themselves like Microsoft did with the bad design choices that gave us Windows, then it’s their fault.

15 mrsteveman1 { 07.30.09 at 1:24 am }

Ok, i must be missing something here

“In fact, while Android offers developers an open source, unrestricted app development platform, it does not expose open access to the baseband processor. Even OpenMoko and Greenphone, both earlier attempt to deliver a wide open phone aimed at hardware hackers in the tinker community, did not expose open access to the baseband processor. There’s a good reason why all these “open phones” don’t expose access to their baseband processor: it’s illegal.”

Are we saying the iPhone does expose access to the baseband processor? And that jailbreaking tears down the last line of defense?

16 tact { 07.30.09 at 3:29 am }

Just a comment on the sentiments expressed by many that go like this: “I bought and paid for this device and so should be allowed to modify it any way I like”. Some are using this in reference to iPhone.

There are lots of material possessions we might spend our hard earned cash on, and own outright, and are NOT allowed to modify.
For example – there are laws that prohibit Bluegrass J Redneck from modifying his legally purchased, owned outright, semi-automatic rifle into a fully automatic sawn-off concealable weapon.

For example – it is illegal for Billy P Revhead to make any of a huge list of modifications to his legally purchased and fully owned motor vehicle.

These compare, perhaps properly if there is no distortion in this article, to modifying the radio side of an iPhone.

So do please get over the matter that there may be some parts of your iPhone, yes the one you bought with your cash and own outright, that you are not permitted to modify.

I am NOT saying this applies to the limiting of software that can be run on your iPhone. Different matter totally.

On that totally different matter:
I find it comforting to run my iPhone non-jail broken and run only apps I source from the app store.

Just like I run my Ubuntu box – only ever using software from Ubuntu repositories because I understand it has been screened and approved and thought safe. (just like iPhone + app store)

There are non-official repos full of software I could run on my Ubuntu box. But I don’t. Not on a box I want to be as reliable as my (i)phone day in and day out. ;)

17 oomu { 07.30.09 at 4:26 am }

Daniel Eran Dilger , you are all right here, technically, as always

but, people just want to use their OWN made software on their OWN BOUGHT IPHONE.

There are some criminals wanting to copy commercial software and destroy the world. These horrible filthy persons are criminals and the police will lock them down

but people just want to use their own iphone. Apple needs to allow xcode to create private certificate for free. Not certificate for mass publication on the itunes store

private certificate to use on Our own-paid iphone for our own-made applications.

and you will see, the EFF will let go, people will shutdown Dark Evil blogs speaking about hack

and Apple will be saved from the mischievous hackers

and you will sleep well.

Take care.

Yours sincerely.

18 oomu { 07.30.09 at 4:29 am }

EFF is right, EVERYONE should have the possibility, without hack and crazy schemes, to use their own made applications on their own iphone.

EFF is not about linux, the EFF is not FSF, the EFF is not about opensource or free software or destruction of the world by snoppy-woozy gsm hacking.

You have lost the big picture here: you paid your iphone.

19 Dorotea { 07.30.09 at 7:15 am }

You paid for your iPhone which is hardware and software. It ain’t an iPhone without both.

If I were Apple I wouldn’t support iPhone’s if jailbroken.

20 Raymond { 07.30.09 at 8:39 am }

Perhaps apple could take the wind out the EFF’s sails by allowing locally stored web apps similar to the palm pre. It seems to me that while the EFF has an ideological axe to grind, they pick up common support from people interested in apps that Apple would not support through the app store. Apple already has been moving along this way with bookmarks on the home screen as icons and iPhone 2.1 adding full screen webapp support [ http://ajaxian.com/archives/iphone-full-screen-webapps ] and html 5 support in 3.0.
If apple added local storage then webapps could be come more mainstream. There are many apps in the app store that are little more than glorified web pages. Of course not every kind of app can be made a webapp, but a sizeable number could.

21 Dave { 07.30.09 at 9:27 am }

Apple doesn’t need to support a jailbroken phone. In fact, it’s easy for them not to. Why? Because when a jailbroken phone is restored in iTunes, it’s no longer a jailbroken phone. All Apple has to do is instate a policy that reads “if a phone is jailbroken, it must be restored BEFORE any support is provided.” The current 3G unlock is in-RAM so it gets disabled on restore as well.

As for the potential to disrupt networks … the baseband modem in the iPhone is as locked down as in any “open” 3G phone. So even if you jailbreak, there’s no potential for such problems. The reason for the unlock is tha a buffer overflow exploit was found, but Apple has already patched it for 3.1 .
IMO, SIM proxy cards are more dangerous but those can easily be used on a non-jailbroken phone.

22 stepmuel { 07.30.09 at 8:56 pm }

@The Mad Hatter:

If one can modify the baseband processor, the network _is_ compromised. It’s like being able to cut or modify the wires in a ethernet cable and insert some extra voltage. Or maybe simpler to understand: manipulating traffic lights by bringing your own battery. Except the wires are not hidden in the ground but everywhere. Thats why radio frequencies are regulated.

Even a properly designed radio system is prone to jamming. The GSM Network is even worse: Its security relies mainly on the complexity of the specifications. (I heard of some guys who presented a self made mobile antenna at a german hacker congress. They could make all sort of nasty stuff, like posing as an official provider and catching calls.) I wouldn’t be surprised if the whole 3G Stuff works that Way, too.

But you can’t change this kind of things because there are too many gadgets out there who “need those bugs” to carry on working. If someone had spent some more time and money into the specifications, the situation could be better now. But thats one drawback of the free market economy: nearsightedness: It works, so ship it; and make some money.

23 The Mad Hatter { 07.30.09 at 10:09 pm }

stepmuel,

But you can’t change this kind of things because there are too many gadgets out there who “need those bugs” to carry on working.

Why not? Atari did. Apple did. Commodore did. Microsoft did.

24 What A Baseband Processor Is « David Chin Online { 08.02.09 at 9:09 pm }

[...] Daniel Eran Dilger: Smartphones are essentially a general purpose computer (usually an ARM-based CPU) connected to a cellular radio (controlled by the baseband processor) via an interface that uses basic AT-style commands to place calls and transmit data, much like an old Hayes modem if you are old enough to remember that sort of thing. Vendors are free to do pretty much anything on the computer side of the device, just as anyone can release a Linux PC. On the baseband side however, the phone can’t be “open,” by law.   ← Older Posts | [...]

You must log in to post a comment.