Wired’s David Kravets assails Apple over the EFF’s DMCA iPhone case
July 29th, 2009
Daniel Eran Dilger
Another day passes as Wired continues its populist belittling of the iPhone and Apple, this time uncritically posting the opinions of Electronic Frontier Foundation blogger Fred von Lohmann over his attempt to obtain an exemption from the DCMA that would prevent Apple from being able to use the law to stop copyright infringement of the iPhone’s software. But first, a train wrecks.
Arguing for the EFF, von Lohmann says that Apple shouldn’t be able to use the DMCA to maintain the business model that has resulted in the exceptional success of the iTunes App Store, and instead should allow anyone to sell anything to iPhone users, claiming that a Linux-style software market would promote innovation.
Apple argues that a DMCA exemption is simply an attack on its right to sell its product as it sees fit, and that rather than creating innovation, an exemption would destroy Apple’s ability to tightly police software security, stop malicious or abusive apps (including those that adversely impact its carriers’ networks), and promote low prices by curtailing piracy.
It also points out that the EFF presents no evidence for claiming that a Linux-style software market would improve things for the iPhone when it hasn’t worked out too well for Linux PCs or OpenMoko, Greenphone, Android, or another other open mobile platforms.
iPhone Jailbreaking Could Crash Cellphone Towers, Apple Claims | Threat Level | Wired.com
The EFF’s Oddly Informed War Apple’s iPhone Apps
Apple and EFF argue over iPhone jailbreaking
Jailbreak stores plot to plunder iPhone app revenue
Wired is so tired.
Rather than addressing any of the issues involved in this dispute, Wired author David Kravets presents a sensationalist spin which scoffs at the idea that jailbroken iPhones could be used to crash cell towers to disrupt the cellular network or spoof phones that could then be used by drug dealers to make anonymous calls.
Wired mocks the threats outlined by Apple while solely publishing von Lohmann’s opinion, which is that Apple’s claims are preposterous. Despite there being perhaps a million jailbroken phones in circulation, von Lohmann says, “As far as I know, nothing like that has ever happened.”
The point that both Wired and von Lohmann miss is that Apple’s argument says these threats, in addition to other costs and damages Apple claims it will suffer, would result from DMCA exemptions that would make it virtually impossible for Apple to pursue legal redress when problems begin happening. That puts Wired’s scoffing firmly in the position of Birthers laughing off climate change.
Apple has not sued or threatened to sue any individuals for jailbreaking their iPhones; quite obviously, Apple is primarily concerned about commercial attacks on its software, App Store, and consumers, not small scale hacking at home. With Wired and other sources aggressively publishing every possible and hypothetical security threat facing the iPhone, how would Apple fare if malicious attackers were given carte blanche to publish and distribute software exploits with a veneer of legitimacy? Apple’s platform would suddenly have the same overall security as Android and Windows Mobile, which is to say, none.
Nobody bats an eye when Google or Microsoft expose users to security problems, but Wired and other sensationalist rags are the first to suggest that people should cower in fear over hypothetical threats of people hacking into their MobileMe email session via Starbucks WiFi, or spies remotely installing background processes on their iPhone after jailbreaking it, or thieves who might obtain your iPhone to crack it open and read your calendar. Never mind that none of those issues are unique to Apple; Wired has always struggled to survive as a tapeworm attached to Apple’s colon, feeding from the bottom of the source it mindlessly attacks.
Kim Zetter and the iPhone Root Security Myth
UnWired! Rick Farrow, Metasploit, and My iPhone Security Interview
Japanese “hate” for iPhone all a big mistake
Wired’s Leander Kahney Attacks Steve Jobs, Again
The arrogance of the ignorant.
The focus of Wired’s ironically named “Threat Level” article is applied to the idea of “crashing cell towers,” a subject that has been mocked ever since Steve Jobs described Apple’s work to secure and perfect the iPhone’s software platform as taking into consideration the security of the mobile network itself.
According to both pundits and plebes, there simply is no security threat from phones, and Jobs was just making up crazy talk because he hasn’t been paying attention at all during his last 40 years of soaking in the genius of Silicon Valley’s most competent technology experts.
These are the same critics who laugh when exploits are discovered, essentially preferring to believe that Apple isn’t vigilant enough in securing its web browser software, while also maintaing that Apple’s efforts to secure its radio network software are completely unnecessary.
Government and industry take mobile network security seriously.
In reality, the mobile industry takes the threat of cellular device attacks on networks very seriously. While Wired claims that Android’s “open” platform hasn’t resulted in any attacks on networks, that’s entirely because Google takes the same threat just as seriously.
In fact, while Android offers developers an open source, unrestricted app development platform, it does not expose open access to the baseband processor. Even OpenMoko and Greenphone, both earlier attempt to deliver a wide open phone aimed at hardware hackers in the tinker community, did not expose open access to the baseband processor. There’s a good reason why all these “open phones” don’t expose access to their baseband processor: it’s illegal.
Smartphones are essentially a general purpose computer (usually an ARM-based CPU) connected to a cellular radio (controlled by the baseband processor) via an interface that uses basic AT-style commands to place calls and transmit data, much like an old Hayes modem if you are old enough to remember that sort of thing. Vendors are free to do pretty much anything on the computer side of the device, just as anyone can release a Linux PC. On the baseband side however, the phone can’t be “open,” by law.
Why baseband processor firmware is always closed.
The reason for this is exactly what Apple is pointing out: if anyone could freely hack with the baseband processor, the stability of the cellular networks would be compromised. The phone and cellular towers negotiate authorization as well as radio signaling perameters.
A simple mistake in “open” baseband processor firmware could easily result in a phone hogging all the power available on a tower, or even crashing it. In fact, errata in immature baseband firmware frequently causes cellular network problems, which is why Apple works closely with AT&T, as do other vendors with their mobile providers.
So imagine what an expressly crafted attack could do, primarily when carried out over a series of mobile devices numbering into the millions. That’s why cellular radio is strictly regulated by every government on earth.
In other “open” phones, the GSM/UMTS or CDMA firmware is supplied as closed source, and the “open environment” on the general purpose computer side of the device, whether running the Linux kernel or Symbian OS or whatever, can only send it basic “dial this number” type commands.
Thwarting the DMCA isn’t for home hackers.
The iPhone is entirely closed apart from the capacity to load signed applications from the App Store. When users break the iPhone’s security system to enable the loading of unsigned “jailbreak” apps, they can also gain access to the phone’s baseband firmware, and could potentially replace or modify it.
Users can already do this, but with a DMCA exemption, commercial outfits could claim legitimate legal protection while they distribute jailbreak software installers to build widespread networks of iPhone-bots for DoS attacks on the mobile networks, anonymous cellular calling and phone spoofing, and other organized crime.
Without the ability to leverage the DMCA against software distributors of malicious firmware, Apple could do little to stop it until the problem was as pandemic as the Windows security nightmare that Microsoft has spend the last decade ineffectually trying to address at phenomenal cost, not even considering its vast lost opportunity costs.
With no legal recourse to block distribution of malicious software, you’d have more circumstances like the recent push notification issue where Apple was assailed by Tech Crunch for a “bug” actually caused by hackers distributing the wrong security certificates by mistake.
Let’s see if communism works without a government mandate.
The EFF doesn’t care about the threat this would pose to Apple, just as Mozilla has no reason to worry about Apple being sued over Ogg Theora submarine patents. The EFF is only concerned with establishing a GPL-style mandate that forces Apple to pursue a communal software business model tended by anarchy rather than Apple itself.
What the EFF should do instead is promote Android and other open alternatives that fully support the idea of undirected mobile software anarchy, while letting the market decide whether unlimited tinkering is preferable to a reality-based software market for mobile devices maintained by a reputable vendor accountable for the security of its platform.
It is understandable that the EFF’s ideological politics blind it to the very real threats Apple is presenting in its defense with regard to protection under the DMCA. On the other hand, it is simply irresponsible journalism for Wired to write up a scathing attack on Apple that doesn’t even consult an unbiased source in the phone industry for comment on the legitimacy of Apple’s claims.
For what its worth, Apple’s iPhone engineers never tell me anything about how things work on the iPhone, so I have to consult experts at other companies, including my buddy at… Microsoft. But anyone with an engineering degree could have straightened Wired out, if only David Kravets were more interested in reporting the truth rather than blindly advocating the closed-minded ideological fantasy of Fred von Lohmann.