[GRLUG] kill switches

Tim Schmidt timschmidt at gmail.com
Fri Oct 17 09:43:17 EDT 2008


On Fri, Oct 17, 2008 at 8:03 AM, Adam Tauno Williams
<awilliam at whitemice.org> wrote:
> Don't think it is "good" or "bad", I think it is just necessary.  And
> every cell phone has the ultimate kill-switch:  the provider terminates
> your service.   Since cell networks are both fragile and [now] necessary
> to public safety I'd see the inability to nuke a rogue app as a serious
> flaw.  As an admin of a large-ish network I, and I assume most others,
> make sure various kill-switches (firewalls,...) are in place.

Really?  I see the fragility as the serious flaw.  I'd expect any
admin worth his salt to say the same.

> Possibly.  But it doesn't mean you can do anything about it.  The phone
> will only run firmware that has been digitally signed (a *very* good
> thing).  Imagine a malicious app that managed to alter the firmware of a
> million phones....

MUCH easier to accomplish if all the phones are running identical
manufacturer-mandated firmwares.  _All software has bugs_ and often
those bugs are exploitable.  Heterogeneous networks of devices
speaking a range of openly designed and vetted protocols are the only
sane response to security threats with unknown vectors and payloads.

>  Signed firmware means the phone will stop working if
> it's firmware is corrupted [altered].

Assuming the routine that checks this is infallible, and can't be
corrupted or altered - something no one has managed to accomplish yet
(try talking to the video game console manufacturers about it).

>   Cell phones these days contain a
> treasure trove of personal information even besides the ability of a
> collection of phones to wreak havoc on the network.

Right.  Which is why they must only obey _one_ owner.  I'll give you a
clue...  I'm not talking about the phone company (or any other company
for that matter - or the government).

> It isn't a "personal device".

Bullshit.

> It is a device designed to be connected
> to a public network.

Right.  Because that's _entirely different_ from a Personal
Devic..err...Computer connected to the Public Net...err...Internet.
Totally different.

> The integrity of the network must be a consideration.

The network can mind it's own integrity.  I'll mind mine.

> Also the news story would probably read "Thousands of
> Verizon users have their phones hi-jacked today...." so the carrier
> needs to have a recourse since it will be their name dragged through the
> mud.

Huh?  I thought we already established that situation was more likely
to happen with a vendor-enforced monoculture.

> They get no virtue points for this from me;  if they hid it, it would be
> bigger news when someone discovered it later.  And then it would seem
> more nefarious.

OK.  We agree on something.

> Yes.  If I was the admin of a cell network it is certainly a feature I'd
> want.

If everyone was given everything they wanted, there'd be no one left
to want anything.

--tim


More information about the grlug mailing list