[GRLUG] kill switches

[Adam Tauno Williams]

> <awilliam at whitemice.org> wrote:
> > Don't think it is "good" or "bad", I think it is just necessary.  And
> > every cell phone has the ultimate kill-switch:  the provider terminates
> > your service.   Since cell networks are both fragile and [now] necessary
> > to public safety I'd see the inability to nuke a rogue app as a serious
> > flaw.  As an admin of a large-ish network I, and I assume most others,
> > make sure various kill-switches (firewalls,...) are in place.
> Really?  I see the fragility as the serious flaw.  I'd expect any
> admin worth his salt to say the same.

A constrained-bandwidth / shared-bandwidth / shared-spectrum (RF)
network is inherently fragile.  Sure it is a "flaw".   Maybe God will
accept a patch.

> > Possibly.  But it doesn't mean you can do anything about it.  The phone
> > will only run firmware that has been digitally signed (a *very* good
> > thing).  Imagine a malicious app that managed to alter the firmware of a
> > million phones....
> MUCH easier to accomplish if all the phones are running identical
> manufacturer-mandated firmwares.  _All software has bugs_ and often
> those bugs are exploitable.  Heterogeneous networks of devices
> speaking a range of openly designed and vetted protocols are the only
> sane response to security threats with unknown vectors and payloads.

You have a heterogeneous network of devices;  there are android phones,
blackberry phones, WinMobile phones, OpenMoko phones, Symbian phones,
etc... all of which are using "a range of openly designed and vetted
protocol".   The cellular networks protocols are very well documented.

> >  Signed firmware means the phone will stop working if
> > it's firmware is corrupted [altered].
> Assuming the routine that checks this is infallible, and can't be
> corrupted or altered - something no one has managed to accomplish yet
> (try talking to the video game console manufacturers about it).

The point isn't to be "infallible", the point is for it to be
reasonably difficult.

> > It is a device designed to be connected
> > to a public network.
> Right.  Because that's _entirely different_ from a Personal
> Devic..err...Computer connected to the Public Net...err...Internet.
> Totally different.

Yes, it is ENTRELY different.  First, your PC connects to an ISP (which
does regulate your traffic) and has dramatically more bandwidth
available [even on a slow connection] than is available on the cellular
network.  Scale does change the nature of the problem.  Secondly, and
much more importantly, a PC is not used to report that (a) your father
is having a heart attack, (b) your son just got hit by a car, (c) your
house is on fire, or (d) some maniac with a machine gun just hi-jacked a
bus.  The cell phone network *MUST* work 99.999% of the time.  If your
PC gets locked out of the Internet for a few hours - nobody cares.

> > The integrity of the network must be a consideration.
> The network can mind it's own integrity.  I'll mind mine.

The integrity of a network is the sum of the integrity which exist in
that network.  Hence SPAM, etc... the Internet has very low integrity.

> > Also the news story would probably read "Thousands of
> > Verizon users have their phones hi-jacked today...." so the carrier
> > needs to have a recourse since it will be their name dragged through the
> > mud.
> Huh?  I thought we already established that situation was more likely
> to happen with a vendor-enforced monoculture.

They've done a pretty darn good job so far in prevent that from
happening.


> > Yes.  If I was the admin of a cell network it is certainly a feature I'd
> > want.
> If everyone was given everything they wanted, there'd be no one left
> to want anything.

How did we get from this to "everything"?