After some lively discussion on Macworld’s forums I came up with a few more thoughts on the subject.
It continually amazes me how people will trade control/privacy/freedom for “Security”. As if some other person, organization or company will always have your own best interest in mind. How often to we act in our own best interest, let alone trusting someone else to do so for us?
A couple of quotes I used during my debate? were from Ben Franklin and an old proverb.
Ben Franklin:
“Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.”
The proverb goes:
The road to Hell is paved with good intentions.
I feel these two statement illustrate the fundamental issues with Apple giving itself this much control. Never mind the security implications which I will get to in a moment.
In this particular case, a company, Apple, has decided that it should have the ultimate say on if an application can be installed on a device they no longer own. To take this to a mild example which may have already happened.. The initial release of the App Store included an application called NetShare. This allowed users to tether their computers to their iPhone for Internet access. Meaning users could access the Internet over their cell phone data plan. This is against at&t’s TOS and they requested that it be removed from the store. Now, with this kill switch, they could also remove it from the phones that had it installed.
The implication of this is Apple is acting as a cop for at&t and enforcing their (at&t’s) policies. This opens a lot of questions about liability and privacy in and of itself, but that is another topic. Why does apple get to decide or even help in the enforcement of at&t’s policy on a device they have no authority over any more. They have transferred ownership the device to the user in exchange for money. Rudimentary property rights.
A more egregious example is what if Joe Developer created an app, started selling it on the App Store and it became immensely popular. Apple, in their insatiable need for $, after all they are a publicly traded company with stockholders, decides they want a piece of that pie. So they develop their own version of the application and start selling it. Maybe it is not as successful or maybe someone decides it is not making enough money for the amount they invested, or maybe Apple just gets greedy and wants the whole pie instead of just a piece. Apple throws the little switch and bam! all of those users who had an application they loved and paid for is gone. Since they still want the functionality, they have to buy it from Apple now. And they really have no choice in the matter since Apple controls the gates to the App Store.
Do you think this is a little far fetched? Apple already pulled an app called Box Office for no reason. Any chance that little application might end up in some Apple provided application in the near future?
The security implications are much worse than the potential wrong doing by Apple. The very fact this exists means that someone else can exploit it. What does it take to get something added to that list? What other functionality can that list or maybe another list provide? What will happen when some cracker gets creates an exploit to take advantage of this? Based on my limited understanding of how it functions, it appears it could be a VERY simple task to exploit this hole. If the device does phone home to a URL, then that means the address can be faked with the DNS vulnerability that is out there. If we take Apple’s response to patching their desktop operating system as an example of their timeliness to respond to something critical, then chances are their iPhone hasn’t been patched yet. (I can not find any mention of it.) Never mind the fact they didn’t even patch it correctly. Do a little DNS poisoning, blacklist the application that provides the phone functionality, and no more phone. Or an even better one. Depending on how the blacklisting works, setup the blacklist to kill Internet access and the phone. It goes to check for new blacklisting and loses Internet, phone, and whatever else you can kill with it (Maybe the docking port?). Now it can’t even go out to get a legit blacklist because it has no Internet access. Ouch.
All of that with out even exploiting anything but a simple existing DNS issue. What other problems could you cause by having better knowledge of the system? Can it be trigger by a local app instead of the phone home function? Could a web page initiate the blacklisting through malicious coding?
The bottom line is, this functionality is bad news. No matter what the intentions were, by having the ability to exert this kind of control on a device remotely will always result in someone taking advantage of it.
no comment untill now