On the topic of the iPhone Killswitch, it only took a few days for an enterprising developer to make a killswitch for the killswitch. For some though, the solution may be a problem. It requires you to have a jailbroken phone to install it.
After some lively discussion on Macworld’s forums I came up with a few more thoughts on the subject.
It continually amazes me how people will trade control/privacy/freedom for “Security”. As if some other person, organization or company will always have your own best interest in mind. How often to we act in our own best interest, let alone trusting someone else to do so for us?
A couple of quotes I used during my debate? were from Ben Franklin and an old proverb.
Ben Franklin:
“Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.”
The proverb goes:
The road to Hell is paved with good intentions.
I feel these two statement illustrate the fundamental issues with Apple giving itself this much control. Never mind the security implications which I will get to in a moment.
In this particular case, a company, Apple, has decided that it should have the ultimate say on if an application can be installed on a device they no longer own. To take this to a mild example which may have already happened.. The initial release of the App Store included an application called NetShare. This allowed users to tether their computers to their iPhone for Internet access. Meaning users could access the Internet over their cell phone data plan. This is against at&t’s TOS and they requested that it be removed from the store. Now, with this kill switch, they could also remove it from the phones that had it installed.
The implication of this is Apple is acting as a cop for at&t and enforcing their (at&t’s) policies. This opens a lot of questions about liability and privacy in and of itself, but that is another topic. Why does apple get to decide or even help in the enforcement of at&t’s policy on a device they have no authority over any more. They have transferred ownership the device to the user in exchange for money. Rudimentary property rights.
A more egregious example is what if Joe Developer created an app, started selling it on the App Store and it became immensely popular. Apple, in their insatiable need for $, after all they are a publicly traded company with stockholders, decides they want a piece of that pie. So they develop their own version of the application and start selling it. Maybe it is not as successful or maybe someone decides it is not making enough money for the amount they invested, or maybe Apple just gets greedy and wants the whole pie instead of just a piece. Apple throws the little switch and bam! all of those users who had an application they loved and paid for is gone. Since they still want the functionality, they have to buy it from Apple now. And they really have no choice in the matter since Apple controls the gates to the App Store.
Do you think this is a little far fetched? Apple already pulled an app called Box Office for no reason. Any chance that little application might end up in some Apple provided application in the near future?
The security implications are much worse than the potential wrong doing by Apple. The very fact this exists means that someone else can exploit it. What does it take to get something added to that list? What other functionality can that list or maybe another list provide? What will happen when some cracker gets creates an exploit to take advantage of this? Based on my limited understanding of how it functions, it appears it could be a VERY simple task to exploit this hole. If the device does phone home to a URL, then that means the address can be faked with the DNS vulnerability that is out there. If we take Apple’s response to patching their desktop operating system as an example of their timeliness to respond to something critical, then chances are their iPhone hasn’t been patched yet. (I can not find any mention of it.) Never mind the fact they didn’t even patch it correctly. Do a little DNS poisoning, blacklist the application that provides the phone functionality, and no more phone. Or an even better one. Depending on how the blacklisting works, setup the blacklist to kill Internet access and the phone. It goes to check for new blacklisting and loses Internet, phone, and whatever else you can kill with it (Maybe the docking port?). Now it can’t even go out to get a legit blacklist because it has no Internet access. Ouch.
All of that with out even exploiting anything but a simple existing DNS issue. What other problems could you cause by having better knowledge of the system? Can it be trigger by a local app instead of the phone home function? Could a web page initiate the blacklisting through malicious coding?
The bottom line is, this functionality is bad news. No matter what the intentions were, by having the ability to exert this kind of control on a device remotely will always result in someone taking advantage of it.
Back on the 7th it was being reported that a secret URL can be used by Apple to disable apps on iPhone. Today it was confirmed by Job’s that the Kill Switch does indeed exist.
I posted a nice comment over on Wired’s article about this.
As the old proverb goes.. “The road to Hell is paved with good intentions.” Sure, Apple could have all of the best intentions to “only” use the switch when there is a ‘bad’ app out there. But as it has already been proven, Apple has not been very clear on what it defines as “bad”. Take a look a the I Am Rich app. It did nothing malicious, but Apple didn’t like it so they yanked it.
What about jailbreaking? Will it allow them to kill apps that were installed after the phone has been jailbroke?
Take it a simple step further, what else can they do with this ‘kill switch’? Is it limited to killing 3rd party applications or can it also kill your phone? What about look through your contacts, email and private content? Is there a limit to its functionality?
Historically speaking, very few companies can be trusted to do what is right instead of what will strengthen their bottom line. Apple is NO different.
By simply allowing this kind of functionality, Apple is opening themselves up to scrutiny, risk, and a HUGE PR problem.
And finally, the biggest reason why this is not and never will be a good idea. EVERY piece of DRM, and don’t be fooled, that is exactly what this is, has been cracked. What kind of controls does Apple have in place to keep this kill switch locked down? How long till Joe Hacker down the street finds it and starts abusing it? If Apple’s response to the DNS vulnerability is any indication, which is has been shown, of their corporate position on security and ability to manage risks, then I would be VERY afraid of the chances it gets released into the wild. It is not a matter of IF, it is only a matter of when. Also, again given their response to the DNS vulnerability, who is to say that this function is not bug free? What if some glitch in the function causes any of the previously mentioned?
This is no different than the police having a kill switch for your car or Microsofts newest Digital Manners Management scheme. The bottom line is, who gets to make the decision and how long till it is out in the wild?