Network News

X My Profile
View More Activity

iPhone (in)Security

This blog often takes software and hardware vendors to task when they use security updates as a means of enforcing product loyalty. Media player software makers are some of the biggest culprits here, so perhaps it's fitting that the 800-pound gorilla in this space -- Apple -- should receive a finger wagging for its latest security software update for the iPhone.

The update in question renders useless any iPhone that has been modified (however ill-advisedly) to use non-Apple software to free the devices for use on any wireless network.

I had to delete at least two profanity-laced comments in my previous post about the latest Apple iPhone security update, which were apparently sent in by readers who were upset that I was not calling for Apple's head on a platter for this move.

Let me be clear where I stand on this: I don't fault Apple for enforcing the user agreement that ships with the iPhone, which states that a potentially warranty-voiding step includes "any means other than through software that is provided by Apple for accessing the Service. You agree not to modify the software in any manner or form, or to use modified versions."

This kind of agreement that is hardly unique to Apple. The surest and quickest way to nullify the warranty on just about any commercial electronics device is to monkey with the innards of the product or seek to modify the product's underlying software.

ib2.jpg

Where I differ with Steve Jobs Inc. is the decision to use a security update to exact punishment on customers who dared to challenge Apple's decision to limit its product to one network provider -- in this case AT&T. In effect, the company is forcing some customers to choose between functionality and security, as any iPhone owner who applied the unauthorized modification to make it possible to use the phone on a another network must now avoid updating the security settings altogether -- or else be left with a useless iPhone -- call it the "iBrick."

Meanwhile, iPhone specific modules were incorporated last week into the "Metasploit Project," an open-source suite of tools designed to make it easier to discover and/or exploit previously unknown security holes in commercial software. Ironically, in the name of security Apple may be giving ammunition to its normally fiercely loyal customer base to experiment with ways to break -- and potentially break into -- Apple products.

It seems to me that Apple could have avoided souring its goodwill with thousands of iPhone users while maintaining some semblance of control over the market by simply bundling the fixes with something the company's users actually want, such as the ability to run third-party software applications on the device.

By Brian Krebs  |  October 2, 2007; 11:12 AM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Just How Bad Is the Storm Worm?
Next: Second Credit Bureau Offers File Freeze

Comments

"Where I differ with Steve Jobs Inc. is the decision to use a security update to exact punishment on customers who dared to challenge Apple's decision to limit its product to one network provider"

Until you show proof that SJ was intentionally punishing unlocking hacks you should probably refrain from making such statements. As written, it appears as fact/truth that an intentional punishment was implemented. Whereas it may be true, until proof is provided it remains just a theory (yours and many others as well). The warnings were posted and all the ones I've seen have suggested the update MAY (not WILL) cause damage to altered phones.


"In effect, the company is forcing some customers to choose between functionality and security, as any iPhone owner who applied the unauthorized modification to make it possible to use the phone on a another network must now avoid updating the security settings altogether

What if it was one of the security patches itself that resulted in the "bricking" of the modified phones and not some malicious program added along with all the security patches? If so, then the modified function (in this case - unlocking) necessitates the security problem remain unfixed. So, in a sense, the user has a choice, to keep the function or fix the security issue, but it would not be Apple "forcing" the user to make the decision.

Posted by: (in)secure hacker | October 2, 2007 12:48 PM | Report abuse

Hear, hear

Also, I don't believe the "loyal" Apples bought the iPhone and hacked it. The complainers aren't really even early adopters; they are just people trying to be cool and geek-hip! The iBrick crowd merely wants Apple taken to task because they are sick of seeing Bill and company taken to the outhouse. So, now when somethings wrong I see: Why didn't Apple issued updated software? Well now they did. Why these hackers spent $600 for an iPhone and then hacked it a week later is beyond me. An update was bound to come down the pike sooner or later.

If your iPhone is now an iBrick, go play with your Zune!

Posted by: umm.huh | October 2, 2007 1:10 PM | Report abuse

I have an unlocked iphone and i don't care what steve updates! I bought my phone from apple and if it breaks beacuse of updates then he is responsible. I don't want att and its a shame that I can't fully enjoy the phone that I purchased. Apple would make 5 times the money if they just unleashed the phone or just got their own network, i'm keeping t-mobile and my i-phone

Posted by: Larry | October 2, 2007 1:31 PM | Report abuse

Insecure and hmmm comments are a joke. I wouldn't be surprised if they are somehow affiliated with apple or the iPhone. Its been known to happen with wikipedia and contraversial issues. We can apply the same level to insecure, prove you don't work for apple (obviously its impossible to prove something like this, much like his request is pretty much impossible without seeing code we will never get to view).
Umm comments don't even make sense.

I'm glad to see the VA toolkits incorporating these apple products. People don't realize how big a security risk phones are, and PDAs are worse. The apple phone is a cute toy for people with either too much money, or those that are just drones to whatever Jobs says to buy. In fact I hear there next product already has a huge waiting list.

http://gizmodo.com/gadgets/laptops-pcs/apple/apple-iproduct-029502.php

Posted by: Jon | October 2, 2007 1:31 PM | Report abuse

I am a loyal Apple fan. I have bough numerous MAC products for both myself and graduates going off to college.

I rolled back my iPhone firmware to V1.0.2 and will probably stay there until an opening is discovered.

I like the applications that plugged the holes that Apple refused to address.

I'm OK with not unlocking until my contract with AT&T expires, but supposedly it's legal after the contract expires. It might be helpful on an overseas trip (prepaid local SIM card).

-b-

Posted by: Brewster | October 2, 2007 2:43 PM | Report abuse

As a software developer, I understand that it's very challenging to make devices work properly when they are edited in unanticipated ways. I think it's a bit tough on Apple to say that they should issue security updates that won't break unknown and unspecified third party hacks. If you really are "rolling your own" iPhone, then you should have to download the patches somehow and test them yourself and make them work with your modifications, not force Apple to do so when they don't even have access to the modifications.

I don't work for Apple, don't own an Apple device of any sort.

Posted by: possible? | October 2, 2007 3:59 PM | Report abuse

"... -- Apple -- should receive a finger wagging ..."

Only wag for effect.

Posted by: GTexas | October 2, 2007 5:01 PM | Report abuse

I wish Microsoft would hurry up with the Zune phone, it's supposed to be way cooler. :D

Posted by: Zach E | October 2, 2007 5:13 PM | Report abuse

Hmmmm ...

1 The French banned The Blackberry because they looked at the servers and concluded the NSA might spy.

2 AT&T was a willing partner with the US Government in agressive information aquisition programs brought on by 9/11.

3 Steve wants to make sure his "security" is not compromised. I wonder how many iPhones he sold at 1600 Pennsylvania Ave. ? I wonder how many iBricks are there now ?

Posted by: GTexas | October 2, 2007 5:27 PM | Report abuse

To Jon alias "the paranoid one"

Whereas I cannot prove to you that I don't work for Apple, I can only assure you that I don't. Nor do I have any affiliation with the iPhone. Nor do I have any stock in Apple (although I wished I had bought when the shares were low(er)). I do own an iPhone, though, and I am very content with it as shipped. When I started hearing negative comments regarding the iPhone I thought surely these negative comments are coming from jealous non-Apple fans who could not (or thought they could not) afford the purchase of an iPhone with an ATT contract. But in reading the many comments on the web, I realized that many of these negative comments were coming from those individuals who are used to open platforms and were hoping the same from Apple. Perhaps Ignorance is bliss - maybe I'm happy with the iPhone (as is) because I am not privy to 3rd party hacks. Although I have many ideas of what I would like to see on the iPhone, I am perfectly fine with waiting until 3rd party apps are allowed. Until then, I will oblige the Apple/ATT contract and sales agreement.

With regards to Apples "intent" on bricking modified phones, you commented - "obviously its impossible to prove something like this." Exactly my point. I should have you write my stuff for me. Therefore, when writing an article, it would be wise to prefice your opinions by saying something like - "it is my belief/opinion/theory that..." as opposed to stating it as fact. So, I'm not so sure my comments were a joke, as you wrote, but rather, advice on stating fact as fact and opinion as opinion.

Posted by: (in)secure hacker | October 2, 2007 8:47 PM | Report abuse

(in)secure hacker> With regards to Apples "intent" on bricking modified phones, you commented - "obviously its impossible to prove something like this." Exactly my point.

It isn't necessary to prove something in a blog comment to assert it; it's understood by the context (blog comment) that it is one's opinion.

The particular opinion--that Apple intentionally bricked the phones--is shared by a lot of us who do software engineering and security for a living, for the simple reason that we know from experience that fixing the sort of problems reported in the patch set release should not relate to any code that would tie a phone to a particular mobile phone provider's service. Given that the iPhones will eventually be unlocked anyway, the notion that Apple would happen to accidentally not only break such capability, but actually brick the phone in the process, just doesn't fly: at best it would imply extraordinarily bad design.

It's possible there's overlap in the area of code signing--if Apple tightened up the restrictions on executing unsigned code then the presence of unsigned third-party software might raise an exception. But that shouldn't brick the phone; on the contrary, a corrupt filesystem on the device could appear to be a similar condition and we should expect the device to recover gracefully and simply refuse to load the unsigned code, or prompt the user for action. So even if we assume that the bricking is related to code signing, the most gracious interpretation of Apple's tactic is that they suck; less graciously we conclude that they intentionally bricked the phones.

And it's easy to imagine a rationale for this action: they have a contract with AT&T and they have to show due diligence in protecting AT&T's interests. And the reason a number of us disgusted by this is that, while Apple has had its head stuck up its proprietary, DRM-encumbered butt for quite some time now, the fact that they would negotiate so restrictive a contract with AT&T really hammers home the super-commercial nature of the company. It's offensive to those of us who try to practice free computing to see people supporting a company that is so purely revenue-driven while representing itself in advertisements as some sort of counterculture icon. It's as if the Campbell's soup company announced you were getting a free Andy Warhol original with every can of tomato soup, and it's sad to see so many people--particularly artists, whom we should expect to show strong critical thinking skills--buy into it so readily.

Posted by: antibozo | October 2, 2007 10:23 PM | Report abuse

I believe everyone is missing the point!! If I purchased the iPhone, I own the device, this is given, and yes I have to agree to the software being used on the iPhone. However, does that give Apple the right to disable my purchased iPhone hardware. What if I wish to use a totally different operating system on my iPhone like Linux for example, which has a large development now for cell phones. Does that mean I have no right to my own hardware that I purchased?? Does that mean Apple will willfully disable my hardware because I am not using their software for the iPhone??? I understand about the warranty issue, but if I reject the iPhone software but want the hardware only and load my own iPhone software to enable and use whatever GSM network on the phone does that mean I own the iPhone or does that mean Apple still has rights to my purchased iPhone hardware?? The ultimate question is this, its one thing if the Apple's iPhone software is being altered, Apple should disable the iPhone software only, however, Apple has disabled the whole iPhone instead!! Doesn't that violate the customer's rights to at least own their hardware, regardless if the customer wants the iPhone software or not?? This may be a case for a lawsuit which asked this simple question, does the customer own the hardware regardless of the software, and if the software disabled the hardware and rendered useless, isn't Apple liable for the replacement of the hardware??

Posted by: Anonymous | October 3, 2007 2:50 AM | Report abuse

> Does that mean Apple will willfully disable my hardware because I am not using their software for the iPhone?

They haven't disabled your hardware. It just doesn't work without their software. If you can build your own operating system (obviously a formidable task) and burn it into the device flash (or wherever the OS is stored) I'm confident the hardware will work fine. I assume you'll have to crack open the device to do this since part of the software they've disabled implements the OS flashing capability. But it isn't as if they triggered a physical self-destruct mechanism on the device.

I still think they're bastards, but I don't think your argument is valid.

Posted by: antibozo | October 3, 2007 6:36 AM | Report abuse

The rollout of comments from Apple the few week prior to the bricking, including ominous warnings about 3rd party software, etc plus the DRM war that went on with the iPod as people hacked it, let me know that....Apple takes its contracts seriously. They had explicit contracts with record companies and they have one with AT&T. However, I agree, an upgrade to the OS, or new apps, or whatever, to hold hostage unlocked phones is ok, security is not. That people are maintaining their phones in an acknowledged insecure state is dangerous. That Apple announced a week in advance that this would happen is suspicious.

Posted by: DBH | October 3, 2007 8:24 AM | Report abuse

Anti(?)bozo

"The particular opinion--that Apple intentionally bricked the phones--is shared by a lot of us who do software engineering and security for a living"

I've already acknowledged this point in my first post. And, quite frankly, I am of the belief that it was an intentional implement as well, but note how I prefaced this opinion. You state that it is a blog and "It isn't necessary to prove something in a blog comment to assert it; it's understood by the context (blog comment) that it is one's opinion". I was never asking anyone to prove anything but rather to preface your opinion rather than state it as fact. Furthermore, I don't believe that it matters whether you're expressing your words in a news article, a journal article, a book, a blog forum, or just simple conversation. An opinion should be prefaced as such not because the reader may confuse it as known fact but to realize how inflammatory it sounds to readers who do not share those biases. This was not meant to be a lesson in grammar but rather to promote collegiality in an area of sensitivity where there are obvious differences in opinion as to what a product should (or shouldn't) be.

"It's offensive to those of us who try to practice free computing to see people supporting a company that is so purely revenue-driven while representing itself in advertisements as some sort of counterculture icon." No one is making you buy Apple - you are free to practice "free computing" on other platforms. Additionally, Apple spelled out its intent and limitations in "free computing" from the start. Rather than curse Apple for its intellectual capacity to match that or even surpass that of those of you intellectually-equipped software engineers/developers, consider their efforts to thwart yours as a challenge. Or you could simply go back to hacking the products of intellectually-challenged companies such as Motorola, Palm, etc (being facetious here), but then that would not be as satisfying. I support Apple not because they are "purely revenue-driven" (again your opinion which may be true and if so where is the problem in that? Imagine, a company who is in business to drive revenue!) but because I believe (again my opinion prefaced) that Apple makes a superior product. I support the products that are useful to me. I'm disappointed that this offends you. I hardly think they are "purely" revenue-driven as they do seem to make very nice user-friendly products, which would qualify them as interested in the end user (perhaps not you developers/hackers) as well as, but not purely, in revenue. Because you took the time to write a thorough and well-written response, I have to believe that you too think Apple has a pretty good product in the iPhone which would also make it worth your efforts to try and hack it. Good luck. Disclaimer: no affiliation with Apple, just enjoying the banter.

Posted by: (in)secure hacker | October 3, 2007 12:06 PM | Report abuse

People are freaking out for no reason, all that needs to happen is when you get that dialog box that says, "Would You like to Update Software?" You just say no, or even better, wait until someone hacks the update to update your phone, then install the new hack. Simple eh?

Posted by: BLOGZILLA | October 3, 2007 7:43 PM | Report abuse

Apple takes it contracts seriously until they wish to exact revenge on someone. For example the NBC/iTunes debacle. After NBC decided to not renew their contract which expires in December, Apple publicly stated they would not sell any new episodes of NBC shows, even though the contract lasts through December. Apple of course has now retracted that position and is offering new episodes of NBC shows on iTunes until the contract expires. Apple takes the high road when it's profitable for them. That's all, just another greedy monopolistic megacorporation. Same story that's been told for years.

Posted by: deeezl | October 3, 2007 8:03 PM | Report abuse

I think Blogzilla really hit the nail on the head. Why would those who chose to use third-party hacks expect Apple to look after them? They should be looking to those same third-parties to protect the viability of the product which they hacked with the third-party software. That is who has the moral responsibility to ensure that the product will continue to work in a secure fashion. And that is true whether the third-party product was free or not. They got their users into this mess, they should get them out by, as Blogzilla said, hacking the update, or whatever it takes.

Posted by: AmusedbyDebate | October 3, 2007 9:12 PM | Report abuse

insecure hacker> I don't believe that it matters whether you're expressing your words in a news article, a journal article, a book, a blog forum, or just simple conversation. An opinion should be prefaced as such...

Feel free to adhere to that advice. The rest of us will follow our own style guides, thank you very much. In practice, I think you'll see there's not really a problem.

insecure hacker> This was not meant to be a lesson in grammar

Clearly, since your prescription has nothing to do with grammar.

insecure hacker> Imagine, a company who is in business to drive revenue!

Imagine, a company that doesn't pretend it's about choice when it's really about giving up all choice.

Obviously I don't care if a company is purely revenue-driven; I do care if a company lies to me. I care more that people don't mind being lied to, and will actually shell out lots of money to a lying company for "iLife". It's pathetic, but I guess some people need to buy prepackaged lives from a price-controlled store that looks like the set of a Kubrick film.

insecure hacker> Rather than curse Apple for its intellectual capacity..., consider their efforts to thwart yours as a challenge.

I consider their efforts derivative and mostly irrelevant, actually, and I wouldn't waste a curse on them. The people I'm really disappointed in are the sheep who fall in line behind them.

insecure hacker> I have to believe that you too think Apple has a pretty good product in the iPhone

I don't hack on the iPhone, and I don't own one. Having used one, however, I find exactly one thing clever about it: it has nice zoom-in and -out gestures made possible by a multiple-touch screen. Otherwise it isn't fundamentally different from a number of other devices. And while it sports a nice large screen, it lacks a keyboard, which pretty much cancels that out for me.

Posted by: antibozo | October 3, 2007 11:04 PM | Report abuse

AmusedbyDebate> Why would those who chose to use third-party hacks expect Apple to look after them?

They don't. They're merely disappointed that Apple went out of their way to punish them. Not looking after them would have meant the hack would have stopped working, not that the phone would be vindictively transformed into a doorstop.

Isn't that, like, totally clear by now?

Posted by: antibozo | October 3, 2007 11:10 PM | Report abuse

The iPhone as it is right now is doomed to fail if device makers play it smart. All they have to do is capitalize on Apple's blunders and release an iPhone copycat that you can use on any network and can install whatever applications you want in it. Palm, Nokia, RIM and Motorola would be really stupid if they're not working on something like it right now. LG is getting really close.

Posted by: Somebody | October 4, 2007 2:14 AM | Report abuse

I'm not so concerned in the instance because unlocking an iPhone is so extremely detrimental to Apple's business plan. I think most people have little sympathy for hackers who wanted to be on different networks. I do think Apple should help these people get back on the right track rather than forcing them in this way. Adding another feature along w/ the security fix would have been a much more positive way to do it - I couldn't agree more.

Posted by: Dan | October 4, 2007 9:57 AM | Report abuse

Whoah!

antibozo, you are becoming dangerously close to showing your true colors.

I thought, initially, that I was dealing with a semi-intelligent blogger but your latest post suggests just another individual who has an axe to grind with Apple.

You might want to change your code name to anti-Apple or just simply go with bozo.

You've managed to take the fun out of this bantering. But allow me to press on... I just can't help myself.

Let's begin with the "obvious"

"Obviously I don't care if a company is purely revenue-driven." Obviously? Maybe you should actually read your posts prior to sending them. "I do care if a company lies to me." I think you're being slightly egocentric here. I don't think Apple specifically lied to you. And it just might be possible that they haven't lied to you at all but, instead, maybe you have misinterpreted their advertisement leading you to believe they misled you. Nonetheless, be that your belief, can you provide the name of a company who hasn't lied to or misled the public? "I care more that people don't mind being lied to, and will actually shell out lots of money to a lying company." Really? I'm assuming you are considering me as one of the people who don't mind being lied to. If so, I'm touched that you care for me. "I consider their [Apple] efforts derivative and mostly irrelevant, actually, and I wouldn't waste a curse on them." If you mean by derivative that Apples efforts are unoriginal then why are you getting so bent out of shape? The fact that you've invested time and thought on responding so emotionally suggests that you don't find their efforts irrelevant at all. In fact, I think your entire response represents more than just a curse toward them. But I'm sure you don't care what I think... but wait, you said above that you do care for me. "I don't hack on the iPhone, and I don't own one." Then why would you waste your time reading and responding to blogs about the iPhone? I guess this takes us back to the possibility that you have an axe to grind. "Clearly, since your prescription has nothing to do with grammar." What? My prescription? I wasn't writing a prescription. Nonetheless, did you mean to say my prescription "lacks" grammar? Maybe my initial post was a lesson in grammar after all and perhaps you should look into it. Finally, "The people I'm really disappointed in are the sheep who fall in line behind them [Apple]." The flock goes with the shepherd who brings them where the feeding is abundant and as long as that feeding is Apples that's where I'm heading.

Posted by: Sheep alias (in)secure hacker | October 4, 2007 11:57 AM | Report abuse

Sheep> You've managed to take the fun out of this bantering.You've managed to take the fun out of this bantering.

Clearly, since your ad hominem attacks have escalated from subtle to overt.

Your post is meandering, vague, and generally off-topic, but I'll respond on a couple of points for clarity, since you've gotten yourself all tangled up in confused misinterpretations:

Sheep> can you provide the name of a company who hasn't lied to or misled the public?

Not offhand. Why? Would that diminish Apple's mendacity?

I will say I can't think of any other company that lies to me as many times per day during the TV shows I happen to watch. As a note of appreciation, however, I'll say I do enjoy the Feist ad, but I'm not planning to buy an iPod. Maybe I'll buy her CD though, from Amazon.

Sheep> I'm touched that you care for me

That's very sweet. But read it again. I wrote: "I care more *that* people don't mind being lied to..." I.e. I don't care [necessarily] about the people; I care about their lemming-like behavior.

Sheep> Then why would you waste your time reading and responding to blogs about the iPhone?

This is a blog about computer security. This posting relates to the security of the iPhone. I couldn't care less about the iPhone itself; what I sometimes comment on are issues where security affects people--in this case, Apple's corporate decision clearly demonstrating their avaricious, anti-user attitude, and, as an aside, the cognitive dissonance of their ad campaigns.

Sheep> I wasn't writing a prescription.

I think you need to look up the word "prescription", viz your statement: "An opinion should be prefaced as such". Here, let me help you:

http://dictionary.reference.com/search?q=prescribe&x=0&y=0

Posted by: antibozo | October 4, 2007 1:40 PM | Report abuse

One thing you guys are forgetting is that ATT subsidized part of the cost of your phone. Why shouldn't they want you to stay on their network? Its almost like you are renting the phone for the 2 year contract and then own it at the end. They have an obligation to keep their software secure. You also have an obligation to keep your software secure. Tough luck if you cheated ATT.

Posted by: Anonymous | October 4, 2007 8:19 PM | Report abuse

> One thing you guys are forgetting is that ATT subsidized part of the cost of your phone.

No one is forgetting that. But Apple could easily have funded the whole thing on their own. They were just greedy and took money from AT&T at the expense of their customers' best interests.

Posted by: antibozo | October 4, 2007 8:30 PM | Report abuse

antibozo, come on now. You certainly are not helping your cause with responses such as these:

"Apple could easily have funded the whole thing on their own. They were just greedy and took money from AT&T at the expense of their customers' best interests" How is wanting to keep their software secure not in the best interest of their customers?

"I will say I can't think of any other company [Apple] that lies to 'me' as many times per day during the TV shows I happen to watch." You just continue to reinforce my opinion that you're nothing more than an irate Apple-hater. Or, maybe you just watch entirely too much tv. Again, your egocentricity is overbearing - maybe these advertisements are not directed at just 'you'.

"....Apple's corporate decision clearly demonstrating their avaricious, anti-user attitude, and, as an aside, the cognitive dissonance of their ad campaigns." See my response above.

"Clearly, since your ad hominem attacks have escalated from subtle to overt." Did you really expect me not to retaliate to your "overt" attacks? Ad hominem - really? After I just accused you of the same in my previous post - you could have been slightly more clever and attacked me on another level.

"Your post is meandering, vague, and generally off-topic..." Oh come on now. If you read my post beyond your emotional reaction you will find that my post is written as: your quote followed by my response - as I'm doing here. Hardly meandering or vague and if off-topic - well, this sheep is just following your lead.

"This is a blog about computer security. This posting relates to the security of the iPhone. I couldn't care less about the iPhone itself; what I sometimes comment on are issues where security affects people" Really? The only thing I'm seeing from your postings is your disgust with Apple and the iPhone, not one comment, or recommendation of how Apple can "clean up" their security issue. Also, I find it at odds for one to be in favor of "practicing free computing" while claiming to do software security for a living (I'm particularly interested in your response to this one).

"I think you need to look up the word "prescription", viz your statement: "An opinion should be prefaced as such" Gee, thanks for the lesson (and link). I hope you are not using such websites to help write your commentary so as to impress the readers with your vocabulary. My statement is not 'my' rule - it's part of that taught in English and debate forums. So my statement, while maybe didactic, is certainly not 'my' prescription.

Posted by: Anonymous | October 4, 2007 9:47 PM | Report abuse

> How is wanting to keep their software secure not in the best interest of their customers?

That's a non sequitur. Apple's exclusive deal with AT&T has nothing to do with keeping their software secure; it's about making a buck.

> maybe these advertisements are not directed at just 'you'.

Duh. I never said they were. But I am one of the people the ads are directed at, and I speak for myself. What would you have me say? Whom should I say Apple is lying to, if not me? Haven't you ever heard of "I" messages?

> The only thing I'm seeing from your postings is your disgust with Apple and the iPhone, not one comment, or recommendation of how Apple can "clean up" their security issue.

In that case, you clearly haven't been reading my posts. I strongly suggest you go back and read carefully before commenting further--every one of these claims is a misreading of what I've written.

> Also, I find it at odds for one to be in favor of "practicing free computing" while claiming to do software security for a living (I'm particularly interested in your response to this one).

My response is to wonder where you think the conflict between these objectives might lie. I suggest you read up on the following people before continuing on this tack: Richard Stallman, Eric Raymond, Linus Torvalds, Bruce Schneier.

> My statement is not 'my' rule - it's part of that taught in English and debate forums. So my statement, while maybe didactic, is certainly not 'my' prescription.

It certainly is yours in the sense that you would follow it, and would have others follow it too, albeit unnecessarily. Or would you say that "open the door" is not "my" command because someone else said it before?

Posted by: antibozo | October 4, 2007 10:30 PM | Report abuse

One thing you guys are forgetting is that ATT subsidized part of the cost of your phone. Why shouldn't they want you to stay on their network?

WHAT? Seriously? That's so far from the truth. How did someone else agree with this statement? AT&T didn't subsidize anything. That was a big thing. Apple set the pricing and AT&T could not offer discounts for signing a contract. Other phones you get a certain amount off for a 1 year, and more off for a 2 year contract. The iPhone pricing is set by Apple. That needed repeating. You guys remember the whole with Apple dropping the price $200 just 68 days after the launch? Yeah, that's the $200 dollars you normally get off with other smartphones for signing a 2 year contract. Apple sets the pricing on the iPhone. Repetition works.

Posted by: Flabergasted | October 4, 2007 11:41 PM | Report abuse

Flabergasted> Apple set the pricing and AT&T could not offer discounts for signing a contract.

Yes, Apple, like Sanrio, likes to fix prices. And AT&T needs Apple to price-fix the iPhone because then they don't have to offer discounts to consumers, enough of whom want an iPhone so badly they'll pay full price for it and commit to AT&T for two years. Meanwhile, AT&T charges a limited margin on the hardware and kicks back a percentage of the monthly contract fees to Apple in exchange for the right to be the exclusive carrier, also known as a subsidy (to Apple, not the consumer).

Or at least that's what I got out of three minutes of googling. Did you think that Apple would give AT&T an exclusive carriage contract just because they have a cute logo?

Posted by: antibozo | October 5, 2007 12:15 AM | Report abuse

Come on. The entire wireless industry operates like this. Bluetooth is crippled to only do voice and not file transfers. You have to get your crappy games from your wireless carrier for $10 instead of free from a 3rd party. kudos to those that know their property rights. Dart to companies that make customers choose between security and applying their property rights.

Posted by: ugh | October 5, 2007 12:22 AM | Report abuse

Can't we all just get along?

Posted by: Pete from Arlington | October 5, 2007 11:13 AM | Report abuse

If Apple had handed me that user agreement when I bought my phone two weeks ago at the Apple Store, I would have had to refuse their phone then.

I have never seen the user agreement until looking at the Apple link provided in this article.

As far as I'm concerned, for international travelers this phone is a very bad deal IF you are forced to use it according to Apple's and AT&T's conditions. Because doing so can easily result in excessively high roaming charges.

If you do as I did - never activated the AT&T service, and unlocked it for use on other networks, then it can be a more useful but less secure tool.

But for the way it stands now, all the Apple iPhone is useful for is a direct connection to your cash.

Since I was not able to return the phone to Apple within their 14 day return window, I'm sure at some point I will become a party to the class action suit against Apple for the draconian policy they have instituted against consumers.

Given the current political climate I don't expect much out of that action, but hopefully one that may give us the ability to unlock the phone and still have it covered by the Apple warranty.

The same as any phone I've purchased in the EU.

Posted by: Richard | October 5, 2007 2:30 PM | Report abuse

I've been reading these comments and I'm overwhelmed by the sheer idiocy of some of the posts... Simple is as simple does.

If You bought it... you knew that Apple locked it onto a network... If you didn't know... You're stupid and have too much money.

If You hacked it... you knew you were voiding your warranty and the software agreement... If you didn't then at best you're ignorant.

The phone was locked onto AT&T because that was the agreement to get the kind of service Apple envisioned for it's phone... Don't like it?... Don't buy it.

If you hacked it... Don't be stupid enough to think that if you click OK on the "update" dialogue...that it will work... If you're stupid enough to think that... Then you should be sterilized. No reasonable human being should expect anything that has been modified from factory specs to be supported in any way by the OEM... Don't believe me?... Try it with your car.

If you're unhappy with the phone... Put it on ebay!

Posted by: thefoureyes | October 5, 2007 6:49 PM | Report abuse

What's even more impressively stupid are people who don't understand the difference between "not supported" and "bricked". Suppose you installed a non-OEM part in your car to get performance outside spec, and the next time you took it to the dealer for an oil change they wiped the car's computer program, effectively killing the car. Would that be an acceptable interpretation of "not supported"?

Posted by: antibozo | October 6, 2007 1:24 AM | Report abuse

thefoureyes: Well said.

Antibozo: "Suppose you installed a 'non-OEM part' in your car to get performance outside spec, and the next time you took it to the dealer for an oil change they wiped the car's computer program, effectively killing the car." I wasn't aware that 'non-OEM parts' were being replaced on the iphone by such hackers. The mere fact that a car requires an oil change points out the difference between a car and an iPhone - ie moving parts. So I suppose your analogy fits if someone were to have hacked the iPhones home button, mute and sleep/wake toggles, or volume control buttons. Now if the individual hacker of his/her car was to have 'hacked' the computer system of the car and the dealer installed an upgrade to its computer system at a routine oil change (a much closer analogy), then any inconsistencies between the hack and the upgrade MAY 'effectively kill the car' as the dealership is under no obligation to check for or circumvent such hacks.

As for one of your previous posts...

Antibozo: "I will say I can't think of any other company [Apple] that lies 'to me' as many times per day..." Rebutal: "maybe these advertisements are not directed at just 'you'" Counter "Duh. I never said they were. But I am one of the people the ads are directed at, and I speak for myself. What would you have me say? Whom should I say Apple is lying to, if not me?:" Uh, Ok Charlie Manson (or do you prefer Richard Ramirez?), perhaps you could have used "...to us" or "...to the public" or "...to its customers" or you could have simply left it (to me) out. But you didn't. And this is not the first time you've paraded a self-centered posture in your posts. That and your voracity to impress upon us (at times and certainly not your last post) your vocabulary, which suggests a sort of elitism, led me to the conclusion of egocentricity.

Re: anti-Apple sentiment. "In that case, you clearly haven't been reading my posts. I strongly suggest you go back and read carefully before commenting further." Ok - I've re-read your posts and my conclusion has not changed, I still see a bitter Apple-hater. But I'm sure you were responding as to the security concern. My comment was directed at the point that there was nothing different in your posts that weren't already touched upon in your original article above. Oops, was I just suggesting that you may be the (bitter) author of this article? No matter you and the author share a similar stance.

I appreciate your tutorial on English diction (re: prescription): "Or would you say that "open the door" is not "my" command because someone else said it before?" The qualifier 'Please' preceding the phrase "Open the door" alters the tone from that of a command to a plea. Similarly, substituting 'is required to' for 'should' in the phrase "An opinion should be prefaced as such" alters the tone from one of suggestion to that of a command. I'll admit, it is sometimes difficult to discern tone in writing, but my intention was to be suggestive, in fact, at one point I mentioned it was advice, but certainly not a command, or prescription as you say. If you read my initial posts carefully you will get a sense of my suggestive, not commanding, tone. But, if you are the author of the above it may be difficult to distance yourself from this not so subtle distinction.

Posted by: (in)secure hacker | October 6, 2007 8:35 AM | Report abuse

insecure hacker> The mere fact that a car requires an oil change points out the difference between a car and an iPhone - ie moving parts.

I guess that point just sailed right past you. Yes, there are many differences between a car and an iPhone--size, weight, elemental composition, manufacturer, sex appeal to name a few. The point has to do with how companies support their products. You've already agreed that the code that bricks iPhones is unrelated to the actual security fixes, so your argument is inconsistent with your own stated position. A moving car part is equally unrelated to the car computer, and, on a broader scale, a car is, after all, an analog computer of which the digital control system comprises one component.

If this is too fine a distinction for you, simply leave the car computer out of it: suppose you installed a non-OEM part in your car to get performance outside spec, and the next time you took it to the dealer for an oil change they removed the crank shaft and left it in the trunk, effectively killing the car. Would that be an acceptable interpretation of "not supported"?

Again, the remainder of your posting is entirely off-topic, and I'll confine my response to a couple of items for the sake of brevity:

insecure hacker> or you could have simply left it (to me) out.

Or I could simply continue to write clearly, and expect people to respond to the content of my writing rather than make off-topic editorial "suggestions". Your postings, rather than addressing the point at issue, wander off onto ad hominem attacks on my purported personality defects, vocabulary-based elitism, et al. This suggests that you're having difficulty making your case on its merits, as you may have learned in an debate forum somewhere.

insecure hacker> The qualifier 'Please'... alters the tone from that of a command to a plea

Again you've missed the point. I was responding to your assertion that the command, guideline, suggestion--whatever you wish to call it--was not "yours" because it is "taught in debate and English forums". You can quibble all you like over what to call it; I really don't care. It's still *your* prescription, in that you would have the rest of us write according to a style you prefer. And the prescription is entirely irrelevant since, as I stated earlier, the context as blog comment establishes automatically that the writing is one's opinion.

Here's a counter-suggestion: if you wish to maintain a collegial atmosphere (as you claim you do), behave in a collegial manner--refrain from giving people off-topic style instructions, calling other posters by pejorative names (e.g. "bozo"), and making absurd characterizations about other posters' personalities based on your faulty analysis of their writing style in a particular blog. Try to remember what you learned in those debate forums. Oh, and read up on the concept of psychological projection. Here, let me help you:

http://en.wikipedia.org/wiki/Psychological_projection

Posted by: antibozo | October 6, 2007 2:53 PM | Report abuse

@(in)secure hacker: don't lecture journalists you pompous ass.

Posted by: Xune | October 7, 2007 3:51 AM | Report abuse

Oh, one other thing:

insecure hacker> But, if you are the author of the above it may be difficult to distance yourself from this not so subtle distinction.

If you're referring to the blog article itself, that was clearly attributed to Brian Krebs, who writes all the SecurityFix articles, and speaks for himself. I can't imagine why you should think we might be the same person, especially if you've been paying any attention at all to writing style.

Posted by: antibozo | October 7, 2007 3:06 PM | Report abuse

I received an iPhone from my daughters--the 8 gig $600 version--only to discover that AT&T's coverage doesn't extend to my home. The phone is useless. I cancelled my AT&T contract successfully, but since I received the iPhone as a gift more than 14 days ago, I can't return it. I'm a long time Apple-hugger, but this is sad. I have an expensive brick without any hacking on my part. Apple is losing it's appeal to me.

Posted by: Paul Christy | October 12, 2007 1:09 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company