Slashdot Mirror
TPM Security Chip For Your Cell Phone
pete314 writes "The Trusted Computing Group has unveiled that it is working on a mobile version of its TPM security chip. It should prevent the phone world from being hit by the same virus and hacking issues that face computers. However, the EFF is not amused, stating that the chip will be used for DRM, and could even limit which software the owner installs on his cell phone."
I want to be able to install my own applications.
etc.
Reminds me of that episode of the Simpsons:
Abortions for all.
*crowd boos*
Very well, no abortions for anyone.
*crowd boos*
Hmm... Abortions for some, miniature American flags for
others.
*crowd cheers*
In my opinion, a phone is a tool. I don't ask screwdriver makers to make blank drivers so I can whittle my own philips head. If I need a tool with more features I will buy it, I don't want to worry about installing or developing my own tools. Meet me. Joe Consumer.
Jesus saved me from my past. He can save you as well.
The mpx200 had a software lock that required all code to be signed with a digitall certificate.
There about a gaziallion guides on how to flash your firmwware and get rid of it.
if this chip comes out you can be sure of the fact that people are going to break open their phone and pull that sucker out.
perpetually dwelling in the -1 pits
It seems a logical next step for this to be used to only allow certain installs. After all, the carriers have long-since wanted you to *only* install stuff you pay them to download. I mean MP3 ringtons are just that-MP3s (short, 32Kbps ones even), yet you often can't transfer them simply by USB, you need to pay the carrier $3 for them.
So, why would it be surprising that the carriers would want yet another layer of hardware/software protection to ensure that this golden revenue stream is the only way for people to add games/ringtones/wallpaper etc?
"Reality is merely an illusion, albeit a very persistent one " -Albert Einstein
Newsflash: Phones already have DRM, it's a lot harder for the average person to bypass than a computer, and phones already limit what applications can be installed, or what they can do.
These systems are a two edged sword. The more open a system is the easier it is for malicious developers to exploit them. We could easily end up in a situation where in the name of securing systems the big players will lock out smaller players from the market by digitally controlling what applications are allowed to run on these systems. We may be on the dawn of an age where real monopoly's in computing are about to develop, where start-ups face real physical barriers that stop them from entering a market.
The scariest part about this is, consumers will probably go for these systems as they will be hassle free, safe and free of worry. The only worry consumers will have is that the content of these systems is not only controlled for their own protection but also controlled to limit what they can and can't do, for alot of people I think the costs will be outwayed by the benefits.
They already limit cell phones. At my last job we got Motorola T720 cellphones form Alltel. One of the features that wow'd everyone was the ability to play MIDIs for ringtones. So they all wanted custom ringtones (I personally just use a phone ring sound). They also wanted custom backgrounds (it only had a few). So one guy got a data cable so everyone could upload stuff. Er, wrong. None of that kind of stuff was accessable. It was basically only useful for transfering numbers and using it as a modem if you had a data package. You had to purchase new wallpaper and ringtones via the store. Same for games,
Ended up having to search the net and find some utilities to hack it. Even if you got a utility to directly access the file system and added something, it wouldn't be usable on the phone, you had to alter data files. It was quite clearly a deliberate lockout.
With this sort of thing, they'll just step it up to the next level.
... all I needed to be reminded not to forget the cover sheet of those TPS reports!
My only concern with future phones is the prevalence of ads. I block any and all ads I can on the internet, both with a large hosts file and Firefox's AdBlock extention. I'll go nuts if I can't bar proximity ads from worming into my phone, like this.
This is what Verizon does with all of its phones. It cripples them so it can make the maximum amount of money selling the same functionality back to the customer. Case in point - the Motorola V710.
The death of DRM is imminent. It might take some time... but it'll come for sure.
Picture this - all mobile manufacturers will start shipping DRM enabled phones. Manufacturers will tie-up with content providers, and most of the content being provided will be DRMed.
After a sizeable number of consumers are stuck with DRMed schmuck which makes them pay $$$ for every time they press a button on the phone... there'll be a HUGE demand for a non-DRMed phone.
At that point of time if any company comes up with a non-DRMed phone with enough non-DRMed content to make the consumer moderately happy - it will strike gold!
For this to work - consumers need to unhappy about DRM... that's almost like a social revolution - and revolutions take time!
Nandz.
And what happens when a TPM-enabled application turns out to have a security flaw, and a worm targets it?
TPM won't protect you from viruses and worms. The idea it will is just one of Microsoft's lies. What TPM means is that when viruses and worms strike, the viruses and worms will be able to do things-- like lock away your files for ransom in the "copy protected" part of the hard drive-- that you will be literally unable to fix.
For anyone who has bothered looking at the TPM spec, it states that there's a Mobile type among the platform specific structures.
This has been in the publicly posted spec since 1.2...several months now. Guess no one reads the spec.
I'm a girl, you insensitive clod!
http://en.wikipedia.org/wiki/Woman
Im going to be pounced on for this, but I want security on my mobile phone, as much as humanly possible. The potential for me to lose money through an unsecure mobile phone is a lot more than that of a desktop or laptop computer since you cant unplug a mobile phone after use. It would be trivial to have an app dial a premium rate number on an unsecured phone, running up bills of hundreds of pounds or dollars and that is something I cannot afford to have and if TPM or DRM can prevent that, then Im willing to allow it in that environment. TPM has its place, and this is it - protecting me.
Plus the meddlesome way they inject a "need" for TCPM on phones that - in the case of GSM - already contain a smartczard.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
It should prevent the phone world from being hit by the same virus and hacking issues that face computersm ote_attestation
Miracle ! You put a DRM chip and then suddenly, the numerous OS and application bugs exploited by crackers and viruses disappear !
The only new thing provided by a TPM is "remote attestation", and I call it Big Brother.
http://en.wikipedia.org/wiki/Trusted_computing#Re
where's this leading?
It must be leading to a secret plot for world domination by Microsoft... or the conclusion that you've fabricated a bunch of nonsense to jack up your karma.
Hell. The only reason I ahve a cellphone is so I can SMS and call people. As such, if the independent software market for cellphones is killed off in its entireity, boo hoo.
The PC is an open platform, mobile phones are highly proprietary, the design, the chips, the OS, the software is custom created and highly controlled by the manufacturer so I don't see DRM as a big issue in this case.
Deleted
the article a day or two back that showed that there are NO viruses in cellphones
and that it was merely a hoax by symantec?
it may have been on techdirt.
Oh, they needn't bother then - WAP already does a stellar job of limiting software downloads by dint of gradually eroding the soul until you give up and just pretend that you're playing that $4 copy of space invaders you just spent $20 trying to find whilst staring at a rotating hourglass. You even get the RSI from typing in the URL - it's the full experience right there.
this was down to the phone company to decide to implement. for example, on the Orange SPV C500 (an HTC typhoon running Windows Mobile 2003), they had an application lock of this sort. It doesn't stop all apps installing: just ones that write to protected areas of the registry. This can be a good thing: it stops Joe Punter screwing up his phone and Orange having to fix it. To get code to write to these protected areas, the developer either has to get it certified, or the user has to unlock the phone - which implies they know what they're doing.
FWIW, the Orange developers site gives you a free OTA (over the air) unlock via their webpage.
and the overheard ads return... asshole.
So now they're thinking about including more DRM on mobile phones. What's next, DRM on toasters, so you can only toast Microsoft-approved bread?
DRM on refigerators, so you can only drink beer that has been approved by your local beer manufacturer?
If I hadn't been modded down, you'd be reading this right now.
I posted this already, many times. But regardless, I am going to repeat myself.
I simply do not accept to pay when buying something with DRM as if I were buying it but am in reality RENTING IT.
By that I mean that if I BUY an apartment, then I am allowed to paint the walls the color that pleases me because it is MINE, I own it and can do as I please with MY apartment. However, if I RENT an apartment, then I must ASK the OWNER of the apartment for his/her permission to paint the walls. If I own it I do not need to ask, it is mine to do as I please. If I rent, then it is NOT mine and I must ask the REAL owner.
Now, with DRM, I am paying like I am buying, I am told I am buying, but the reality remains I still have to get someone else to give me permission to do as I please with my device. And if I have to do that, then I do not feel like I am the real owner.
9/11: Never forget it was a false-flag operation
I think you've hit the nail on the head.
The DRM fits the "customer is a schmuck from whom we suck our pound of flesh, one ringtone at a time."
The phone companies are living and dying on their ringtone money these days, right? I can imagine that smart folks said, "well, if the phone guys want a long-term micropayment system, let's just load it up with DRM, and then they can suck to their cold-hearted heart's content."
It got me to reflecting that the average Linux hacker couldn't be more put off by DRM, other than to say to them: sorry guy, you can't load programs on this secure hardware. At all. No opting for a "reduced content experience" --- our way or the highway. And no specs for you either, you tricky hacker.
But then, as I said, phones are for schmucks. There are about 2 billion more potential phone customers than phone+PC customers. The phone is where it is at. PC's are not a growth area.
Some schmuck living in Xinjiang province who scrapes together money to get a phone doesn't give a hoot. Neither does some shepheard in Tajikistan. Or some guy in Lesotho -- he just needs a phone. And if ringtones cost a bit more, whatever.
http://www.thebricktestament.com/the_law/when_to_
``These systems are a two edged sword. The more open a system is the easier it is for malicious developers to exploit them.''
It all depends on how it's done. A chip that prevents the device from running any software not approved by some corporation protects against malware no better than a system which only runs software explicitly approved by the user, except in case of trojans. Add some sandboxing that only allows software to access resources that the user explicitly enabled access to, and you have a pretty secure solution, whether the user or some corporation controls it.
On the other hand, a solution controlled by a corporation offers far greater potential to abuse by that corporation. I, personally, don't trust any corporation to not abuse the power given to them.
There is one more point I'd like to address, and that's user friendliness. Obviously, it's easier to have some organization make decissions for you than to have to take them yourself, especially when it gets down to the level of which operations a piece of software is allowed to perform. I have two things to say about it: first, there is a possibility to let multiple organizations package software with some default settings (which could be customized by users). Users could then decide to trust some organizations to have made the right decissions for them. Secondly, practice shows that holding usability over security usually backfires; think about easy execution of code from the network, automatic opening of email attachments (even images), having services running by default, running as root, etc. etc. etc.
Please correct me if I got my facts wrong.
Meanwhile:
The Trusted Computing Group has unveiled that it is working on a subdermal version of its TPM security chip. It should prevent the human world from being hit by the same virus and hacking issues that face computers. However, the WHO is not amused, stating that the chip will be used for DRM, and could even limit which books, music or films the owner can enjoy, as well as build statistics on every individual.
sonic mr.Spike
If they start putting trusted (or rather threatherous) computing on mobile phones, they'll start doing it with cumputers too. Joe consumer will buy the computers and there arent that many processor chip makers out there, there will be less and less non-trusted computing chips around. At first they will be breakable or allow (free like in speech) open source software to be run. Later gradually options of open source software will run out, and it will die. Leaving they hard- and software industries free to ask whatever price they wish for there heavily encumbered and restricting products. And companies and goverments are able to censor the internet. That's the worst case scenario. I think its posible, since theoretically trusted computing seems unbreakable to me. Dont buy trusted computing, or (the much less frightening) DRM-ed products. Even if it means your stuff wont be compatible with other people. (or rather as a reason PS Why doesnt all the whitespace work... the \n (enter button) doesnt.. its lame text doesnt read easily this way.
It's called:
"Verizon Wireless".
You were mistaken. Which is odd, since memory shouldn't be a problem for you
i mean, is there such a thing as a totall open cell phone? i know there are phones that run linux, but do they have the code onboard for all the interface magic?
.. especially if there's a chance i can do telephony style apps on it. but i'm willing to bet, there just aren't phones out there that support this, and probably never will be ..
are there open Cell-radio drivers?
i'm about to get a new phone, i'd certainly love to have one i can write my own code for
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
go here for a movie which describes how TCPA works: http://www.lafkon.net/tc/
Please someone explain me how can a so called "secure" storage chip make bug exploits disappear ? Especially when these are OS bugs.
On the other hand, if you want to try aonther OS with less bugs (and less DRM) the "remote attestation" of the TPM will warn your telco and your phone will be shut.
Cell phones are already wildly restrictive. That you could use a chip to limit what can be done on a cell phone is hardly new or interesting..
The truth about Scientology, Xenu, and you: Operation Clambake
You know, for a technology that's starting to be quite wide-spread, it's amazing the amount of mis-information spread about trusted platforms -- by both the pro and the con side.
I've worked quite a bit with the technology, and it's not all THAT complicated.
Over-stating what a TPM can do is common from the pro-trusted computing industry. Statements like "It should prevent the phone world from being hit by the same virus and hacking issues that face computers" are just ridiculous (I saw a press release one time that claimed they'd protect people from phishing too!).
Simply put, a TPM does nothing -- nada, zilch -- to prevent viruses or external threats that you can't do in software with no hardware trusted platform additions. OK, you might make the argument that you're just adding another layer for defense in depth, but how about making the software better in the first place?
The only -- yes, only -- extra capability given by a TPM is the ability to protect from local attacks. Meaning attacks from people with physical control over the hardware. Now before the "anti" side runs off and raves about how the TCG is trying to take over their computer, keep in mind that (a) it's optional and (b) there are applications where this makes complete sense. Ignore the DRM side of the issue, and there are still good applications. Imagine playing on-line games and having some assurance that your opponents aren't using hacked up clients that allow them to cheat. Imagine connecting to a peer-to-peer network where the peer you're connecting to can give assurance that it's not a hacked, fake RIAA node. For the cell phone, the obvious point is that it makes cell phone cloning exteremely difficult. None of those are bad things.
If you don't like DRM, then don't accept stores or software that enforce it. And don't mistake every single issue as content providers trying to restrict what you can do.
I just had an idea for a worm or virus that would install itself, run for a day, call everybody in your phone book with a pre-recorded Spam message and go to sleep until the next time it was 'needed.'
Yeech. What an imagination I've got.
The key is 'your phone book.' Then again, it would be trivial to have it email a message containing your phone book to a central location and come up with a map of 'who knows who.'
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
They can enforce through hardware locks things like network locking (if you want to use your phone on another network, you have to pay us to get the signed unlock module), picture transfer (if you want to transfer pictures, you have to go through our system), ringtones etc etc.
Although the real answer is simple, dont buy phones with this stuff in it.
In about two minutes, after every cell phone walking past goes off, people would figure it out and find a way to fuck with the instalation, fuck with the installer and, finally, wreck the equipment.
The WORST part of "Minority Report" was the store Tom Cruise went into after he got his eyes replaced (and that kept mis-identifying him.)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Sure, you could remove the DRM, but then you get arrested under the DMCA, the Feds realize you were hacking a phone (which obviously means you were planning to modify it to trigger a bomb), you get accused of being a "ter'rist," and get shipped to Gitmo.
How many people do you really think will risk that?
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
In my opinion, most people are tools.
I have a Nokia 6620 on the Rogers Wireless network here in Canada. That phone comes with a USB cable. I go on the Internet, on phone related forums, find dozens of free Java or Symbian programs and games (IM program, a real web browser to replace the Wap browser, even a Doom port, etc) and download them on my system, then use the USB cable to download them on my phone, all that for $0 since I didn't use the lame Wap browser to find them. I also went on the Nokia dev forums and downloaded their Nokia Multimedia Converter to convert my .mpg and .avi files into .3gp to view movies on my phone. The phone comes with RealPlayer which plays MP3 files I send it on the USB, so that's no problem, plus it supports .mp3 as ringtones, so again $0. I even bought a PQi 1GB memory card with no DRM which fit in the phone and allows me to put whatever I want. I even have a bunch of .jpg files which the phone is more than happy to let me put as wallpaper.
So again, look around and there are options. Don't support your provider by downloading their $5 ringtones and wallpapers just because they told you to.
I, for one, welcome our new TPM Chip Cell Phone Overlords.
All your base are belong to us.
Will be Skype or other VoIP Apps. With service providers bringing in high speed internet, they wouldn't want their customer using Skype to get cheaper/free voice calls instead of using up the day time minutes. I can see where this is going and I don't like it :(.
-ItsME
"SIGNED" applications on your phone?!
what the hell are people smoking?
asking someone else for permission to Execute Arbitrary Code on your PROPERTY!!!
if the phone isn't a rental, then it belongs wholly to you. as in your property and i'll be damned if they can get away with this for much longer.
Science : Proprietary , Knowledge : Open Source
Is it safe to speculate yet who will benefit from future "crowd control pain rays?" Would a lot of deep hypothetical speculation be necessary to figure out who "crowd control machine-gun robots" will ultimately be aimed at?
What possible benefit to you will outweigh a possible one-way loss of basic freedoms? Wouldn't it be better to insist on a solution that doesn't have those disadvantages, if that is good enough?
Does it matter that you won't be the initial target of these control measures (under the current leadership)? Wouldn't it be a wise precaution to oppose them just in case the public elects a leader you think is irresponsible? Why not stick with technologies that exclude the possibility of that sort of danger?
I suppose you want us not to oppose those things, but rather let them happen because we don't have any evidence yet to believe they will be used against us (um, like prosecution of P2P filesharing teenagers, illegality of DVD decrypting in your own home, voting machine abuse, unseen unsigned EULA contract abuse, spyware, nonskippable commercials on various devices, spam, cussing out employees and chair throwing, etc....)
~ Oh no, they wouldn't misuse it, they are so perfect and smiling, they have clearly been so responsible with the other technologies they have come across. *drinks kool-aid* ~
Once a precedent allowing nasty stuff through TCG stands in the courts as a legalized infringement of property and other rights, it will be much harder to get rid of. But there is still one vote that counts: the one that you exercise in not buying this junk, because that is the only way they will get the message (even if they pretend otherwise and blame the poor sales figures on a lack of ringtones or something.)
Most phones only let you install J2ME apps. IMO this sucks for geeks. There is a market for a geek pda/cell phone, which must be purchased at full price with no subsidy, works on any GSM network, and has a free and open implementation so you can write cool new apps without obstacles. But I don't know of any companies directly catering to that market yet. Danger should've been doing that; they were independent and maybe even had the balls for it, at first. Now apparently they don't.
But then again, maybe the carriers won't allow such devices on their networks at all. I'm not sure if they could block them, but I can imagine they'd have a hissy fit, not being able to charge extra for every little feature like they do now. But it's quite obviously the future, whether they like it or not; if not on any of today's networks, then on future networks like WiMax or something.
At least you can get a GPRS card and stick it in your favorite PDA and do what you want. Maybe do VOIP over the data network.
You say that it's "optional." So is, say, having a driver's license.
But's pretty damned hard to get by without, isn't it?
I'm waiting for the first virus with a payload to lock everything, so that we're completely stuck in "trusted" mode and locked out of running or doing anything...
It's sad that I hope that such a thing will come earlier, and not later, so that we kill the idea before we're stuck with it.