Slashdot Mirror

← Back to Stories (view on slashdot.org)

TPM Security Chip For Your Cell Phone

Posted by ScuttleMonkey on from the drm-threat-or-buzzword-buzz dept.

pete314 writes "The Trusted Computing Group has unveiled that it is working on a mobile version of its TPM security chip. It should prevent the phone world from being hit by the same virus and hacking issues that face computers. However, the EFF is not amused, stating that the chip will be used for DRM, and could even limit which software the owner installs on his cell phone."

21 of 162 comments (clear)

  1. I don't want a phone with apps by ReformedExCon · · Score: 3, Insightful

    I want to be able to install my own applications.

    etc.

    Reminds me of that episode of the Simpsons:

    Abortions for all.
    *crowd boos*
    Very well, no abortions for anyone.
    *crowd boos*
    Hmm... Abortions for some, miniature American flags for
    others.
    *crowd cheers*

    In my opinion, a phone is a tool. I don't ask screwdriver makers to make blank drivers so I can whittle my own philips head. If I need a tool with more features I will buy it, I don't want to worry about installing or developing my own tools. Meet me. Joe Consumer.

    --
    Jesus saved me from my past. He can save you as well.
    1. Re:I don't want a phone with apps by aussie_a · · Score: 4, Insightful

      Meet me. Joe Consumer.

      By posting on slashdot you prove that you actually know about TPM and have formed an opinion on it (at least in regards to mobile phones). Joe Consumer most definitely doesn't know about TPM and hasn't formed an opinion on it. Ergo, you're not Joe Consumer.

    2. Re:I don't want a phone with apps by hecktorjade · · Score: 5, Insightful

      Well you certainly have a resonable point about being "joe consumer" and wanting to just get something that works. But the the rights of joe comsumer are exacty what is at stake. When the corporations (I am not making a political statement) create a device under the TCP they WILL contend that it is illegal to create software for the device. The DMCA has a provision that allows for the reverse engineering of a device for the process of creating software. However it is the process of creating software/development and its inherent nature that will come under scrutiny. On the bright side the TCP is not legislation. It is a consortium (I guess a kind way of saying colusion) of companies. If the TCP is fully realized the consumer will be morbidly limited to what they can actually do with the device. Ergo over time you will pay much more money for functionality because essentially the open source community will be unable to legally create, distribute and refine software.

    3. Re:I don't want a phone with apps by Shodokan · · Score: 3, Insightful

      In my opinion, a phone is a tool. I don't ask screwdriver makers to make blank drivers so I can whittle my own philips head. If I need a tool with more features I will buy it, I don't want to worry about installing or developing my own tools. Meet me. Joe Consumer.

      Fair enough, there is always going to be a portion of the population who want the no frills version of any given tool. However, in the case of mobile technology think about the fundamental difference between Apple and Microsoft in the early days. Apple offered a 'rolled', end-to-end solution with all the hardware and software you needed. That suits the basic user as they can go in and explore what the technology offers, etc.

      Then Microsoft came out with a 'roll your own' solution where you could grab a processor from one company, a screen from another, the keyboard from yet another, etc and wack good old Windows on the system. Far more versatile and appropriate for a market that had started to understand the technologies potential.

      The second example came with the internet. Applying the same terms in the Apple-Microsoft analogy AOL, for example, offered a rolled solution where you could access a certain amount of information and get a feel for what this internet thingy is all about. Then along came the portal/search engines, Yahoo!, Altavista and of course Google - the 'roll your own' version that allowed you to reach the internet at large.

      So, this brings us to the point - mobile. Carrier portals such as the various i-mode deployments, Vodafone Live!, etc are the mobile versions of rolled solutions. As history has shown us, these rolled solutions are awesome while the market learns about a technologies potential, but invariably consumers will come to want to personalise their experience (Look at ringtones sales worldwide). Thats why companies such as http://www.bluepulse.com/ are appearing and giving people to ability to have roll-your-own mobile content regardless of carrier, handset manufacturer or what country they're in... freedom baby =)

      Incase anyone is about to jump on and post that browsing content on an XHTML browser is not installing an appliction, yes, that's true, which is why I used bluepulse as an example - their product is not a browser but a remote desktop from which you can launch mobile applications.

    4. Re:I don't want a phone with apps by delta_avi_delta · · Score: 2, Insightful

      What about when the battery runs out on your expensive consumer device, Joe, and you think - "Hey, I don't need to pay the service guy $50 dollars to open this up and replace the battery, I'll buy a $5 dollar battery and do it myself, saving $45 for more consuming, ooohhh yeaaaaah". You bring your trusty phillips, you examine the device and... it's got non-standard screws. This is what we're talking about Mr Consumer, don't you see!

  2. Logical next step by MacGod · · Score: 4, Insightful

    It seems a logical next step for this to be used to only allow certain installs. After all, the carriers have long-since wanted you to *only* install stuff you pay them to download. I mean MP3 ringtons are just that-MP3s (short, 32Kbps ones even), yet you often can't transfer them simply by USB, you need to pay the carrier $3 for them.

    So, why would it be surprising that the carriers would want yet another layer of hardware/software protection to ensure that this golden revenue stream is the only way for people to add games/ringtones/wallpaper etc?

    --
    "Reality is merely an illusion, albeit a very persistent one " -Albert Einstein
    1. Re:Logical next step by ajs318 · · Score: 2, Insightful

      Ah, but on a Sony-Ericsson phone, such as the k750i with built-in 2Mpx camera and radio receiver, not only can you use any of your own photographs as wallpaper; you can even record your own ringtones, using the phone's built-in mic. And then nothing is stopping you from infra-red beaming your homebrew multimedia across to any other phone. I don't think they're going to be making phones without mics any time soon ..... though if they did, I'd definitely buy one for my mother!

      As to the question of ownership vs licencing ..... I don't think anybody is really sure whether or not you own a mobile phone {until it comes to time to get rid of them -- businesses aren't allowed to dispose of them in landfill, but individuals are}. But the phone companies might be within their rights to deem certain things as unfit for connection to their networks, if they thought there was a danger that you could be placing other subscribers' usage in jeopardy.

      Anyway, phone companies will be shooting themselves in the foot if they try to clamp down on "unauthorised" ringtone / wallpaper installations. The choice is not "pay through the arsehole for it or get it for nothing". The choice is between "pay through the arsehole for it, get it for nothing or go without", and the third option is the one people will use if denied the second.

      --
      Je fume. Tu fumes. Nous fûmes!
  3. It is true... by Darkling-MHCN · · Score: 5, Insightful

    These systems are a two edged sword. The more open a system is the easier it is for malicious developers to exploit them. We could easily end up in a situation where in the name of securing systems the big players will lock out smaller players from the market by digitally controlling what applications are allowed to run on these systems. We may be on the dawn of an age where real monopoly's in computing are about to develop, where start-ups face real physical barriers that stop them from entering a market.

    The scariest part about this is, consumers will probably go for these systems as they will be hassle free, safe and free of worry. The only worry consumers will have is that the content of these systems is not only controlled for their own protection but also controlled to limit what they can and can't do, for alot of people I think the costs will be outwayed by the benefits.

    1. Re:It is true... by fredrik_haard · · Score: 2, Insightful
      the big players will lock out smaller players from the market
      That is already true; the mobile phone operators are already doing what they can to lock out alternatives to (for example) SMS/MMS so that they can keep overcharging. This I know for sure, since I have been involved in such a project. Also, the operators add additional DMR to the branded versions of the phones, which are the ones most people get.
  4. Re:Newsflash by Travoltus · · Score: 2, Insightful

    This is supposed to mean what? That it's a good thing because it's happening already?

    --
    --- Grow a pair, liberals... stop letting the Republicans bully you!
  5. Ads are my only concern. by Anonymous Coward · · Score: 3, Insightful

    My only concern with future phones is the prevalence of ads. I block any and all ads I can on the internet, both with a large hosts file and Firefox's AdBlock extention. I'll go nuts if I can't bar proximity ads from worming into my phone, like this.

  6. Pay more attention. by Anonymous Coward · · Score: 1, Insightful

    And what happens when a TPM-enabled application turns out to have a security flaw, and a worm targets it?

    TPM won't protect you from viruses and worms. The idea it will is just one of Microsoft's lies. What TPM means is that when viruses and worms strike, the viruses and worms will be able to do things-- like lock away your files for ransom in the "copy protected" part of the hard drive-- that you will be literally unable to fix.

  7. Security by Richard_at_work · · Score: 3, Insightful

    Im going to be pounced on for this, but I want security on my mobile phone, as much as humanly possible. The potential for me to lose money through an unsecure mobile phone is a lot more than that of a desktop or laptop computer since you cant unplug a mobile phone after use. It would be trivial to have an app dial a premium rate number on an unsecured phone, running up bills of hundreds of pounds or dollars and that is something I cannot afford to have and if TPM or DRM can prevent that, then Im willing to allow it in that environment. TPM has its place, and this is it - protecting me.

    1. Re:Security by evilviper · · Score: 4, Insightful
      running up bills of hundreds of pounds or dollars and that is something I cannot afford to have and if TPM or DRM can prevent that, then Im willing to allow it

      And when the DRM is in-place, you're being charged exhorbant fees for any little bit of code you might want to use (ringtones, backgrounds, programs, etc), and yet your phone isn't any more secure, even blocking you from installing a program to REMOVE the virus/worm... Then what?
      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    2. Re:Security by Alsee · · Score: 4, Insightful

      TPM has its place, and this is it - protecting me.

      No. The TPM is specifically designed to be secure AGAINST THE OWNER, and something is only DRM if it is trying to be secure AGAINST THE OWNER.

      You could get all of the same owner benefits that you want from an otherwise identical system except where you were allowed to know your own master keys. Since it would be essentially identical hardware it would have identical capabilites to protect you, however since you know your master keys the system is not secure against YOU. You could use your key to unlock anything if you wanted to, and you'd be able to control the system if you wanted to. However it would then no longer be a Trusted Platform Module. It would no longer be "Trusted" because the very meaning of "Trusted" is that they Trust it to be secure AGAINST YOU. That they Trust your own property will enforce things like DRM AGAINST YOU.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  8. bugs suddenly disappear: miracle ! attestation by free2 · · Score: 2, Insightful

    It should prevent the phone world from being hit by the same virus and hacking issues that face computers
    Miracle ! You put a DRM chip and then suddenly, the numerous OS and application bugs exploited by crackers and viruses disappear !
    The only new thing provided by a TPM is "remote attestation", and I call it Big Brother.
    http://en.wikipedia.org/wiki/Trusted_computing#Rem ote_attestation

  9. Rent VS own all over again by xiando · · Score: 5, Insightful

    I posted this already, many times. But regardless, I am going to repeat myself.

    I simply do not accept to pay when buying something with DRM as if I were buying it but am in reality RENTING IT.

    By that I mean that if I BUY an apartment, then I am allowed to paint the walls the color that pleases me because it is MINE, I own it and can do as I please with MY apartment. However, if I RENT an apartment, then I must ASK the OWNER of the apartment for his/her permission to paint the walls. If I own it I do not need to ask, it is mine to do as I please. If I rent, then it is NOT mine and I must ask the REAL owner.

    Now, with DRM, I am paying like I am buying, I am told I am buying, but the reality remains I still have to get someone else to give me permission to do as I please with my device. And if I have to do that, then I do not feel like I am the real owner.

    --
    9/11: Never forget it was a false-flag operation
  10. It all depends on how it's done by RAMMS+EIN · · Score: 2, Insightful

    ``These systems are a two edged sword. The more open a system is the easier it is for malicious developers to exploit them.''

    It all depends on how it's done. A chip that prevents the device from running any software not approved by some corporation protects against malware no better than a system which only runs software explicitly approved by the user, except in case of trojans. Add some sandboxing that only allows software to access resources that the user explicitly enabled access to, and you have a pretty secure solution, whether the user or some corporation controls it.

    On the other hand, a solution controlled by a corporation offers far greater potential to abuse by that corporation. I, personally, don't trust any corporation to not abuse the power given to them.

    There is one more point I'd like to address, and that's user friendliness. Obviously, it's easier to have some organization make decissions for you than to have to take them yourself, especially when it gets down to the level of which operations a piece of software is allowed to perform. I have two things to say about it: first, there is a possibility to let multiple organizations package software with some default settings (which could be customized by users). Users could then decide to trust some organizations to have made the right decissions for them. Secondly, practice shows that holding usability over security usually backfires; think about easy execution of code from the network, automatic opening of email attachments (even images), having services running by default, running as root, etc. etc. etc.

    --
    Please correct me if I got my facts wrong.
  11. Re:DRM is bound to die... by RAMMS+EIN · · Score: 4, Insightful

    Bah. People are paying for DRMed ringtones, wallpapers, DVDs, music, software, and maybe other things just fine already. Only a small minority of these people will actually want to do things that the DRM won't allow them to do; most people don't even know or care that there's DRM involved. I don't think DRM is going to die; there's simply not a lot of opposition to it, while the pro-DRM camp has billions of dollars.

    What's much more likely to happen is that DRMed and non-DRMed products will coexist in many markets; especially the ones that are easily accessible to hobbyists. If, indeed, enough people get turned off of DRM, that will merely create a healthy market for products with lighter or no DRM, but this will be in addition to the market where people don't care if there's DRM or not.

    --
    Please correct me if I got my facts wrong.
  12. I *DO* want a computer with apps by Jasper__unique_dammi · · Score: 3, Insightful

    If they start putting trusted (or rather threatherous) computing on mobile phones, they'll start doing it with cumputers too. Joe consumer will buy the computers and there arent that many processor chip makers out there, there will be less and less non-trusted computing chips around. At first they will be breakable or allow (free like in speech) open source software to be run. Later gradually options of open source software will run out, and it will die. Leaving they hard- and software industries free to ask whatever price they wish for there heavily encumbered and restricting products. And companies and goverments are able to censor the internet. That's the worst case scenario. I think its posible, since theoretically trusted computing seems unbreakable to me. Dont buy trusted computing, or (the much less frightening) DRM-ed products. Even if it means your stuff wont be compatible with other people. (or rather as a reason PS Why doesnt all the whitespace work... the \n (enter button) doesnt.. its lame text doesnt read easily this way.

  13. Why do so few people understand TPMs??? by Dr.+Blue · · Score: 4, Insightful

    You know, for a technology that's starting to be quite wide-spread, it's amazing the amount of mis-information spread about trusted platforms -- by both the pro and the con side.
    I've worked quite a bit with the technology, and it's not all THAT complicated.

    Over-stating what a TPM can do is common from the pro-trusted computing industry. Statements like "It should prevent the phone world from being hit by the same virus and hacking issues that face computers" are just ridiculous (I saw a press release one time that claimed they'd protect people from phishing too!).

    Simply put, a TPM does nothing -- nada, zilch -- to prevent viruses or external threats that you can't do in software with no hardware trusted platform additions. OK, you might make the argument that you're just adding another layer for defense in depth, but how about making the software better in the first place?

    The only -- yes, only -- extra capability given by a TPM is the ability to protect from local attacks. Meaning attacks from people with physical control over the hardware. Now before the "anti" side runs off and raves about how the TCG is trying to take over their computer, keep in mind that (a) it's optional and (b) there are applications where this makes complete sense. Ignore the DRM side of the issue, and there are still good applications. Imagine playing on-line games and having some assurance that your opponents aren't using hacked up clients that allow them to cheat. Imagine connecting to a peer-to-peer network where the peer you're connecting to can give assurance that it's not a hacked, fake RIAA node. For the cell phone, the obvious point is that it makes cell phone cloning exteremely difficult. None of those are bad things.

    If you don't like DRM, then don't accept stores or software that enforce it. And don't mistake every single issue as content providers trying to restrict what you can do.