Slashdot Mirror
TPM Security Chip For Your Cell Phone
pete314 writes "The Trusted Computing Group has unveiled that it is working on a mobile version of its TPM security chip. It should prevent the phone world from being hit by the same virus and hacking issues that face computers. However, the EFF is not amused, stating that the chip will be used for DRM, and could even limit which software the owner installs on his cell phone."
I want to be able to install my own applications.
etc.
Reminds me of that episode of the Simpsons:
Abortions for all.
*crowd boos*
Very well, no abortions for anyone.
*crowd boos*
Hmm... Abortions for some, miniature American flags for
others.
*crowd cheers*
In my opinion, a phone is a tool. I don't ask screwdriver makers to make blank drivers so I can whittle my own philips head. If I need a tool with more features I will buy it, I don't want to worry about installing or developing my own tools. Meet me. Joe Consumer.
Jesus saved me from my past. He can save you as well.
The mpx200 had a software lock that required all code to be signed with a digitall certificate.
There about a gaziallion guides on how to flash your firmwware and get rid of it.
if this chip comes out you can be sure of the fact that people are going to break open their phone and pull that sucker out.
perpetually dwelling in the -1 pits
It seems a logical next step for this to be used to only allow certain installs. After all, the carriers have long-since wanted you to *only* install stuff you pay them to download. I mean MP3 ringtons are just that-MP3s (short, 32Kbps ones even), yet you often can't transfer them simply by USB, you need to pay the carrier $3 for them.
So, why would it be surprising that the carriers would want yet another layer of hardware/software protection to ensure that this golden revenue stream is the only way for people to add games/ringtones/wallpaper etc?
"Reality is merely an illusion, albeit a very persistent one " -Albert Einstein
Newsflash: Phones already have DRM, it's a lot harder for the average person to bypass than a computer, and phones already limit what applications can be installed, or what they can do.
These systems are a two edged sword. The more open a system is the easier it is for malicious developers to exploit them. We could easily end up in a situation where in the name of securing systems the big players will lock out smaller players from the market by digitally controlling what applications are allowed to run on these systems. We may be on the dawn of an age where real monopoly's in computing are about to develop, where start-ups face real physical barriers that stop them from entering a market.
The scariest part about this is, consumers will probably go for these systems as they will be hassle free, safe and free of worry. The only worry consumers will have is that the content of these systems is not only controlled for their own protection but also controlled to limit what they can and can't do, for alot of people I think the costs will be outwayed by the benefits.
They already limit cell phones. At my last job we got Motorola T720 cellphones form Alltel. One of the features that wow'd everyone was the ability to play MIDIs for ringtones. So they all wanted custom ringtones (I personally just use a phone ring sound). They also wanted custom backgrounds (it only had a few). So one guy got a data cable so everyone could upload stuff. Er, wrong. None of that kind of stuff was accessable. It was basically only useful for transfering numbers and using it as a modem if you had a data package. You had to purchase new wallpaper and ringtones via the store. Same for games,
Ended up having to search the net and find some utilities to hack it. Even if you got a utility to directly access the file system and added something, it wouldn't be usable on the phone, you had to alter data files. It was quite clearly a deliberate lockout.
With this sort of thing, they'll just step it up to the next level.
My only concern with future phones is the prevalence of ads. I block any and all ads I can on the internet, both with a large hosts file and Firefox's AdBlock extention. I'll go nuts if I can't bar proximity ads from worming into my phone, like this.
The death of DRM is imminent. It might take some time... but it'll come for sure.
Picture this - all mobile manufacturers will start shipping DRM enabled phones. Manufacturers will tie-up with content providers, and most of the content being provided will be DRMed.
After a sizeable number of consumers are stuck with DRMed schmuck which makes them pay $$$ for every time they press a button on the phone... there'll be a HUGE demand for a non-DRMed phone.
At that point of time if any company comes up with a non-DRMed phone with enough non-DRMed content to make the consumer moderately happy - it will strike gold!
For this to work - consumers need to unhappy about DRM... that's almost like a social revolution - and revolutions take time!
Nandz.
Im going to be pounced on for this, but I want security on my mobile phone, as much as humanly possible. The potential for me to lose money through an unsecure mobile phone is a lot more than that of a desktop or laptop computer since you cant unplug a mobile phone after use. It would be trivial to have an app dial a premium rate number on an unsecured phone, running up bills of hundreds of pounds or dollars and that is something I cannot afford to have and if TPM or DRM can prevent that, then Im willing to allow it in that environment. TPM has its place, and this is it - protecting me.
Plus the meddlesome way they inject a "need" for TCPM on phones that - in the case of GSM - already contain a smartczard.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
It should prevent the phone world from being hit by the same virus and hacking issues that face computersm ote_attestation
Miracle ! You put a DRM chip and then suddenly, the numerous OS and application bugs exploited by crackers and viruses disappear !
The only new thing provided by a TPM is "remote attestation", and I call it Big Brother.
http://en.wikipedia.org/wiki/Trusted_computing#Re
I posted this already, many times. But regardless, I am going to repeat myself.
I simply do not accept to pay when buying something with DRM as if I were buying it but am in reality RENTING IT.
By that I mean that if I BUY an apartment, then I am allowed to paint the walls the color that pleases me because it is MINE, I own it and can do as I please with MY apartment. However, if I RENT an apartment, then I must ASK the OWNER of the apartment for his/her permission to paint the walls. If I own it I do not need to ask, it is mine to do as I please. If I rent, then it is NOT mine and I must ask the REAL owner.
Now, with DRM, I am paying like I am buying, I am told I am buying, but the reality remains I still have to get someone else to give me permission to do as I please with my device. And if I have to do that, then I do not feel like I am the real owner.
9/11: Never forget it was a false-flag operation
``These systems are a two edged sword. The more open a system is the easier it is for malicious developers to exploit them.''
It all depends on how it's done. A chip that prevents the device from running any software not approved by some corporation protects against malware no better than a system which only runs software explicitly approved by the user, except in case of trojans. Add some sandboxing that only allows software to access resources that the user explicitly enabled access to, and you have a pretty secure solution, whether the user or some corporation controls it.
On the other hand, a solution controlled by a corporation offers far greater potential to abuse by that corporation. I, personally, don't trust any corporation to not abuse the power given to them.
There is one more point I'd like to address, and that's user friendliness. Obviously, it's easier to have some organization make decissions for you than to have to take them yourself, especially when it gets down to the level of which operations a piece of software is allowed to perform. I have two things to say about it: first, there is a possibility to let multiple organizations package software with some default settings (which could be customized by users). Users could then decide to trust some organizations to have made the right decissions for them. Secondly, practice shows that holding usability over security usually backfires; think about easy execution of code from the network, automatic opening of email attachments (even images), having services running by default, running as root, etc. etc. etc.
Please correct me if I got my facts wrong.
If they start putting trusted (or rather threatherous) computing on mobile phones, they'll start doing it with cumputers too. Joe consumer will buy the computers and there arent that many processor chip makers out there, there will be less and less non-trusted computing chips around. At first they will be breakable or allow (free like in speech) open source software to be run. Later gradually options of open source software will run out, and it will die. Leaving they hard- and software industries free to ask whatever price they wish for there heavily encumbered and restricting products. And companies and goverments are able to censor the internet. That's the worst case scenario. I think its posible, since theoretically trusted computing seems unbreakable to me. Dont buy trusted computing, or (the much less frightening) DRM-ed products. Even if it means your stuff wont be compatible with other people. (or rather as a reason PS Why doesnt all the whitespace work... the \n (enter button) doesnt.. its lame text doesnt read easily this way.
It's called:
"Verizon Wireless".
You were mistaken. Which is odd, since memory shouldn't be a problem for you
You know, for a technology that's starting to be quite wide-spread, it's amazing the amount of mis-information spread about trusted platforms -- by both the pro and the con side.
I've worked quite a bit with the technology, and it's not all THAT complicated.
Over-stating what a TPM can do is common from the pro-trusted computing industry. Statements like "It should prevent the phone world from being hit by the same virus and hacking issues that face computers" are just ridiculous (I saw a press release one time that claimed they'd protect people from phishing too!).
Simply put, a TPM does nothing -- nada, zilch -- to prevent viruses or external threats that you can't do in software with no hardware trusted platform additions. OK, you might make the argument that you're just adding another layer for defense in depth, but how about making the software better in the first place?
The only -- yes, only -- extra capability given by a TPM is the ability to protect from local attacks. Meaning attacks from people with physical control over the hardware. Now before the "anti" side runs off and raves about how the TCG is trying to take over their computer, keep in mind that (a) it's optional and (b) there are applications where this makes complete sense. Ignore the DRM side of the issue, and there are still good applications. Imagine playing on-line games and having some assurance that your opponents aren't using hacked up clients that allow them to cheat. Imagine connecting to a peer-to-peer network where the peer you're connecting to can give assurance that it's not a hacked, fake RIAA node. For the cell phone, the obvious point is that it makes cell phone cloning exteremely difficult. None of those are bad things.
If you don't like DRM, then don't accept stores or software that enforce it. And don't mistake every single issue as content providers trying to restrict what you can do.