TPM Security Chip For Your Cell Phone

pete314 writes "The Trusted Computing Group has unveiled that it is working on a mobile version of its TPM security chip. It should prevent the phone world from being hit by the same virus and hacking issues that face computers. However, the EFF is not amused, stating that the chip will be used for DRM, and could even limit which software the owner installs on his cell phone."

I don't want a phone with apps

[ReformedExCon]

I want to be able to install my own applications.

etc.

Reminds me of that episode of the Simpsons:

Abortions for all.
*crowd boos*
Very well, no abortions for anyone.
*crowd boos*
Hmm... Abortions for some, miniature American flags for
others.
*crowd cheers*

In my opinion, a phone is a tool. I don't ask screwdriver makers to make blank drivers so I can whittle my own philips head. If I need a tool with more features I will buy it, I don't want to worry about installing or developing my own tools. Meet me. Joe Consumer.

Re:I don't want a phone with apps

[aussie_a]

Meet me. Joe Consumer.

By posting on slashdot you prove that you actually know about TPM and have formed an opinion on it (at least in regards to mobile phones). Joe Consumer most definitely doesn't know about TPM and hasn't formed an opinion on it. Ergo, you're not Joe Consumer.

Re:I don't want a phone with apps

[hecktorjade]

Well you certainly have a resonable point about being "joe consumer" and wanting to just get something that works. But the the rights of joe comsumer are exacty what is at stake. When the corporations (I am not making a political statement) create a device under the TCP they WILL contend that it is illegal to create software for the device. The DMCA has a provision that allows for the reverse engineering of a device for the process of creating software. However it is the process of creating software/development and its inherent nature that will come under scrutiny. On the bright side the TCP is not legislation. It is a consortium (I guess a kind way of saying colusion) of companies. If the TCP is fully realized the consumer will be morbidly limited to what they can actually do with the device. Ergo over time you will pay much more money for functionality because essentially the open source community will be unable to legally create, distribute and refine software.

Re:I don't want a phone with apps

[Shodokan]

In my opinion, a phone is a tool. I don't ask screwdriver makers to make blank drivers so I can whittle my own philips head. If I need a tool with more features I will buy it, I don't want to worry about installing or developing my own tools. Meet me. Joe Consumer.

Fair enough, there is always going to be a portion of the population who want the no frills version of any given tool. However, in the case of mobile technology think about the fundamental difference between Apple and Microsoft in the early days. Apple offered a 'rolled', end-to-end solution with all the hardware and software you needed. That suits the basic user as they can go in and explore what the technology offers, etc.

Then Microsoft came out with a 'roll your own' solution where you could grab a processor from one company, a screen from another, the keyboard from yet another, etc and wack good old Windows on the system. Far more versatile and appropriate for a market that had started to understand the technologies potential.

The second example came with the internet. Applying the same terms in the Apple-Microsoft analogy AOL, for example, offered a rolled solution where you could access a certain amount of information and get a feel for what this internet thingy is all about. Then along came the portal/search engines, Yahoo!, Altavista and of course Google - the 'roll your own' version that allowed you to reach the internet at large.

So, this brings us to the point - mobile. Carrier portals such as the various i-mode deployments, Vodafone Live!, etc are the mobile versions of rolled solutions. As history has shown us, these rolled solutions are awesome while the market learns about a technologies potential, but invariably consumers will come to want to personalise their experience (Look at ringtones sales worldwide). Thats why companies such as http://www.bluepulse.com/ are appearing and giving people to ability to have roll-your-own mobile content regardless of carrier, handset manufacturer or what country they're in... freedom baby =)

Incase anyone is about to jump on and post that browsing content on an XHTML browser is not installing an appliction, yes, that's true, which is why I used bluepulse as an example - their product is not a browser but a remote desktop from which you can launch mobile applications.

they had one before

[scenestar]

The mpx200 had a software lock that required all code to be signed with a digitall certificate.

There about a gaziallion guides on how to flash your firmwware and get rid of it.

if this chip comes out you can be sure of the fact that people are going to break open their phone and pull that sucker out.

Logical next step

[MacGod]

It seems a logical next step for this to be used to only allow certain installs. After all, the carriers have long-since wanted you to *only* install stuff you pay them to download. I mean MP3 ringtons are just that-MP3s (short, 32Kbps ones even), yet you often can't transfer them simply by USB, you need to pay the carrier $3 for them.

So, why would it be surprising that the carriers would want yet another layer of hardware/software protection to ensure that this golden revenue stream is the only way for people to add games/ringtones/wallpaper etc?

Newsflash

[Caine]

However, the EFF is not amused, stating that the chip will be used for DRM, and could even limit which software the owner installs on his cell phone.

Newsflash: Phones already have DRM, it's a lot harder for the average person to bypass than a computer, and phones already limit what applications can be installed, or what they can do.

Re:Newsflash

[Caine]

Many newer phones don't allow for example file-system interaction from unsigned applications.

Re:Newsflash

[AaronBrethorst]

It depends on what you have. From what you say above, it sounds like you have a device running Windows Mobile. The code signing feature is fantastic inasmuch as it lets *you* decide whether or not you trust an app, and how much you want to trust it, essentially. I have an Audiovox SMT 5600 (aka HTC Typhoon) which exhibits the same behavior. Heck, I can even write apps for it in Visual Studio 2005 and dump them onto the phone. No fuss, no muss. My old Sidekick (well, actually the fourth Sidekick I had; I got unlucky in terms of catastrophic hardware failures) would only run extra apps that were on Danger and T-Mobile's pre-approved list. Not my idea of fun.

Re:Newsflash

[Caine]

It depends on what you have. From what you say above, it sounds like you have a device running Windows Mobile.

I don't have any specific phone. I write/design platform code for them, which is why I make broad general statements. DRM is coming more and more, TPM chip or not. My point wasn't that "Oh, it's already here, so let's just accept it" as someone said in a reply. My point was that the fact that TPM chips are coming doesn't really change much. There's DRM without them to, and it's still bad.

It is true...

[Darkling-MHCN]

These systems are a two edged sword. The more open a system is the easier it is for malicious developers to exploit them. We could easily end up in a situation where in the name of securing systems the big players will lock out smaller players from the market by digitally controlling what applications are allowed to run on these systems. We may be on the dawn of an age where real monopoly's in computing are about to develop, where start-ups face real physical barriers that stop them from entering a market.

The scariest part about this is, consumers will probably go for these systems as they will be hassle free, safe and free of worry. The only worry consumers will have is that the content of these systems is not only controlled for their own protection but also controlled to limit what they can and can't do, for alot of people I think the costs will be outwayed by the benefits.

Could? More like will.

[Sycraft-fu]

They already limit cell phones. At my last job we got Motorola T720 cellphones form Alltel. One of the features that wow'd everyone was the ability to play MIDIs for ringtones. So they all wanted custom ringtones (I personally just use a phone ring sound). They also wanted custom backgrounds (it only had a few). So one guy got a data cable so everyone could upload stuff. Er, wrong. None of that kind of stuff was accessable. It was basically only useful for transfering numbers and using it as a modem if you had a data package. You had to purchase new wallpaper and ringtones via the store. Same for games,

Ended up having to search the net and find some utilities to hack it. Even if you got a utility to directly access the file system and added something, it wouldn't be usable on the phone, you had to alter data files. It was quite clearly a deliberate lockout.

With this sort of thing, they'll just step it up to the next level.

Ads are my only concern.

My only concern with future phones is the prevalence of ads. I block any and all ads I can on the internet, both with a large hosts file and Firefox's AdBlock extention. I'll go nuts if I can't bar proximity ads from worming into my phone, like this.

DRM is bound to die...

[metalmaniac1759]

The death of DRM is imminent. It might take some time... but it'll come for sure.

Picture this - all mobile manufacturers will start shipping DRM enabled phones. Manufacturers will tie-up with content providers, and most of the content being provided will be DRMed.

After a sizeable number of consumers are stuck with DRMed schmuck which makes them pay $$$ for every time they press a button on the phone... there'll be a HUGE demand for a non-DRMed phone.

At that point of time if any company comes up with a non-DRMed phone with enough non-DRMed content to make the consumer moderately happy - it will strike gold!

For this to work - consumers need to unhappy about DRM... that's almost like a social revolution - and revolutions take time!

Nandz.

Re:DRM is bound to die...

[RAMMS+EIN]

Bah. People are paying for DRMed ringtones, wallpapers, DVDs, music, software, and maybe other things just fine already. Only a small minority of these people will actually want to do things that the DRM won't allow them to do; most people don't even know or care that there's DRM involved. I don't think DRM is going to die; there's simply not a lot of opposition to it, while the pro-DRM camp has billions of dollars.

What's much more likely to happen is that DRMed and non-DRMed products will coexist in many markets; especially the ones that are easily accessible to hobbyists. If, indeed, enough people get turned off of DRM, that will merely create a healthy market for products with lighter or no DRM, but this will be in addition to the market where people don't care if there's DRM or not.

Security

[Richard_at_work]

Im going to be pounced on for this, but I want security on my mobile phone, as much as humanly possible. The potential for me to lose money through an unsecure mobile phone is a lot more than that of a desktop or laptop computer since you cant unplug a mobile phone after use. It would be trivial to have an app dial a premium rate number on an unsecured phone, running up bills of hundreds of pounds or dollars and that is something I cannot afford to have and if TPM or DRM can prevent that, then Im willing to allow it in that environment. TPM has its place, and this is it - protecting me.

Re:Security

[evilviper]

running up bills of hundreds of pounds or dollars and that is something I cannot afford to have and if TPM or DRM can prevent that, then Im willing to allow it

And when the DRM is in-place, you're being charged exhorbant fees for any little bit of code you might want to use (ringtones, backgrounds, programs, etc), and yet your phone isn't any more secure, even blocking you from installing a program to REMOVE the virus/worm... Then what?

Re:Security

[Alsee]

TPM has its place, and this is it - protecting me.

No. The TPM is specifically designed to be secure AGAINST THE OWNER, and something is only DRM if it is trying to be secure AGAINST THE OWNER.

You could get all of the same owner benefits that you want from an otherwise identical system except where you were allowed to know your own master keys. Since it would be essentially identical hardware it would have identical capabilites to protect you, however since you know your master keys the system is not secure against YOU. You could use your key to unlock anything if you wanted to, and you'd be able to control the system if you wanted to. However it would then no longer be a Trusted Platform Module. It would no longer be "Trusted" because the very meaning of "Trusted" is that they Trust it to be secure AGAINST YOU. That they Trust your own property will enforce things like DRM AGAINST YOU.

-

Rent VS own all over again

[xiando]

I posted this already, many times. But regardless, I am going to repeat myself.

I simply do not accept to pay when buying something with DRM as if I were buying it but am in reality RENTING IT.

By that I mean that if I BUY an apartment, then I am allowed to paint the walls the color that pleases me because it is MINE, I own it and can do as I please with MY apartment. However, if I RENT an apartment, then I must ASK the OWNER of the apartment for his/her permission to paint the walls. If I own it I do not need to ask, it is mine to do as I please. If I rent, then it is NOT mine and I must ask the REAL owner.

Now, with DRM, I am paying like I am buying, I am told I am buying, but the reality remains I still have to get someone else to give me permission to do as I please with my device. And if I have to do that, then I do not feel like I am the real owner.

I *DO* want a computer with apps

[Jasper__unique_dammi]

If they start putting trusted (or rather threatherous) computing on mobile phones, they'll start doing it with cumputers too. Joe consumer will buy the computers and there arent that many processor chip makers out there, there will be less and less non-trusted computing chips around. At first they will be breakable or allow (free like in speech) open source software to be run. Later gradually options of open source software will run out, and it will die. Leaving they hard- and software industries free to ask whatever price they wish for there heavily encumbered and restricting products. And companies and goverments are able to censor the internet. That's the worst case scenario. I think its posible, since theoretically trusted computing seems unbreakable to me. Dont buy trusted computing, or (the much less frightening) DRM-ed products. Even if it means your stuff wont be compatible with other people. (or rather as a reason PS Why doesnt all the whitespace work... the \n (enter button) doesnt.. its lame text doesnt read easily this way.

Why do so few people understand TPMs???

[Dr.+Blue]

You know, for a technology that's starting to be quite wide-spread, it's amazing the amount of mis-information spread about trusted platforms -- by both the pro and the con side.
I've worked quite a bit with the technology, and it's not all THAT complicated.

Over-stating what a TPM can do is common from the pro-trusted computing industry. Statements like "It should prevent the phone world from being hit by the same virus and hacking issues that face computers" are just ridiculous (I saw a press release one time that claimed they'd protect people from phishing too!).

Simply put, a TPM does nothing -- nada, zilch -- to prevent viruses or external threats that you can't do in software with no hardware trusted platform additions. OK, you might make the argument that you're just adding another layer for defense in depth, but how about making the software better in the first place?

The only -- yes, only -- extra capability given by a TPM is the ability to protect from local attacks. Meaning attacks from people with physical control over the hardware. Now before the "anti" side runs off and raves about how the TCG is trying to take over their computer, keep in mind that (a) it's optional and (b) there are applications where this makes complete sense. Ignore the DRM side of the issue, and there are still good applications. Imagine playing on-line games and having some assurance that your opponents aren't using hacked up clients that allow them to cheat. Imagine connecting to a peer-to-peer network where the peer you're connecting to can give assurance that it's not a hacked, fake RIAA node. For the cell phone, the obvious point is that it makes cell phone cloning exteremely difficult. None of those are bad things.

If you don't like DRM, then don't accept stores or software that enforce it. And don't mistake every single issue as content providers trying to restrict what you can do.