Kindle Fire and Nook Upgrades Kill Root Access

jfruhlinger writes "The Kindle Fire and Barnes and Noble Nook tablets are similar enough and close enough together in price that they ought to be fighting market share and one-upping each other in terms of features they offer users. But the latest OS upgrades to both gadgets claims to be an 'upgrade' while actually taking functionality away: both remove the ability to root the device." A more balanced way of looking at it is that the updates fix known local privilege escalation vulnerabilities. This might be more of an issue for people wanting to hack on the Nook Tablet: its bootloader is confirmed locked, but reports lean toward the Kindle Fire having an unlocked bootloader letting anyone flash their own software without needing to gain root first.

Good

[A12m0v]

Root access was a security risk. I'm glad Amazon fixed that.

Re:Good

It didn't come with root access, so they aren't fixing a security risk. They are just removing the ability for some people to voluntarily accept the risk.

Re:Good

[SJHillman]

Sort of like being able to open the hood on your car is a security risk.

Re:Good

[X0563511]

It is. Most cars have the hood release inside the (presumably) locked cabin... and are hooked up to an alarm system.

I agree with your sentiment; I just could not resist shooting at your analogy!

Re:Good

Yeah, seriously. When you have a security flaw that allows root privilege escalation you don't just decide not to fix that because the homebrewer's were using it as a convenient way to get access to the machine. If this was on an (open) desktop platform, such a flaw wouldn't really be tolerated for long.

It's like when people are upset that an exploit in a game was fixed that people were using to win / get free stuf / etc, yet they don't get upset when a bug is fixed that was actually preventing them from completing a game.

Re:Good

[tepples]

Then let's roll with the analogy: why don't more Android devices have a legitimate hood release of sorts?

Re:Good

[betterunixthanunix]

If this was on an (open) desktop platform, such a flaw wouldn't really be tolerated for long.

Which is why the user should simply be given root access to begin with. Instead of having to use privilege escalation attacks, users should just be able to hit a button or flip a switch to enable root access for themselves. Quick, easy, and perhaps voiding the warranty (but I think anyone who wants root access is willing to have no warranty).

Why is this so hard?

Re:Good

[rufty_tufty]

Welcome to the real world, the property you own isn't yours.
You're not buying a product any more you're buying a service. You can't lend others your books (look in the copyright notice at the front if you doubt me) You can't

It is not your music, it is licensed from those who own it.
Oh you're a band and think you own your music? Nope, it belongs to your record label.
Oh you're not signed to a record label? Since 7 notes is enough to copyright a riff then that gives you just over 5000 original works of music so there is no original works anymore. You cannot produce your own works of art anymore.

Okay maybe you have an idea for a cool new machine, nope that's almost certainly covered by someone else's vague patent. Your ideas aren't yours.

Okay what about your house, I bet it's mortgaged so the bank owns it.
Oh, you own your house outright, fine but who enforces it? When someone tries to take it from you it's a government giving you a licence to live there as long as you pay property taxes.

Actually you know what I started writing this as a parody post and now I'm not sure anymore, exactly what do we own anyway? What has anyone ever owned? Did those 200 years ago have more property rights than we currently have?
Moving forwards should we have more property rights? Should I be allowed to sell you a device that is designed to break, or at least rely on updates to keep doing the same job? Machinery has always worn out, selling with a contract that requires a service contract has always been legal (AFAIK) so why are we annoyed about this now?

Re:Good

[mlts]

Bingo. One can just look at the Nexus line of devices and the "fastboot oem unlock" command and the warning given as the right way to go about doing this. This is enough of a hurdle to keep Joe Sixpack from doing it so he can see the dancing bunnies, but allows people who are willing to trash their device (and not bother calling hardware support) to do what they feel free to.

Re:Good

[Andy+Dodd]

Actually, a privilege escalation exploit IS a security risk.

The unlocked bootloader means that on the Fire, this is at most a small speedbump in the process of modifying a device. However this prevents malware from gaining privilege escalation. (Most of the easiest Android rooting techniques like psneuter and rageagainstthecage relied on exploits that could and WERE also used by malware such as Droid Dream.)

Re:Good

[nedlohs]

That's the point.

That isn't what was removed. What was removed was a security flaw that let a non-root app running on the device get root priveledges.

Re:Good

[Moryath]

And yet if the car companies removed your hood release and required a special key or tool only available at the dealerships, you'd be screaming bloody murder and so would the mechanic's unions with good reason - in fact, several times there were class action lawsuits against GM, Ford, and Toyota due to their refusal to sell the appropriate adapters and codebooks necessary to troubleshoot or reset "check engine lights" and computer warnings to the 3rd-party mechanic shops.

Imagine if the car companies wanted to take away your RIGHT to have your car fitted out with a turbocharger, or an aftermarket performance chip, or a better flywheel, or any number of other changes.

Now why is it that people don't scream bloody murder when they have a computing device in their hand, personal property they purchase, and they're told "but you don't have admin rights to change anything so there"???

Re:Good

[JesseMcDonald]

No, the answer is that copyright doesn't grant all the privileges the publishers are claiming, at least in the USA. In particular, the Doctrine of First Sale pretty much says that you can legally do whatever you want with your copy once they've sold it to you (aside from using it to make more copies). That includes not only obvious things like transportation, but also lending—both free/personal loans and commercial rental.

Rental companies and retailers often do have special agreements with the publishers, but that's because the publishers are offering them a better deal, not because they need the agreement simply to resell or rent out the physical books/DVDs/etc.

Digital media falls into a rather gray area, which is how the publishers like it. They take advantage of the ephemeral nature of digital goods to undermine the First Sale doctrine, while simultaneously claiming that the content has been fixed in a tangible medium in order to gain copyright privileges over it. It should be one or the other, but they leverage the confusion to get their way on both counts.

Re:Good

[Anomalyst]

Boats have cabins, cars have interiors.

It's a ship not a boat.

Re:Good

[Pope]

I drain my crankcase every weekend and replace the oil to try out different brands. Doesn't everyone?

Re:Good

[ceoyoyo]

No need: http://www.etymonline.com/index.php?term=cockpit

The midshipman's berth on naval ships used to be called the "cockpit," a pit for fighting cocks (roosters). Midshipmen were usually young men, frequently in fierce competition for limited promotions.

Cock as slang for penis probably also originates with cock meaning rooster.

Re:Neither advertise Android as a selling point

[tepples]

Anonymous Coward wrote, in a slightly more inflammatory wording:

Neither device [...] has access to the real android market.

Maybe you should [...] go buy a real Android tablet...

Which affordable, certified "real Android tablet" in the 7 to 8 inch range do you recommend instead of a Kindle Fire or Nook Tablet? Or are Kindle Fire and Nook Tablet like game consoles, sold at razor-thin margins or even at a loss to get people onto the manufacturer's store, and that's why they're so much cheaper than Google-certified devices?

Mmmm, movies

[SJHillman]

Since the last update to the Nook Color let me watch Netflix (it works really well, although subtitles could be slightly larger) and fixed a few oversights like not being able to read books in landscape mode, I really don't have a reason to root it anymore. It may just be my perception, but overall performance seems to have improved slightly as well. Does anyone know if this affects dual-booting the Nook Color off of a microSD card?

Re:Mmmm, movies

[DdJ]

This does not impact the Nook Color in any significant way.

Both the Nook Color and Nook Tablet will try to boot off microSD first if they can. That's not part of the OS. However, the Nook Tablet requires a signed kernel to boot, and the Nook Color does not. So, this change results in a significant loss of hackability for the Nook Tablet, since you had to "jailbreak" it in some sense to do anything. It does not result in a significant loss of hackability for the older Nook Color, since you can still just write an unsigned kernel to a microSD card and you're off and running.

Disclaimer: this is my understanding from scouring the xda-dev forums for details and from hacking my own Nook Color. I've confirmed that 1.4.1 on the Nook Color does close the sideloading "hole", and that a 1.4.1 Nook Color will still boot stuff like CM7.1 from microSD card. The rest of it, I have not personally verified myself, but am summarizing my understanding from reading experts talking about it all.

Follow the money

[MonsterTrimble]

First off, is anyone surprised? As a business, I'm making sure:
1) That people don't try to return the product when they screw it up doing something that the product wasn't intended to do (and it costs me money)
2) That I eliminate a potential attack vector for malware which would lead to decreased sales and increased returns (which costs me money)
3) That people are locked into using my products (which makes me money)

This is all about the money people. This isn't about trying to screw over the 0.1% of people who buy the tablet - It's about maximizing the profits. And let's be realistic here - they will be recracked in short order.

Re:Follow the money

[betterunixthanunix]

That people don't try to return the product when they screw it up doing something that the product wasn't intended to do

It is a computer, not a hammer. Since when do we declare that a computer is "not intended" to do something in software? If people were complaining that their Nook could not solve the Post correspondence problem, you would have a point.

Re:Follow the money

[tepples]

That people don't try to return the product when they screw it up doing something that the product wasn't intended to do (and it costs me money)

The proper way to fix this isn't to block all rooting but to provide a working recovery means to reset the operating system to factory state, restore applications from the market, and restore the user's data from automatic backup. Then figure out a way to segregate the user's data so that it doesn't have to be restored as often; the "/sdcard" partition in some Android devices has worked well for this.

That I eliminate a potential attack vector for malware

You can't neutralize malware without first defining malware. This involves enumerating the possible bad things that malicious software can do. Does this list of bad things miss anything?

Re:Neither advertise Android as a selling point

[poena.dare]

I have a real faux Android tablet called an HPTouchPad. It's sweet!

Re:Neither advertise Android as a selling point

[Anon-Admin]

I have several FlyTouch pads from China. The new ones are dual touch with 1ghz processors in a 7" format and are running around 80$ including shipping. They are google Android and they will send you the android image. Re-flashing is as easy as putting the image on an sd card and booting the unit with the sd card in it.

Not the greatest in the world but they are very good for around the house network access, book reading, hacking, etc.

Right to Read

[mounthood]

In-case anyone hasn't read the Richard Stallman story: http://www.gnu.org/philosophy/right-to-read.html

From the authors notes:

One of the ideas in the story was not proposed in reality until 2002. This is the idea that the FBI and Microsoft will keep the root passwords for your personal computers, and not let you have them.

The proponents of this scheme have given it names such as “trusted computing” and “Palladium”. We call it “treacherous computing” ...

The 1997 prediction, proposed in 2002, is reality in 2011. The big surprise is that the implementation isn't a technical DRM/TC scheme, but a fundamental change in corporations retaining ownership and control of items after they've been sold. Who could have predicted that?

Re:A class in C++ is a fancy name for a struct

[Viol8]

Thanks for the heads up but I've done C++ for the last 15 years. A C struct is NOT the same as a C++ struct because it can't inherit and it doesn't have methods , only the option of function pointers, but thanks for playing.

Re:Happy Holidays from the Golden Girls!

[Megane]

It's a classic troll like those from the dawn of internet trolling, alt.religion.kibology circa 1993. Ah, the good old days of cross-posting about "Majel Barrett Shatner" and "the fifth Beable", both to the appropriate newsgroup for the show, and a.r.k for the audience.

Re:...then pirate the Gapps

[dmesg0]

And thus useless for check depositing. Chase Bank's deposit app for Android is exclusive to Android Market.

A few minutes on slatedroid, half an hour of effort and your favorite Chinese tablet is running the full market. And please don't tell me time is money, your mere presence here proves otherwise.

So how do I convince the publisher of an application that uses the NDK to offer a MIPS version of the same application? I haven't yet had a chance to try a MIPS tablet for myself, but I'm under the impression that the view of Android Market on such a tablet would be as barren as, say, the AppsLib that comes on eighth-generation Archos devices because most apps using the NDK are exclusive to ARM and thus hidden.

I never recommended buying a MIPS tablet, just answered your certification question. Though I guess for basic uses like web browsing, it should be fine.

(Aside: Has my "trying to find the best affordable Android tablet" become "whining" yet? Should I stop now?)

I would say yes. Though it looks to me like you are trying to convince yourself not to grab one of these 100$ tablets. Good luck with that, it's not easy. I failed 3 times :)

Re: Car Analogy

[sunderland56]

Much better car analogy: some car manufacturer comes out with a model where, if you hit the driver's door with your hand in the right place, the door unlocks. Lots of people buy the car and enjoy it, since you don't need to carry the keys around with you. Then the car manufacturer fixes the fault, and many people cry foul. Everyone misses the point that it is a generally bad idea to allow criminals to trivially get in to your car, and that locks are a *good* thing.

Don't trust reviews written by morons

[yelvington]

I bought the NC because I could get it cheaper than the Kindle Fire and the reviews for the Fire said it was crap.

You made a mistake relying on bad reviews written by morons. I've looked at a lot of them. They're mostly immature Apple fanbois trashing the competition and/or ignorant "tech journalists" who are cutting and pasting other peoples' reviews. 90% of what you see on tech blogs is pure plagiarism with a lame excuse link buried at the bottom.

The truth is that the Kindle Fire is a really pleasant device, a great bargain, well-supported by Amazon (three OS updates so far) and with the 6.2.1 OS, quite snappy.

I have a Fire, and my daughter has the Nook Color. In terms of performance, responsiveness and usability, the Kindle is head and shoulders above the Color (which is last year's model). A much faster dual-core CPU is the biggest reason, but the display is also much brighter. The Nook Tablet, which is about $50 more, is arguably better hardware, but it's more limited on the media and software side. Both support Netflix. The Fire has more apps and the Amazon music and video, which is important if you are a Prime member but maybe not all that big a deal otherwise. The Fire lacks SD card support and has no microphone like the Nook Tablet.

For books, the Nook Android software is easily obtained and sideloaded on the Kindle Fire without rooting, so you have a choice. I'm not so sure that can be done the other way around.

The Kindle Fire 6.2.1 upgrade wipes and reconfigures the Android /system partition. This is an easy way to do the upgrade, but if you rooted your Fire in order to install the Google app framework, you'll suddenly discover that calendar and contact sync has gone away. Most of the other Google software works without requiring rooting, and it's simple to pull a backup off your Android phone that can be installed on the Kindle Fire.

The culprit here isn't Amazon, but rather Google, which is responsible for making its apps unavailable on the KF platform and for requiring that its application components be installed on the system partition. The only way to make the system partition writeable is to root the device.

There are some parts of the Fire UI that needed some work; the carousel in particular was jerky and not always responsive. That's fixed in 6.2.1. I also see reports that the Kindle Fire doesn't like flaky, crappy wifi routers (and there are a LOT of crap routers out there). I don't know how much of that might be fixed in the upgrade. My routers all work fine.