THC has posted this little piece of news on their webpage.
THC and The Nokia Rom Images
2006-09-06
In mid july Nokia charged THC with copyright infringement and threatenedwith a lawsuit. THC took down thc.org to prevent further cost and alegal disaster.
A month earlier THC discovered significant security flaws in Nokia'sOperating System. To proof it THC published ROM images of 3 phones.THC did not publish the source code or tools but one thing becameapparent: To extract the ROM images core security features had to bebreached. THC's ability to load kernel modules and gain access to thecore of the OS (including the GSM stack) was something Nokia did notlike.
At the time of the release THC was not aware of any copyright protectedmaterial inside the roms. The question has to be asked if Nokia chosed the right method by threatening THC with a lawsuit or if an email couldhave achieved the same. Was their concern really copyright infringement? The software in the rom-images could not be used, not be ported and not berun on any other mobile phone. In addition all software is already availableon every phone. Phones that are given away by the mobile operators for1 Euro or sometimes even for free. So if everyone has access to the software anyway what is the point in threatening THC? What was their real intend? Wemight never find out. But what we know is that they managed to silence THC for a month.
If this is professional practice? We do not know. It is certainly the practice that Nokia chose. We also know that no attempt was made by Nokiato inquire about the security vulnerability. We also know that Nokia didnot provide any updates for their customers.
Making sure that the hardware we purchase is secure is not a crime.In fact taking a look at what we buy should be our duty. We should nottrust big corporates who claim in TV advertisements how secure andsafe our data is. We have to test it and proof them wrong whenever wecan.
In fact researchers should demand that manufactures like Nokia mustprovide full documentation of their hardware. The buyer becomes the ownerof the mobile phone and thus has the right to know how to program thehardware. Nokia does not provide any of such information. Free softwareor a different operating system can not be used because of limited accessto documentation. This is a classic example of a hardware giant allowingonly his own software to be used. This is what some people would considera Monopoly and an abuse of power.
THC is deeply concerned that Nokia did not choose the diplomatic route.
THC also released a Nokia Unlock Tool that removes the phone lock protection by exploiting a design flaw in the moblie phone. The tool does not remove the sim-lock however.
No comments:
Post a Comment