October 06, 2010

New Android Phone (Falsely) Accused of Containing a "Malicious Root Kit"

Greetings. An article published yesterday is mischaracterizing the situation with Android and the new T-Mobile (HTC) G2 by claiming the phone includes a "malicious root kit" -- a very scary (but false) assertion.

This sort of hyperbole does nobody any good. Here are the facts as I understand them.

First, it's important to know that while Android is an open source operating system, it does not require (as far as I know) that any given hardware manufacturer (or cell phone carrier) permit user modifications of the OS itself. In fact, carriers and manufacturers have considerable latitude regarding the degree to which they wish to "lock down" their hardware.

And indeed, most Android phones to date have been locked down to one degree or another, resulting in various tricks being used to bypass those locks to allow rooting (for installation of custom OS builds [ROMs], etc.) But the point is that most Android phones did not come out of the box with the ability to openly install such modifications (the N1 can be viewed as an exception).

Now, I really like rooted Android phones. I want to have complete control over my phone whenever possible -- just like PCs. I still use a very long-in-the-tooth Android G1 that is on its last legs -- I rooted it way back and I run the "CyanogenMod" custom ROM (which I highly recommend).

What's going on with the G2 (essentially the HTC Vision, it appears) is that initial experimentation suggests that HTC is using a firmware rewrite system to replace "/system" mods with the "official" firmware upon reboot. It is too early in the hacking process for anyone to state definitively that this mechanism will not be defeated -- it's fascinating how many ways cryptographic signature locks can be "incompletely" implemented.

If the G2 is actually using this kind of firmware protection system, it will be very similar to modern TiVos, which employ a (very difficult but not impossible to replace) PROM chip to create a "chain of trust" that eradicates attempts to modify the system. Obviously, the likelihood of a practical "chip replacement" solution (as far as most potential users are concerned) for devices at the cell phone integration level is fairly small -- but I would dare not say impossible.

The good news is that "temporary" root access on the G2 has been achieved -- the problem is that associated system changes get wiped the next time the phone is started. Temporary root may however be adequate for running of certain programs that need root access for best functionality (like backup programs) -- though much more is indeed required for the running of alternative system builds.

This trend toward locked-down systems is being driven both by support concerns (users who have screwed up their "unlocked" devices may still want support, want to return for refunds, etc.) and by security concerns.

Note that the latter issue in particular is reportedly already being discussed by Intel and others in terms of creating CPUs and systems for PCs that would operate in the context of cryptographically-signed software, potentially bringing a similar level of lock to the PC world (at least in theory).

Personally, I find this trend to be very disturbing. It has serious negative implications for user freedom and (perhaps surprisingly to some observers) major negative implications for privacy and security as well -- since users will no longer necessarily be able to run the OSes and applications of their choice, vetted to their own standards against security and privacy exploits.

In any case, I am unsure if I'd be willing to use an unrooted G2 on a routine basis -- but the calculus on this score can be different depending on expected usage patterns and other factors for any given individual. I don't necessarily expect the same level of modification friendliness on a cell phone as on a PC -- even if I'd prefer them to be similar in this respect, all else being equal.

But calling what's apparently going on with the G2 a "malicious root kit" is simply wrong. We can use the Wikipedia definition of "rootkit" for now, which is on the mark:

"A rootkit is software that enables continued privileged access to a computer, while actively hiding its presence from administrators by subverting standard operating system functionality or other applications."

This clearly does not apply to the G2's OS protection system as currently understood. In fact, one could argue that the G2 may have implemented an "anti-rootkit" -- since the mechanism appears designed to prevent the installation of "nonstandard" OS functionality by protecting the "official" code from modification.

So let's try to at least keep this discussion in the realm of reality. I don't like locked-down systems. I like user choice. I'd prefer the G2 be fully modifiable, and I'm (wait for it ...) "rooting for it to be rooted."

But it's inappropriate to be referring to the G2's (or TiVo's, for that matter) OS protection systems by the term "malicious root kits" -- and the use of such inaccurate terminology in such cases does not advance the cause of user software freedom.

Even when -- especially when -- we disagree with a technology policy approach, it's very important that we attempt to avoid hyperbole and less than rigorously accurate statements -- both of which can be used by others as weapons against our points of view.

--Lauren--

Posted by Lauren at October 6, 2010 10:14 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein