Tuesday, January 13, 2009

iPhone being closed makes it less secure

I was thinking recently about developers wanting to be able to exploit future bugs in systems like the iPhone (and even in windows media player and the like) to gain access to locked content, features or.  I was thinking about how this means they are not reporting security bugs but keep them secret.  Which seems to be an overall negative _for the platform_ since they have created a market through their own actions that thrives on finding and keeping bugs secret.  Not all those who use such vulnerabilities are good guys trying to get their fair use rights back for sure and that is where the danger lies. 

Of course it is also annoying when you have to choose whether or not to apply a security patch that will likely close your fair use access to a system or device.  I typically err on the side of upgrading to close the holes (begrudgingly) lest I get compromised by someone else.  Fortunately my media player can play DRMed WMA files now so I don't have to convert them.  But I did avoid upgrading cell phones in the past so that they would not be able to block my ability to access the bluetooth features that I rightly purchased.

Another thing that worries me (especially due to the remote exploit risk) are the bluetooth dongle vendors who OEM the driver software from someone but that agreement does not allow you to keep current on versions.  I stopped using one that I know has vulnerable drivers and switched to another one that now has different stale drivers.  It will cost 19 pounds to "upgrade" (meaning, buy a current license with upgrade rights).  Good that I got the dongle cheap so I can afford the software.  I think this is irresponsible of both vendors.

No comments:

Post a Comment