Motorola Says eFuse Doesn't Permanently Brick Phones 294
radicalpi writes "Motorola has responded to claims that eFuse is designed to brick your device if you attempt to mod it or install unauthorized bootloaders. Yes, the device will still not operate with unauthorized software, but it will only go into recovery mode until you reinstall the authorized software. According to Motorola: 'If a device attempts to boot with unapproved software, it will go into recovery mode, and can re-boot once approved software is re-installed.'"
Re:Thanks for the clarification Motorola, (Score:5, Interesting)
Re:Let hackers identify the offending chip(s)... (Score:3, Interesting)
The chips are identified, already.
I've already been working on POC code to exploit that eFuse and make it so once activated you CAN'T possibly install anything on the phone any longer. Once it works, Motorola is going to suffer, hard.
Ahh, the joys of exploiting semiconductors for various purposes. Some grow plants, others can be used to annoy someone, and even more can be used to force unfair business practices.
Re:Huh? (Score:2, Interesting)
The idea is that cryptographic signatures are stored inside the chip, namely CPU in all cases I know of, so that it only runs properly signed code. Blowing efuses will change the accepted signature to something new, thus setting back the goal of people who've just broken the system.
Microsoft do it with the 360, which keeps unsigned code at bay with each update. It also causes issues with legitimate machines, seeing as one resistor that was faulty caused a huge swathe of console not booting after an update - they had the newly signed dashboard executables, but their efuses weren't blown accordingly.
Expect mobiles to go the way of the 360, but future consoles to step up a few notches. The PS3 is surely the model to be built on - a piece of hardware, one of the Cell SPEs, that is executing completely isolated code that verifies system secrets like game and movie DRM keys. The cracking that made Sony remove OtherOS couldn't touch that SPE, but Sony didn't want to risk the integrity of their DRM - who knows what could have happened next (including Sony, I posit).
IBM et al surely have some truly evil ideas they've thought up since these consoles were released, and there are still a few years to go for the next round... just watch as everybody laps it up, none the wiser, seeing as it's embedded in hardware they simply can't see and DRM simply isn't in the public consciousness.
DDoS Possible? (Score:2, Interesting)
Re:Permanently brick sort of like permanently dead (Score:3, Interesting)
Just because you have discovered an unbricking technique does NOT invalidate the fact that it WAS in fact bricked.
Bricking is not defined as forever.
Bricking means the device is hosed and cannot be recovered without breaking in and modifying the hardware.
Breaking into the JTAG interface of a consumer device and reprogramming PROM are definitely hardware modification techniques that are non-trivial.
Re:Permanently brick sort of like permanently dead (Score:4, Interesting)
This is another term that has entered the popular lexicon and got warped. If a device is bricked, _no one_ can reactivate it - it is dead. If someone can revive the device for a fee, it's not bricked.... it's just something you probably should not have bought in the first place. Bricked means bricked - and I've had a few devices go that way on me because of mistakes.
Main problem would be EOL-ed devices (Score:3, Interesting)
In addition to marketoids demanding that you use Blur, there's a bigger problem. Once the device is marked as End of Life (and original Droid already is, right? Been less than a year) I kinda doubt that Motorola will dedicate any resources to bolding Blur onto newer revisions of Android. :) )
Which means users will be stuck in a certain version. Even though new ones could theoretically be used, as hardware is powerful enough (or it could be stripped down by geniuses from XDA Dev
At least they need to disable eFuse on "no longer supported" devices. Otherwise, just another example of planned obsolescence (and even worse than iPhone).
Fair enough - If it works both ways (Score:1, Interesting)
Will I be able to freeze Motorola's bank account (since my money is in it, after all) if they do something I don't agree with? Then restore it once they meet my criteria? Otherwise, no sale.
Re:Thanks for the clarification Motorola, (Score:5, Interesting)
How naive can you be ?
Suing IS the only option. Any individual consumer boycotting a product will do nothing, because they don't care about individual users ... this is why they're quite happy to deal with your "customer service" requests by letting you talk so someone in Mumbai reading from a checklist of approved questions but offering no real answers.
Any percentage less than a certain amount are also "don't care" metrics, it simply won't make a dent on their overall sales, and is not cost effective enough to affect a recall or revision to the product.
But a court case, together with it's bad publicity and public perception that the company isn't being totally honest, WILL have the CEOs taking notice, and might just change something to the benefit of all users.
You are one of nearly seven billion people on the planet ... no one cares what you boycott or otherwise, no one will even know about it. Make a class action suit, and entire countries can hear about it on the six o'clock news.
Tivoization is a bitch (Score:1, Interesting)
You don't own the device you supposedly bought. [wikipedia.org]
Avoid such hardware like the plague.
Re:Motorola really needs to (Score:5, Interesting)
This is basically what the nexus one does. You can unlock it, but it voids your warranty, and adds an unlocked padlock icon to the boot screen to show that you have unlocked it.
Re:OMG! Whatever shall we do? (Score:5, Interesting)
it's not Google's fault that Motorola is so blatantly circumventing the spirit of the OS
I disagree. Maybe at the beginning Google had to bow to phone manufacturer's wishes, but I think it is popular enough now that they can add a few more requirements in return for getting all the Google apps. For example:
* You have to provide Android upgrades for a year after the EOL of the phone.
* You can unlock the bootloader in the same way as the nexus one (but it can void the warranty).
* You have to provide a non-skinned ROM option.
* The phone has to pass some kind of conformance test. Maybe they already do this, but it's clearly not a great test if the they do; e.g. most phones don't support call recording, behave very differently when they are sleeping, and so on.
Re:Fuck your software. (Score:2, Interesting)
First, they don't want to deal with them in warranty. Even if people knowingly bricked their phone by attaching a car battery to it they will still hit up the warranty department with a cock and bull story about how it isn't their fault. Clogs up the warranty department and costs the company time and money.
Second, they cannot allow hacking the device to become mainstream. We aren't talking about people loading Linux on their phone to get a shell, the primary reason people want to hack their phone is theft of software. Which harms the platform because the vibrancy of the android platform requires high-quality software. If it is known that your aren't going to make money selling software that will limit the kinds of software available on that platform and that will limit the popularity of Android phones.
Third, hacking the phone can potentially open also sorts of attacks up on the cellular network. How long before people start listening to each others phone calls, hijacking calls, making calls on other peoples accounts, or just creating a DoS attack against the towers. How secure are those cell towers? I don't think we want to know.
Fourth, you do buy hardware software from the company. That is non-negotiable. You are buying a complete product not components.
Cryptographically signed software that starts from bootstrap is going to probably land on all devices eventually to help control costs, improve security, and maintain the revenue stream. They don't have to prevent you from cracking them forever, just until the next update.
Re:OMG! Whatever shall we do? (Score:3, Interesting)
The fault is Google's as well. They could demand that the OS remain open source, instead they went with profit. Google does own the rights to Android do they not? They can also set the terms for it's license.
To claim that Google isn't at fault here is a bit disingenuous, when they are the ones who have the ability to enforce openness and failed to do so.
Re:Welcome to trusted computing (Score:3, Interesting)
google or wikipedia can help you with the concept of a general-purpose computer.
With regard to your personal attack and argument from adverse consequences [rationalwiki.org], resorting to this sort of thing shows you have no real basis for your position.
My Dad can exercise his rights under copyright law with his VCR. Not with his comcast DVR (CGMS). Certainly not with his HD recorder (HDCP). If he wants to hack around these restrictions, he must develop everything himself. Nobody can sell him equipment to circumvent an access-control technology (DMCA)--even for the purpose of exercising his rights under the law.
Will you have the right to connect your general-purpose computer to the internet next year? Almost certainly.
Will your ISP permit only connection of "trusted" or locked-down "appliance" type devices in the near future? Why would they do such a thing? Bandwidth costs money. Defending lawsuits costs money. So the answer is maybe. Depends on what you do about it.
Consumer rejection killed DivX. TCPA has so far been a flop due to both political and technical reasons. Lack of interest made V-Chip largely irrelevant. Sony got egg on its face for their rootkit. BUT...
DMCA, CGMS, HDCP and any number of draconian to the point of bizarre restrictions on games are right here in front of you today.
RMS may successfully appeal to the crackpot geeks (one of which I am proud to call myself) on /. with The Right to Read [gnu.org], but this is preaching to the choir.
So, again--
It is important that the general public be aware of these sorts of shenanigans.
And that they make their outrage known by walking away from the culprit vendors and speaking simply, directly, and clearly to other potential customers.
Saying: ...
That "app" you just paid $9.99 for in your iPhone--do you know that in any other environment--including your own laptop computer, you can have this and an almost infinite number of others like it for free?
This accomplishes a whole lot more than saying "Well, as long as I can build a computer from parts there is no problem!"
Re:Fuck your software. (Score:3, Interesting)
I seem to remember there was much more public outcry when they tried to do similar things to lock down control of PCs and laptops to software authorized by one manufacturer. Everyone just sort of laughed it off saying "that'll never fly".
But I guess mobile phones have always kinda locked down. Still, the difference a generation makes!