THC and The Nokia Rom Images
2006-09-06
In mid july Nokia charged THC with copyright infringement and threatened
with a lawsuit. THC took down thc.org to prevent further cost and a
legal disaster.
A month earlier THC discovered significant security flaws in Nokia's
Operating System. To proof it THC published ROM images of 3 phones.
THC did not publish the source code or tools but one thing became
apparent: To extract the ROM images core security features had to be
breached. THC's ability to load kernel modules and gain access to the
core of the OS (including the GSM stack) was something Nokia did not
like.
At the time of the release THC was not aware of any copyright protected
material inside the roms. The question has to be asked if Nokia chosed
the right method by threatening THC with a lawsuit or if an email could
have achieved the same. Was their concern really copyright infringement?
The software in the rom-images could not be used, not be ported and not be
run on any other mobile phone. In addition all software is already available
on every phone. Phones that are given away by the mobile operators for
1 Euro or sometimes even for free. So if everyone has access to the software
anyway what is the point in threatening THC? What was their real intend? We
might never find out. But what we know is that they managed to silence THC
for a month.
If this is professional practice? We do not know. It is certainly the
practice that Nokia chose. We also know that no attempt was made by Nokia
to inquire about the security vulnerability. We also know that Nokia did
not provide any updates for their customers.
Making sure that the hardware we purchase is secure is not a crime.
In fact taking a look at what we buy should be our duty. We should not
trust big corporates who claim in TV advertisements how secure and
safe our data is. We have to test it and proof them wrong whenever we
can.
In fact researchers should demand that manufactures like Nokia must
provide full documentation of their hardware. The buyer becomes the owner
of the mobile phone and thus has the right to know how to program the
hardware. Nokia does not provide any of such information. Free software
or a different operating system can not be used because of limited access
to documentation. This is a classic example of a hardware giant allowing
only his own software to be used. This is what some people would consider
a Monopoly and an abuse of power.
THC is deeply concerned that Nokia did not choose the diplomatic route.
|