With Steve Jobs’ recent declaration of war on iPhone hackers, we look at Apple’s options for stopping open source iPhone use.
The major reason that Apple wants to stop hackers from creating new open source programs for its iPhone, some analysts say, is that it has signed exclusivity agreements in various countries with service providers such as AT&T, T-Mobile and O2. Because Apple wants these companies to have incentives to continue developing exclusive applications for the iPhone, they say, Apple must make an effort to stop open source use.
“The open source applications are probably affecting AT&T more than they’re affecting Apple,” says Peiter “Mudge” Zatko, a division scientist at BBN Technologies. “I would imagine there’s an exclusivity clause somewhere in the contract with AT&T, at least for a particular period of time, primarily so people couldn’t go to other carriers.”
While Apple isn’t going to passively watch while others develop open-source programs for its devices, it isn’t clear how aggressively the company plans to go after hackers. Steve Jobs called the back-and-forth battle between Apple and hackers a “a cat-and-mouse game” where “people will try to break in, and it's our job to stop them breaking in,” but he didn’t give specific details on what the company planned to do.
Dan Steinberg, the president of the Quebec-based firm Synthesis: Law and Technology, says that the effort Apple puts into stopping hackers will correlate directly with how much open source applications hurt both its bottom line and the bottom lines of its partners.
“We don’t know if they’re going to pay lip service to this or if they’re going to go hardcore,” he says. “To know that, you’d have to know their business model, and you’d have to know the details of the deals they’ve made with various cell phone companies.”
One of the options open to Apple is to file lawsuits against hackers under the Digital Millennium Copyright Act (DMCA), which was passed in 1998 to ban the use of any devices that can be used to circumvent digital rights management systems. The DMCA has been invoked in several high-profile cases, including YouTube's defense against a threatened Viacom suit for the copyrighted video clips that its users had posted online, and the Motion Picture Association of America's suit against 321 Studios for developing encryption-busting DVD copying software.
Seth David Schoen, a staff technologist at the Electronic Frontier Foundation, thinks that fear of being prosecuted under the DMCA has proven effective in keeping several hobbyist open source developers from sharing their innovations on the Web.
One of the enduring problems here, as in many of the fields of technology now living under the DMCA's shadow, is the gap between what hobbyists know how to accomplish and what others are willing to commercialize to bring to a wider audience,” he says. “In many cases there are great advances and features enabled by hobbyist reverse engineering that might be brought to a larger audience but for the fear of legal liability.”
But Steinberg says that while the DMCA might be useful for prosecuting hackers in the United States, he adds that it will be of little help going after hackers in other countries. The most likely tool Apple will use, he says, will be a continuous stream of software upgrades that will block the hackers from adding new open source applications from their iPhones.
Zatko also sees Apple using software upgrades to thwart hackers. While he doesn’t think such upgrades can stop hackers altogether, he does think that they could slow hobbyist hackers up enough to make them less willing to put in the time to develop software.
“When they come out with a new update for the iPhone, it’s initially problematic for people who want to put their own software on it,” he says. “Apple can push out updates as quickly as they want. If they pushed one out once every 12 weeks with modifications, it would force hackers to spend more time and effort to develop new applications.”
Charles Miller, the principal security analyst for Independent Security Evaluators, says that Apple’s software upgrades would not prevent hackers from cracking the codes and continuing to develop their own applications for their devices, and that any software upgrades the company deploys will only “throw a few more hurdles” in the hackers’ way. Furthermore, he thinks that companies such as Apple may not be as opposed to open source applications as they claim publicly.
“Personally, I think a lot of these companies have to fight this because of agreements with companies like AT&T,” he says. “But they also want their users to think this is a really cool device, and being able to add code and write things for it makes [iPhone users] really happy.”
Another technique that Apple could use to stop hacking, say Miller and Zatko, would be to create different hardware for new iPhones that would have the phone’s BIOS filter out any codes that aren’t trusted by the system. This would create significantly greater problems for hackers and would also, says Zatko, “drive up the price of the original iPhones on eBay.”
But whether Apple decides to sue open source developers, to change its hardware or software, or to enact some combination thereof, Schoen doesn’t think most iPhone customers will be turned off by the company’s actions.
“Most Apple customers seem relatively content with Apple's highly integrated business models,” he says. “One interesting problem is… iPhone owners might sympathize more with Apple than with outside developers who want to directly help make the iPhone more useful and capable.”