• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest
• The New Manager

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

When I wrote last about the security features of Apple's diPhone (`Is the iPhone secure?' in eWorld dated July 30, 2007), I believed the security issues between the manufacturer and customers had been settled, and that the much celebrated wonder machine had become nearly invulnerable. I have been proved wrong.

Unfortunately, the battle between rival parties continues without hopes of an immediate resolution. Each day sees claims and counter-claims on how secure or not the gadget is - against manoeuvres by adventurers. Incidentally, some of the latter are dictated by purely academic passion and some driven by commercial calculations.

The war of words between the vendor on one side, and customers and their supporters on the other, has received disproportionate media coverage that has only served to lend a bitter edge to the whole conflict, something that the Apple CEO, Steve Jobs, describes as "a cat and mouse game."

CYBER SQUATTING TACTICS

The sequence of recent incidents in the area of Apple's customer relations is not all that inconsequential.

It actually gains importance against the company's proposal to make the phone available outside the US as well. Apple has sold more than a million pieces since the launch on June 29. Europe is to get the phone in November, and there is considerable excitement about this in the UK, from where I am writing.

In anticipation of the arrival of the iPhone, several speculators have already started resorting to insidious cyber squatting tactics. They have registered a number of domains carrying names closely resembling the iPhone, with a view to deceiving unwary potential customers into unintended Web sites. This can indirectly cut into Apple clientele.

But then, action against cyber squatters is an expensive proposition, as another IT giant Microsoft found to its chagrin in the recent past. Apple may not waste time proceeding against the squatters. Its greater concern could be over efforts by some elements to facilitate access for third party applications and make the iPhone work also on networks other than AT&T, which currently holds the monopoly.

CHALLENGE FROM ISE, TEENAGER

First of the challenges to the new device came from a group called Independent Security Evaluators (ISE). Led by Charlie Miller, it sought to expose the flaws in the Safari browser bundled with the iPhone. According to them, a buffer overflow vulnerability in the Java script engine opened up opportunities for executing a malicious code. Before Miller made a presentation on this subject at the annual Black Hat conference at Las Vegas in August, Apple released a host of patches to take care of the alleged flaws.

In late August, however, news trickled in about the claim of a teenager, George Hotz of New Jersey, that he had broken into the iPhone, in spite of the patches made available by Apple a few days earlier. Hotz later posted on his blog details of his ten-step unlocking process, something that took two hours and which employed soldering iron and specific software to conduct the daring and delicate operation.

Interestingly, four persons, including two from Russia, collaborated with Hotz. According to the latter, he was able to link the phone to the service provided by T-Mobile, thereby ridiculing Apple's claim that their phone could work only on the AT&T network. Actually, this is the motive of most of the hackers now trying to outwit Apple. Their annoyance is over the restrictive practice adopted by Apple in shutting out non- AT&T companies.

APPLE UPDATE

Determined to put an end to the concerted efforts of individuals and groups to tinker with the iPhone, Apple first warned them against such misadventure, saying that this would render manipulated machines absolutely useless. The company went beyond this, on September 27, to issue a software update (1.1.1) that, besides adding additional features such as the iTunes Wi-Fi Music Store and fixing a few minor security flaws through ten new patches, had the effect of disabling the instrument whenever an attempt was made to make it compatible with non-AT&T networks.

Reports indicated that, in fact, whoever downloaded the update developed an assortment of problems with their iPhones immediately after they finished their unlocking exercises.

`JAILBREAK' ACHIEVED

A host of groups and individuals in the US have shown themselves amazingly determined to offer stiff resistance to Apple. Their focus is on neutralising Apple's version 1.1.1 upgrade and make the iPhone still open to third party applications. A team that goes by the name iPhone Development Team (IDA) claims it has achieved substantial success in this direction. In a posting in the so-called Unofficial Apple Weblog , a researcher Erica Sadun boasted that a `jailbreak' had been achieved, and that a workable hack was round the corner. The veracity of this claim is yet to be established beyond doubt.

The group has also appealed to iPhone owners, who had not yet opted for the Apple upgrade of September, to hold on for a while. To others who had already received the upgrade and had their phones bricked while trying to install third party applications, the IDA offers hopes of an imminent solution. Just now the unlocking achieved by IDA has managed to restore only a limited number of the iPhone features (such as iPod and Wi-Fi) but not the mobile phone function.

`DIGITAL BULLYING' LAWSUIT

Even as this battle of wits goes on, a class action lawsuit has been filed against Apple and AT&T, both in a Federal Court of San Francisco and a State Court based in Sacramento. It levels several charges, including an illegal conspiracy to tie customers down to the AT&T network to the exclusion of all other service providers. The suit also brands Apple's 1-1-1 upgrade of September as `digital bullying' and goes on to allege that the Apple warning that iPhone unlocking could lead to a permanent damage to phones was a downright lie.

The outcome of the legal process in the two courts is uncertain. Nevertheless, this course of action by some Apple-baiters should cause immense damage to the company's image as a professional and customerfriendly organisation of great repute. There is a feeling that Apple had been coerced into the deal by AT&T, and that on its own it would not have agreed to what is a blatantly unfair practice against the average customer.

Fearing an increased backlash, it is possible that Apple may agree to a compromise that permits limited access to the iPhone for third party applications, of course under its own oversight.

The major lesson for large companies is, however, that any trade agreement that benefits another company at the cost of the customer could boomerang.

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

More Stories on : Security | Insight | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Igniting IT with embedded systems

Copyright © 2007, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line