Unlocking your SPV

[Guest yatpeak]

Since we seem quite close to having set up this freeware company is there really any point in de-certifying my phone?

Thanks,

Wyatt

[Guest Bazz]

Reason to decert:

* It's easy. Yes it takes a few goes, but it's not rocket science.

* You can do it now. Even if this company is set up it takes ages to sign stuff.

* Access to all software. The company might decide not to sign something.

* Latest updates. Presumably updates will only be signed every few months to save wasting expensive signings.

* Can develope you own software.

Reasons to not:

* Hassle of backing up phone and setting it up again to your liking.

* Hassle of doing it (some people have tried it 10 times to no avail).

* Fears about screwing up phone/invalidating warranty (unfounded IMHO).

* Fears about viruses (unfounded at the mo IMHO).

* Any point if Orange release update? (however we've no idea when Orange will release update or whether this will prevent certification).

I've done it and haven't looked back, but it's a personal decision,

Barry

[Guest Monolithix [MVP]]

We arent _that_ close to getting a freeware company. Still awaiting a reply from GeoTrust about purchasing certificates.

[Guest Steve_Medin]

I'm not trying to be the bad guy here, just keep people informed.

The SPV, as shipped, is designed to be operated in locked mode. The risk of a virus to one Orange subscriber is small. The risk of a virus to the Orange network is huge. The risk of having devices on-network that can run any-old-Bob's privileged code is a liability I shudder over.

Microsoft has brought out a powerful device that can coexist with other powerful devices without causing havoc. The folks that figure out video game cheat codes went at the device full bore, and now we have pieces all over the floor.

While I don't speak for anyone but myself, I can't see this risk persisting and complying with the acceptable use agreement inherent in the service plans. I would not make any plans around a long term unlocked device unless you are a software developer and you execute a specific agreement for that purpose.

[Guest Paul [MVP]]

Posts like this confuse me somewhat...

Where do the Trium Mondo, Jornada 928 and XDA fit in here? All completely unlocked devices that can be used on any GSM network?

P

[Guest DJHope]

Yep agree with paul here. Are their not more pocketpc phone edition devices about than smartphone's? They are alot more powerful having processors up to 400mhz, surely a network of them would come into the SUPERCOMPUTER category?

Although i understand the "protecting the network" issue, surely allowing unpriviladge cert couldnt hurt oranges network and if it hurt the device why dont orange charge a small fee and let you unlock your phone to unpriviledged cert level.

The money they generate could be used to help people if they install bad applications on their phone, obviously an app at unpriveledged cert level couldnt ring a foreign country for hours only hurt your device, but that extra cash you have paid has ensured that orange can get your device back if that happens, surely using an mmc card backup can revive it!

Oh i forgot that would put you guys out of business!

DJ Hope

[Guest Monolithix [MVP]]

The point is people, in gerenal, want access to the unprivelidged area of the phone only. Of course if there was a modification available that allowed access to the privelidged area's Orange would have much more cause for concern.

Something that has just occured to me to ask is once an application is certified, does this allow it access to the privelidged area as well as the unprivelidged? If so is it possible to sign applications with certificates that allow unprivelidged access only?

(Unsurprisingly), no-one here is openly admitting to writing software that may allow ort try to access the privelidged area of the phone, and almost all software available through this website has been followed through development by the other users in the form of beta testing.

I'm not saying there is no risk, and i fully understand the fact that over all, you _just don't know_ what will happen when you run a random application you found on the internet.

If Orange had been less strict on the certification rules on the unprivelidged area of the phone, or given a choice or opertunity to remove it in that area, there would have been less outcry over it.

I am also interested in how the SmartPhone devices differ to PPC Phone Edition.

[Guest DJHope]

Monolithix, if what i am led to believe is correct, only orange can sign applications to the priviledged level if you sign anything with baltimore/geotrust's package it is unpriviledged!

DJ Hope

[Guest Steve_Medin]

The Smartphone and SPV are intended to be mass market devices. That breadth of scope means a worm is a much greater evil, and a phone that doesn't work like it did the day you gave it to Granny is going to cut off your apple pie supply.

PocketProtector early-adopter devices like you've listed cost themselves and complexitize (gimme some slack there) themselves out of the mass market.

Did you ever notice that once the Internet got turned over to AOL users, it became a much less clueful place? This time, let's arm the lemmings with a fighting chance.

Mono, DJ's got the signing situation straight. Privilege is privilege, and unprivileged is not.

As far as how Orange should configure the device for unprivileged access, that's up to them. Microsoft gives them the flexibility, Orange decides the implementation.

Unsigned code is harder to shutdown if it goes haywire, especially with a self-morphable virus that results in no way to calculate a hash over the file since it keeps changing itself. Since digitally-signed files on a locked device cannot be modified, a morph virus would get shutdown in one generation.

I can't make specific comments about Microsoft's plans, but the security progress made on the Smartphone should have a good home in the PPC world someday. Mobile Devices group at Microsoft owns the roadmap to both units and convergence is not that unrealistic.

[Guest DJHope]

As far as how Orange should configure the device for unprivileged access, that's up to them. Microsoft gives them the flexibility, Orange decides the implementation.

So does that mean you dont even understand why we dont have unpriviledged access? It sounds like that from that answer!

DJ Hope - offcially an addict ;)

[Guest Steve_Medin]

Orange decided that all software must be signed.

To the best of my knowledge, there is currently no granularity to allow unsigned apps only in unprivileged mode. The kimono's either on or off.

[Guest DJHope]

I dont see why orange have to be so stubbon, whats the worest that can happen in unprivliedged mode it can only interferre with your handset. Surely if you accept the responsility of destorying your handset each and every time you run an unsigned app ala p800 it cant compromise anyone elses since that requires radio functions.

Maybe microsoft arnt quite so confident that their security methods wont let unpriviledged applications run riot!

DJ Hope

[Guest Steve_Medin]

Certificates and signatures are a darn good thing to rely on, until they are circumvented. They've been bypassed, but not by any doing by Orange or Microsoft.

In my perception, the Smartphone's security is what operators have been looking for for a long time.

[Guest DJHope]

I know for a fact that a danish(?) operator who offer the p800 allow unsigned apps in unpriviledged mode (it warns you before intstalling unsigned apps) why isnt that secure enough?

If another operator comes along with a smartphone handset that allows unpriviledged apps to run im not staying with orange, and i believe many others feel the same.

EDIT: Also i wonder what the legalities will be if one operator offers handsets that allow unpriviledged apps to run and another wont (e.g orange) surely then when i want my phone unlocked because i dont want to use it on oranges network they will have to remove the certification requirement since i shouldnt be governed by their security policies on other networks?

DJ Hope

[Guest Kallisti]

Steve,

With all due respect, the only reason Orange are pushing this signing requirement is so they can have software partners in a non-competitive environment.

"there is currently no granularity to allow unsigned apps only in unprivileged mode"

This isn't true. At the very least they could require it to be trusted by a publically availble (private) certificate.

Regardless, other than morphing virii, code signing simply allows you to trace who wrote it (or tricked the signing auth into believing they were someone else), the threat is still out there..

[Guest DJHope]

Yeh hackers are VERY intelligent they do it for the challenge you are simply offering a greater challenge which will make their mouths water. I seem to remeber that somebody stole a large number of microsoft certificates and i know for a fact that the xbox linux crew are VERY keen on spoofing the xbox cert, id be much mroe worried by threats like these.

DJ Hope

[Guest Monolithix [MVP]]

Thanks Steve, you managed to clear that up in an earlier post, and answer another of my questions here.

To summarise, when Orange can signs an application, it gets full privilidged and unpriviliged access to the phone. However Balitmore/GeoTrust cert's only give unprivilidged access to the phone. Finally, as it stands at the moment there is not way to leave the unpriviliged area certificate-free while still locking down the priviliged area.

At least this provides a little more insight into Orange's reasons. If only the information was more accessible people (especially in this community), they would be less irritated by the certification issues.

Edit-- er sorry, this post was meant to go in at about 6:30, didn't notice it hadn't posted properly though :/

[Guest Steve_Medin]

The signatures involved use 2048 bit numbers. Take a look at the Bovine Project to see how much computing power has been brute-force applied to trying to crack a single 56-bit key. Now keep in mind that the brute force to crack a key goes up by a factor of two for each bit.

There's a reason why this technology is what's protecting credit card transactions on the web. As a by-product, it just so happens to offer a tamper-proof signature system, both on code and documents. Many countries are implementing digital signature rules that are treating a digital signature with equal validity as ink and handwriting analysis.

We just need to make sure the certificates involved don't fall into the wrong hands.

[Guest Steve_Medin]

Mono, that's my justification for being active here, to manage the rejection of signed code. There's a lot I can say that isn't being said, and I share everything I can that's relevant. There are topics I can't discuss and won't discuss and I'll be clear when I need to refrain. Otherwise, everyone here can count on getting the straight deal without spin.

[Guest Monolithix [MVP]]

Yep of course, i assume Paul and Ron are both in similar situations. You're help is appreciated all the same.