Configurable or Secure, pick ONE

<soapbox>

Recently I posted a comment about a vendor who is starting to sign their firmware, which is good for security. Paul points out in the comments section of that post the other side of that situation, configurability:

https://firmwaresecurity.com/2016/04/14/schneider-to-sign-plc-firmware/#comments

Today, Brian of Intel’s UEFI team points out a story about new Apple laptops including tamper-resistant screws:

http://gizmodo.com/apple-will-know-if-youve-tampered-with-its-new-macbooks-1773045604

As Paul mentions in his comments, Google makes a ChromeBook targetting developers with a Developer Mode, a screw to turn to let you override firmware/OS security.
https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices/chromebook-pixel-2015#TOC-Developer-Mode

I hope PC/smartphone/tablet/router/IoT vendors consider the situation of the consumer in a use case when the company abandons the product and no longer offers firmware/software updates, and the only person to refurbish the flaws in the unsupported firmware is the user, and they will need the ability to bypass the security features that only permit the company’s firmware from being loaded, or else the device will be a useless brick. The model that Google ChromeBooks have: a Developer Mode, may be the best option. If you are unsure about this, do an experiment with your next device, add a similar Developer Mode it to some models, and charge a bit more for hobbyists, and see if there is a market. Abandoned products aside, advanced users can build better firmware/software than you can, look at how the camera hackers have added features the vendor never thought of? This is another way you can grow the ecosystem and popularity of your device, and generate more sales/profit. Don’t seal all devices in the name of security, please.

</soapbox>

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s