August 29, 2007

iPhone's SIM Locks: Hardware vs. Software vs. Lawyers

If you care, you already know the iPhone's SIM has been successfully unlocked to work with carriers other than AT&T. GMSV has a good round up.

The blog "Finding JTAG on the iPhone" is a cool read into what it took to unchain the iPhone in hardware. The site's author, a soon to be college freshman, says each unlock takes about 2 hours of time, making it a fairly labor intensive process and thus a pretty solid hurdle to breaking the phone's SIM locks. If only there was a way to do it in software....

Which brings us to this Engaget post that verifies a software hack created by a group that reportedly had 6 people working full time since the launch to develop a way to free the iPhone from AT&T.

6 cheap consultants for 2 months = $800 per day x 6 people x 40 to 50 days = as little as $190k and more likely around $400k for leet folks sounds like a lot for a flakey device with unrealistic expectations. However, even at those cost levels and assuming a $100 charge per device, the breakeven is around 2 to 5 thousand devices. Assuming iPhoneSIMfree has a monopoly for even a month or two, they will probably do fairly well. The site is currently looking for people interested in buying 500+ unlocks which is a pretty smart way to get others to sell 3000 unlocked iPhones to internationally based Apple fanboys as fast as possible.

Finally, if you can't lock them out in software or hardware, call the lawyers, professional unlocking businesses like Unique Phones (who claim 2.9 million unlocks since 2002) are claiming they too have a software based method of unlocking the iPhone, but they had a tough weekend with calls from AT&T's lawyers.

Involving lawyers begs the question of whether or not the Carterfone decision applies to mobile networks (it should.) The DCMA legislation has already been rejected as an avenue for many things, including keeping phones locked to networks. Hush-a-phone v. FCC set another similar precedent.

Conspiracy theory: Apple wants Carterfone to apply to wireless networks and knew that this would force the issue?

Legal Update: Selling unlocked phones for fun and profit might not be kosher.

Update 2: iUnlock has gone open source - see full story at Engaget

Posted by Abner at 04:31 PM

August 20, 2007

Even (or especially) contests could use a security review

From the "Add to blog bookmark folder..."

Business week has a series on a CNBC sponsored online stock picking contest where many cried foul when contestants figured out how to game the web app running the contest.

Posted by Abner at 10:02 PM

August 01, 2007

Vendors Responses: Voting Machines and the Pwnie Awards

Avi Rubin comments on "the "laboratory" defense employed by voting machine vendors.

And in other news of Lame responses to security vulnerabilities, here are the 2007 Pwnie Award Nominees.
Of interest to marketeers: Lamest Vendor Response, Most Over-hyped Bug, and Best Song.

Posted by Abner at 12:22 PM