Source: engadget

Apple is now shipping (and probably has been shipping) iPhones and iPod Touches with a bit of extra software in firmware 2.0 in the form of a rootkit.

This is an outrage.  The fact that phone / device manufacturers get away with this kind of crap makes my blood boil.

It seems that Apple has finally taken things a step too far with the whole notion of “It’s still our device”.  When you buy a piece of electronic equipment, you are entitled to use it however you see fit; if that entails throwing it at a brick wall, flushing it down the toilet, using it for a sanding block, etc.

This also included hacking the living crap out of it, in my opinion.

When you buy a computer or build a computer, no one is there to tell you “don’t load Linux onto it or I’ll turn it off remotely from BigBoxHQ”, yet that is exactly what Apple is trying to do.  Some enterprising individual took apart an iPhone’s software only to discover that embedded deep within the core of the OS lies a “phone-home” rootkit.  It is a rootkit by the very definition of rootkit, and after the break we can examine the examples of how Apple ships your iPhone and possibly iPod Touch with a rootkit installed.

Source: Wikipedia

“A rootkit is a program (or combination of several programs) designed to take fundamental control (in Unix terms “root” access, in Windows “Administrator” access) of a computer system, without authorization by the system’s owners and legitimate managers.”

1.) They aren’t the owner or manager of your device any more than GM, Ford, or Chrysler are the manager of your car.

“Access to the hardware (i.e., the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware.”

2.)  They do this all remotely and without your consent.  Can you say invasion of privacy?

“Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms.”

3.)  I stopped wanting an iPhone when I heard it was nearly impossible to have the newest firmware and keep a root shell.  Unix on a phone?  Where do I sign up?  Full remote root access for someone that isn’t me?  Fail.

“Often, they are Trojans as well, thus fooling users into believing they are safe to run on their systems.”

4.)  Not only are the customers fooled, they’re taken advantage of.  I can safely say that most iPod / iPhone owners probably don’t want Big Brother watching their every move.  There is no disclaimer that mentions this anywhere when your purchase an iPod / iPhone, no documentation of it on Apple’s site, no public knowledge of it whatsoever.  This is the kind of thing the USA does to terrorist organizations to trace them, not what private industry in the USA should be doing to its citizens / customers.

“Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system.”

5.)  And that is EXACTLY what is being done.  You can’t just run a quick ps auxwww to see what’s up, nor can you sift through the source code one one of the most personal pieces of electronic equipment that nearly everyone interacts with intimately.

Case in point, now that I know this I wouldn’t be caught dead with an iPhone.  A-GPS + all your contacts, text messages, call history, e-mail, calendar, Internet activity + Big Brother tech in every bite?  No thank you Apple, I will stick with my totally hacked to pieces HTC Apache.

The topic of the tyranny of carriers deserves its own topic, locking down phones (infamous Verizon / RAZR example) with crap firmware, selling devices then never offering software updates.  My current handset was sold with Windows Mobile 2003, I upgraded it manually to 5, 6, and now 6.1.

Why do carriers not offer these upgrades that greatly enhance the customer experience with the device for free?  I paid $400 out of pocket for my device, and through software upgrades that I have performed myself I have made the device worth close to that.  However, it is still a CDMA phone and thus locked to a certain network, out of my control.  My carrier could shut off my service tomorrow and I would have no fiscally feasible recourse.  Sue them for mistreatement?  Ha.  Get out of my contact early for free by means of litigation defining breach of contract?  Bah, this is why they have legal departments.

The point to all of this is to maybe influence just one person to avoid getting locked into a two year contract at $60-$120 a month plus a few bills up front, only to find their device, which ended up costing them almost as much as a lease car minus gas, insurance, etc, is not only a complete lie, but a huge security risk.

Until there exists a decent Android phone, I shall stand by my HTC Apache as it has given me two years of semi-reliable service thus-far and will probably continue to crash and lose all my contacts, unable to be recovered except by hard reset, albeit with my favorite apps: Google Maps, Skyfire Beta, Skype Mobile, Internet Connection Sharing (note that Verizon told me that it is impossible to tether my phone and would thus not sell me a tethering plan, a $15/month addition to the already-ridiculous $45/month EV-DO unlimited data plan), WiFiFoFum, Resco Radio, Pocket Putty Beta (supports public key auth), and others.

R.I.P. iPhone 3G, you’re dead to me as I write this on my Hackintosh.