Skip to content
Home » security » Balancing safety and versatility

Balancing safety and versatility

John C Dvorak has a very simple solution to the HP printing problem. Lock down the firmware so it’s not upgradeable. And while we’re at it, do the same thing to routers and other equipment.

This solves the problem of loading rogue firmware on the devices, but there are several problems with such a draconian approach.
The first problem is that devices need to be fixed. Many devices these days run some form of embedded Linux, which is great. It reduces costs dramatically because vendors can just take the Linux kernel, bolt on software that adds whatever other features they need, and build in a matter of hours what would take years for in-house engineering to develop from scratch. So we get new gizmos and gadgets much more quickly and cheaply than before.

But what happens when someone discovers a vulnerability in the Linux kernel, or one of the other pieces that were used to build the device? It’s fairly rare, but it happens. Today, you download a firmware update and run it. Then the vulnerability is fixed and you’re reasonably secure again, assuming you pay attention to such things and download them. It’s not as automatic as the monthly Windows Updates, but it’s exactly the same idea.

Lock it down so you can’t upgrade it, and when a flaw is discovered in the DSL modem I just paid $175 for, I guess I just have to throw it away and buy another $175 DSL modem. That won’t fly. Most people will mutter a few rude words and just take their chances.

With printers there are fewer problems, but they can still happen. As a teenager, I had a Star NX-1000 printer. It was an old-school 9-pin dot matrix printer, tractor feed paper, ribbons and all. In the late 1980s, that was standard issue. For printing straight text–think DOS-based programs–it was a bulletproof printer. I never had an issue with it. But when I printed graphics, I had an intermittent issue with it. Every so often, the print head would just shoot over to the end of the line and slam itself against the side of the printer until I turned it off. I could usually work around the issue and get the job printed, whether it was by printing a smaller range of pages or by making a subtle change to the page. But it meant I had to babysit the printer while it was printing, just in case something happened. And in those days, printing a relatively short document that way could take half an hour.

The fix was to pry a ROM chip off the circuit board, mail it to Star Micronics, and a week later a replacement ROM chip arrived in the mail. I popped the new ROM chip into the socket, and never had the problem again. But in the meantime, I didn’t have a printer, and the idea of prying a chip off a circuit board and putting it in the mail gives a lot of people the willies. As it probably should.

It’s a lot nicer to be able to just download and run something and have it happen automatically. That’s the difference between computing in 1987 and computing in 2011.

Locking down the device also keeps you from being able to hack it. Hacking isn’t always bad.

Take your smartphone. If you have a smartphone, there’s a 52-percent chance it runs Android. If you bought your phone more than about 6 months ago, there’s about a 100-percent chance that it’s running an outdated version of Android and the new phones out there right now can do something yours can’t. Or they do it faster and with better battery life. Some vendors and carriers keep you up to date, and some don’t.

If yours doesn’t, hack the phone. Load Cyanogenmod or some other hacked firmware on it. Now your phone is up to date, and it might even be faster and better than a new phone would be anyway, because there’s less bloat on it. And you can pretty much guarantee Cyanogenmod doesn’t do as much to track where you go and what you do as the phone’s factory configuration does.

Another great example is the Linksys WRT54G router. That router came out in the early 2000s, and it didn’t take long for someone to figure out it was powered by Linux. So they got Linksys to release the code under the terms of Linux’s license and they started adding capability to it. This hacked firmware became something called DD-WRT. Loading DD-WRT allowed you to take that $200 router and give it capabilities only available at the time in devices that cost two or three times as much.

Over time, the cost of routers dropped, but the cost of similar devices didn’t. The only difference between a wireless router and a wireless repeater, really, is the software. But a few short years ago, wireless routers cost $50 and wireless repeaters still cost $200. So people would buy another WRT54G, load DD-WRT on it, put DD-WRT into repeater mode, and save $150. Eventually the makers of wireless networking equipment lowered their prices. And some wireless gear just runs DD-WRT on it from the factory, since DD-WRT is free and it would cost a lot of money to write something half as capable and reliable.

If you like having cheap wireless networking that works well–it’s pretty easy these days to find a fairly capable wireless router for under $30–DD-WRT is part of the reason why you have it. If it wasn’t possible to hack the firmware on devices, wireless networking wouldn’t be where it is now. Routers would cost more, and repeaters, if you’re unfortunate enough to need one, would cost even more.

Openness always wins out over black boxes. The IBM PC architecture won for two reasons: It was backed by IBM, and it was open. Better technologies came along shortly after the IBM PC, but because the IBM PC was open, it was possible to extend it to keep up. IBM backing gave it momentum, but had it not been open, it would have died out after a few years, as IBM learned the hard way with the PS/2 line and Microchannel. The PS/2 was backward compatible with its predecessor, but it wasn’t open. And it died. If you’re reading this on anything other than a tablet, smartphone, proprietary Unix workstation, or pre-2005 Macintosh, you’re reading this on a descendant of that open-architecture IBM PC. Yes, even a modern Macintosh uses IBM PC-compatible hardware.

The advice of HP printer hackers is sane and reasonable, for HP printers: require some kind of authentication to verify you mean to make the update, require a signature to validate that the update came from HP, and the ability to physically disable it at the printer for added safety.

I think that’s fine for printers. Requiring a digital signature for all devices causes other issues, though. If my phone or tablet requires a digital signature, then I can’t load Cyanogenmod on it. If my router requires a digital signature, I can’t load DD-WRT on it.

True, these are things the 99 percent probably don’t have any interest in doing anyway. But that remaining 1 percent is where the innovation happens. The 99 percent aren’t interested right now in what the remaining 1 percent are doing, but what that wild and crazy 1 percent are doing will make life much better for the 99 percent in a few years, when the best of those ideas become mainstream. Turning a $50 router into a wireless repeater was a crazy thing the first time I did it, probably back in 2006. Today you can buy a wireless repeater for less than $50, and a lot of people do it. Writing a Unix-compatible operating system from scratch as a hobby was so far beyond wild and crazy as to be off the map, but it led to Linux, which led to all sorts of neat, inexpensive things.

Crippling the 1 percent is a short-term gain, long-term loss for the 99 percent. Making you jump through hoops to modify it is fine–you can’t load firmware onto a Linksys router without a username and a password, and then you have to navigate to a buried web page on the device, load the image, and hit a confirm button a couple of times. You’re not going to do it accidentally. You’re not going to accidentally load Cyanogenmod on your smartphone either–you generally have to do something weird to gain sufficient rights to do it (rooting the device), then insert a memory card containing the image and boot the phone off that.

Life is all about accepting certain risks. Water can kill you. Yet you can’t go without drinking water for more than about 3 days and expect to live. Too little or too much security is like too little or too much water.

If you found this post informative or helpful, please share it!

1 thought on “Balancing safety and versatility”

Comments are closed.

%d bloggers like this: