Friday, February 27, 2009

Me - diving into the deep end and drowning

So this post all got started because I had a hard time with comments someone made about the Kindle. As I type this I see where the term "fanboy" came from. I was reading a post by the Hoff about the Kindle and his Security Thoughts.
To some degree I agreed that the device was missing stuff. I then proceeded to read the comments that followed the post and I took offense. I still don't know why - if I figure it out I will share the news.
I took 4 pages to write this or as Hoff pointed out to me "Um, you know nobody will read that much...that's my point, I think you're going off the deep end... ;0"

So here's what follows...

After some debate with Hoff on twitter - I figured I should bring my comments here. I was moaning about FUD (Fear Uncertainty & Doubt) with regards to the comments made about the Kindle.

I feel like his comments are FUD because with a little research he could very easily have discovered that the holes he decided were there had mitigations or were misguided because they needed some research to see how things really worked.

Both Hoff and Roland support the idea that “security versus convenience trade-offs are getting more slippery these days.” This is a valid argument for dozens of consumer devices – iPhone, iTouch, U3 USB Keys all come to mind immediately.

I feel that Hoff highlights security flaws that are inherent to the device’s individual operational specs. The device doesn’t lock, you can’t control content, etc. Roland chooses to argue that the device is insecure because of the device’s operation on the network. In Roland’s case I had some trouble swallowing them:

1. Amazon now have a copy of any document you convert. Who knows who can see it, if it's been stored somewhere it can be accessed, etc.?

Amazon only has a copy of your documents if you opt to go with the method of sending them docs via email. It costs money. Amazon as well as multiple articles all within a google search show how easy it is to use mobi pocket creator to convert word, and pdf files over – and then with a easy drag and drop right into the kindle. BTW most pdfs just don’t look that goood – it’s a problem with the standard that Amazon chose.

Your response might be that’s too hard, who is going to do the research – if you are actively using the Kindle as a doc repository for docs that shouldn’t be out of your sight then you deserve what you get.

2. Everything on the Kindle apparently runs as root; the device itself is accssible via USB/serial console during boot, and the filesystems are mountable via plugging the device into a computer via USB. Very easy to trojan (or even bot!) someone's Kindle.

I can’t really argue this. I don’t understand it. I don’t know why they did it that way. Seems foolish for multiple reasons.

Now I will debate the statement Easy to Trojan (or even bot!) – hmm well I would not say easy – the preferred vector here would actually be to send you a doc through kindle email and attack that way. But then you need to know my kindle email for that - again with research I am sure you would have me. So now we are relying on Amazon to protect me – well since they have to open the doc/pdf to convert it – you are more likely to compromise them – doubtful first.

3. If you use the Whispernet MVNO service carried across Sprint's EVDO network, note that when you browse the Internet using the Kindle browser, all of your traffic is apparently proxied via Amazon proxy servers (which is totally unnecessary, as EVDO uses routable IP addresses, unlike GSM 3G networks). So, Amazon are MITMing you

Hmm Amazon MITMing me – I like that. Oh wait I am buying their product on their network and reading it on their device (I own it yes but the device is only for Amazon content – much to my dismay). Were I to hazard a guess the only time I ever leave the Amazon network is when I launch the web browser. So yes they are proxying my traffic – they are seeing all my google reader traffic.

4. People can see what you're reading, or planning on reading. People can plant potentially damaging documents/images/audio on the device in order to frame you, given that there's no security when the device is mounted via USB

Hunh, I don’t really understand this. Look at my desk, you can see what I am reading – although you won’t find that I have a small place in my heart for teenage sci-fi fantasy novels – I didn’t get enough as a teen so I still read them now.

5. You've no idea if the Kindle 'phones home' via EVDO if you're reading with the EVDO enabled, or stores up behavioral information and then sends it home when you turn on EVDO or enter an EVDO service area. It's hard to investigate this without specialized equipment or investing the time to root the Kindle, since it uses EVDO exclusively, no WiFi capability.

Of course it phones home – Amazon wants your marketing information just like everybody else. I actually don’t know this to be fact. I would worry more about the fact that the Kindle has GPS (not really but sorta GPS) where oh where has my poor cheating SO gone with her Kindle so I can come and keel her secret lover….
As noted by Amazon:
“The Device Software will provide Amazon with data about your Device and its interaction with the Service (such as available memory, up-time, log files and signal strength) and information related to the content on your Device and your use of it (such as automatic bookmarking of the last page read and content deletions from the Device). Annotations, bookmarks, notes, highlights, or similar markings you make in your Device are backed up through the Service. Information we receive is subject to the Privacy Notice.”

6. The Kindle obvious has the ability to store and trasmit such behavioral information, given that now multiple Kindles on the same account can keep in sync with one another in terms of content on your Kindle, your current location inside a given book, etc. Amazon plan to extend this capability, along with the base ereader functionality, to other types of devices, over time.

Is this information encrypted in any way? If so, is it real encryption, or is it ROT13? Is it encypted only in flight, but at rest, as well?
See my answer to question 5. The real value here is what are your preferences so that they can sell more stuff to you. Why should it be encrypted – it’s a series of numbers identifying your kindle & your accounts token – nothing of value here – well other than the fact that I just ordered a subscription to the Atlantic and the New York Times and I need my Kindle updated.

7. If the Kindle is phoning home, are Amazon selling your behavioral data to advertisers? Even if they're not, are they mining it (in addition to the data you already consciously and voluntarily give them), and is it stored securely (for some value of 'secure')?

I am going to defer to Amazon on this one:
“Information about our customers is an important part of our business, and we are not in the business of selling it to others….Protection of and Others: We release account and other personal information when we believe release is appropriate to comply with the law; enforce or apply our Conditions of Use and other agreements; or protect the rights, property, or safety of, our users, or others….With Your Consent: Other than as set out above, you will receive notice when information about you might go to third parties, and you will have an opportunity to choose not to share the information.”

And finally
“How Secure Is Information About Me?
We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.
We reveal only the last five digits of your credit card numbers when confirming an order. Of course, we transmit the entire credit card number to the appropriate credit card company during order processing.”

8. The Kindle allows you to highlight chunks of books/documents, annotate them with notes, and store them on the device. Are they DRMmed to your particular device, or are they just unencrypted text files, which can be accessed and downloaded via the USB mounting facility (I know which way I'd bet, heh).

Your clippings are .txt files that you can pull right off the Kindle when in USB mode. Why would you DRM to a particular Kindle?

9. I've never used the Kindle Web browser; does it let you store usernames/passwords/cookies for Web sites you access? If so, then they're sitting there on the flash, waiting to be downloaded via USB by anyone who can get hold of the device

The Kindle browser blows. There is no way to say anything good about it. The little configuration it does allow is choosing basic versus advanced mode.
• Set Default View Mode - lets you choose between Advanced and Basic View Modes.
• Clear Cache: Delete temporary Internet files from Kindle browser's cache.
• Clear History: Delete Internet address entries from Kindle browser.
• Clear Cookies: Delete cookies from the Kindle's browser.
• Enable Javascript: In Advanced Mode you can enable execution of Javascript on the pages you visit. Choosing to enable Javascript will probably slow down your browsing speed.
• Show Images: Lets images on pages appear - again, slows down browsing.
In all fairness to Amazon – to get to the browser you have to choose Experimental. I am not sure how security works for everyone but common sense 2.0 tells me that when I find stuff under experimental I shouldn’t trust it with my super secret stuff.
As a side I can’t find password on mine – maybe I will do a deeper dive with some other tools.

1 comment:

JC said...

i read his article and it looked ok - most of the comments here must have come from your twitter conversation. for the most part, i agree with you and wonder whether he really knows what he's talking about (see #3).

1. anybody who sends a sensitive document into the cloud, unencrypted, is a moron. unfortunately, there are plenty of them around and the ones who send those documents into the cloud will get what they deserve. it's not like wireless insecurity is a deep dark secret.

2. anybody who thinks that their device is secure when it's in someone else's hands is also a moron. particularly if they have it long enough and in enough privacy that they can hook it up to another device and download/upload to it. physical security is at the top of almost every top 10 list for securing your computing device for a good reason.

3. Hoff must have been high when he wrote that. either that or he's really a poser who has just enough buzzwords to sound respectable while not really understanding anything.

4. see #2.

5. of course it phones home. how else would the iphone to Kindle integration work ? every program phones home unless it specifically says that it doesn't. and even then, amazon could change (and publish) their privacy policy at any time and you would never know it (because you don't monitor that web page). the windows update incident of a few years back is a good example - where they never sent identifying info about you to microsoft, until they needed to and quietly changed their terms of service.

6. see #5.

7. your answer is good - for now. but companies have been known to change their policies (quietly) when they needed to. i recall an incident a few years back when some company was in financial trouble and one of the last things it did to raise money was sell off their customer data. once your data is out of your control (whether it's in the cloud or on someone else's server), it's fair game. even banks can't stop thieves. people shouldn't think that amazon is any better at stopping data thieves than the banks are(n't).

8. who cares?

9. see #2.

in his main blog post, Hoff does make a good point - not allowing the customer to turn off one-click is a serious problem. the users guide does say that you might have to log in when you try to buy something -- which indicates that maybe you're only logged in for a "session". in that case, just turn the device off long enough for it to require a password the next time and problem sorta-solved. i don't have a Kindle, so i can't check this out.

but most of the other points are places where his needs and amazon's needs diverge. they want to him to buy stuff, even if it's his kids who did it (there is a "i bought it by mistake link" available according to the users guide) - it's his fault for letting them play with it unattended. they also made it primarily for their books. if he has stuff on it that someone else should not see, they want him to buy them a kindle of their own.

personally, i don't plan to ever buy one - the economics are just not there. i can wait long enough for a popular book to cost under $1 in the amazon used book market (sometimes only takes a few weeks). and other books i need (mostly technical) probably aren't on the kindle - i've checked.