On Fri, 2008-11-07 at 18:27 +0000, David Given wrote: > Josselin Mouette wrote: > [...] > > Or so you think. There are people who can read assembly and hex just as > > easily as I read C sources. It would probably take only a few days of > > testing for a hacker with the appropriate skills to remove firmware > > restrictions for reaching a frequency range, for example. > > I believe that most if not all firmware images these days are signed or > encrypted. Often very weakly! In some cases there's just a checksum to reduce the risk of accidental corruption, rather than deliberate modification of the firmware. > [...] > > In such cases, there needs to be > > some appropriate process to validate the new versions and to enforce it > > legally. > > Yup. Unlike most software, wireless stuff is rather indiscriminate about > what it interacts with. Wired ethernet is easy to control, wireless is > much less so; your right to experiment with wireless protocols does not > extend to preventing me making emergency calls. > > The EM spectrum is very subject to tragedy-of-the-commons abuses. It's > in everybody's interest to ensure that people follow the rules when > using the EM spectrum, which is why regulators like the FCC have the > powers they do. > > [...] > > This is what those keeping their sources closed wish. But there are no > > fairies to grant this wish. > > Actually, I strongly suspect this is because most firmware images > contain proprietary embedded operating systems and/or proprietary > third-party libraries... Many of them don't have operating systems. But proprietary libraries, yes, this is one of the reasons Intel has such onerous restrictions on distribution of ipw2100 and ipw2200 firmware. Ben.
Description: This is a digitally signed message part