Currently under the Digital Millennium Copyright Act (DMCA) in the United States it is illegal to circumvent Digital Rights Management (DRM) technology in a device.
Technically speaking things like jailbreaking your iPhone, rooting your Android and modding your Xbox can be considered a circumvention of DRM and are illegal.
The Electronic Frontier Foundation (EFF) has made a formal request to the US Copyright Office to consider exempting these activities from enforcement under the DMCA.
To us gadget geeks, this is great news. The ability to install Linux on our PS3 or install metasploit on our Android devices will result in hours of lost productivity.
If the EFF is successful how will this impact the security of these devices though?
Going against the wishes of your vendor can turn out to be quite the double-edged sword.
The good? In addition to the freedom to do what you like with your devices, it provides an opportunity to make them more secure if you have the knowledge.
For example you can load an updated Android operating system that has security fixes long before your vendor gets around to providing you with the official fix.
Maybe you don’t like the Carrier IQ software your mobile carrier installed. You could remove it more easily.
Possibly you don’t want to have to wait for Apple to get around to blocking the latest root certificate that has been compromised.
While some of us know how to do these things and try to take advantage of open access, many smartphone/game console users want to hack their devices to pirate games and software, even if only to “try before I buy”.
Once you have removed the protective aura from your device you may be getting into deeper water than you can swim in.
A perfect example of this was the ikee worm for iOS. Not only did it Rickroll your iPhone, it only worked if it was jailbroken.
Why? Because the jailbreaking tool used by the victims enabled the SSH daemon on their phones in addition to the jailbreak. It turns out that all Apple iOS device root account passwords are “alpine”.
Knowledgeable hackers would change the password or disable the service, but people looking for free hacked version of Angry Birds didn’t know they were at risk.
We see a large amount of pirated software for Windows and Mac with embedded Trojans, and there is no reason to believe the same won’t be done for game consoles and smartphones if enough people put themselves at risk.
Don’t get me wrong, I support the EFF’s efforts and hope they are successful. It’s just that this new flexibility also comes with responsibility.
Hack the world! Just remember that you are on your own if you thumb your nose at the manufacturer of your device.