On blocking the Palm Pre

| Comments (2) | COMSEC
As you may have heard, Palm and Apple are currently in an arms race over whether the Palm Pre can sync with iTunes. When the Pre first came out, it synced with iTunes. Apple recently released a patch to block it, and Palm released an update to the Pre that counters Apple's blocking. The current round centers on USB vendor IDs. USB devices have a vendor id which identifies who makes the product. iTunes apparently checks for Apple's vendor ID. Palm is impersonating it, so the Pre appears to be an iPod.

It should be readily apparent that there's no technical way for Apple to prevail with this kind of strategy; as long as there is a single fixed string that a valid device emits, Palm just needs to get a copy of that string and send it to iTunes (communications security people call this a replay attack). That doesn't mean that Apple can't win, of course. For instance, they could convince the USB Implementor's Forum that Palm is violating the rules (Palm has already complained about Apple). I don't know what, if any enforcement powers USB-IF has, but if they have any, Apple might conceivably convince them to stop Palm. [Question for any lawyers: does this change by Palm "circumvent a technological measure that effectively controls access to a work protected under this title" in the sense of the DMCA?] Another way to get past the technical replay problem is to make the replayed string something that Palm can't legally replay, like a random section of the iPod firmware.

Even if we limit ourselves to technical approaches (which is much more fun) there are straightforward technical measures by which Apple could have built the system to make what Palm has done essentially impossible. For instance, they could have given every i{Pod,Phone} an asymmetric key pair and certificate and forced each device to authenticate prior to syncing. This would have made Palm's job very hard: even if they were to recover the keys from some devices, Apple could quickly blacklist those devices—including having an online blacklist which iTunes checks. Since the whole point of the exercise is to make things easy for the user, forcing them to constantly download fresh keys to their Pre seems like a real imposition.

However, it seems that Apple hasn't built anything like this into their systems and it's a bit of a challenge to do it now; we somehow need to initialize each device with a key and a certificate. There's of course no problem in loading new firmware and having it generate a key pair, certificate signing request, etc., and having it signed by Apple. But of course the Pre can do the same thing, so we've reduced it to a previously unsolved problem. One could imagine that Apple could force the key generation/certification process to happen online and torture the device with a bunch of forensics. Palm can of course try to defeat those, but since Apple just needs to change their servers which they can do rapidly, this makes Palm's job somewhat harder. And of course if we're willing to allow legal measures, Apple could force you to click through some license attesting that you have an Apple device, maybe check your serial number, etc. Ultimately, though, I'm not sure you can get past this bootstrapping problem with purely technical measures.

2 Comments

Apple should maybe give up and openly allow iTunes to sync with other music players. Yes, they'd really like it for everyone to own an iPod, but they insist on trying to push iTunes out with Quicktime, so I think they really do want everyone to use their software/music store. More people would if they weren't required to use an iPod as the player. Seriously... This strategy made some sense when their music had DRM, but now this is just Apple being weird.

I think you're right about the USB guys having a case against Palm if they're using Apple's Vendor ID. http://www.precentral.net/how-palm-re-enabled-itunes-sync

Leave a comment