Linked by TADS on Tue 24th May 2011 21:13 UTC
Google Even though Google supports (some might say encourages) unlocking the bootloader and gaining root access on its own Nexus line of Android devices, it's currently blocking the newly announced Google Movies service on rooted devices.
Thread beginning with comment 474445
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: so the next step ...
by Alfman on Wed 25th May 2011 01:23 UTC in reply to "RE: so the next step ..."
Alfman
Member since:
2011-01-28

".. is to add a simple way to make it appear, to a particular app, that the device isn't rooted when it is."

I wonder if a rooted device becomes blacklisted? Or if google deploys an application to determine if it is _currently_ rooted?

"DRM is useless."

Yep.

It's security by obscurity, inherently broken.

Reply Parent Score: 2

RE[3]: so the next step ...
by vodoomoth on Thu 26th May 2011 10:46 in reply to "RE[2]: so the next step ..."
vodoomoth Member since:
2010-03-30


It's security by obscurity, inherently broken.

Just to satisfy my curiosity (and don't take this as a hint that I hold a point of view opposite to yours), what kind of security isn't "security by obscurity"? I mean, I use TruCrypt on one specific volume... and the security of what I store there is based on no one but me knowing the password. Ditto for my debit card, my computers, my online accounts, etc. It seems to me that every kind of security I ever face is based on some kind of obfuscation or secrecy, a.k.a "obscurity".

If this is "inherently broken", I wonder what would save us.

Reply Parent Score: 2

RE[4]: so the next step ...
by Alfman on Thu 26th May 2011 17:41 in reply to "RE[3]: so the next step ..."
Alfman Member since:
2011-01-28

vodoomoth,

"what kind of security isn't 'security by obscurity'? I mean, I use TruCrypt on one specific volume... and the security of what I store there is based on no one but me knowing the password."


Security by obscurity is a term applied to those who rely on obfuscated code and/or not non-disclosure of source in order to protect content. This is opposed to using mathematically sound encryption algorithms in a correct way.

Encryption can only protect content from 3rd parties who do not possess the keys (obviously). And herein lies the fatal flaw inherent in all DRM - the keys are necessarily distributed to the end user.

All DRM, from microsoft, apple, real networks, digital cable boxes, and so on are flawed and will always be flawed due to the fact that they are using secure encryption algorithms in an insecure manor. So while the encryption algorithm (ie AES) is secure, the DRM implementation inherently suffers from the need to obscure the keys from the very party who will be using the keys.

DRM can make the attacker's job more difficult, but in the end it cannot be made mathematically secure due to the fact that the keys exist on the same endpoint which the DRM is attempting to restrict.



"Ditto for my debit card, my computers, my online accounts, etc. It seems to me that every kind of security I ever face is based on some kind of obfuscation or secrecy, a.k.a 'obscurity'"

Well it's true, there may be a semantic exception for "passwords". But encryption is unlikely to be the weak link in any of the examples you cited. It's much more likely for a partner to suffer a perimeter breach where the attacker has access to the unencrypted data.


"If this is 'inherently broken', I wonder what would save us."

Encryption is still sound against third party interception. It's the DRM model which is inherently broken, mathematically speaking.

Reply Parent Score: 2