Wednesday, February 25, 2009

Thoughts re: Remote Wipe of Prototype Phone from MWC

As some of you may already know, a prototype WM6.5 device (according to reports, a Diamond 2 or Touch Pro 2) was stolen from Mobile World Congress last week.

Industrial espionage expert Les Goldsmith already told the Daily Telegraph that this could be very bad for Microsoft if the beta's bugs are reported before the final product is released (does anyone really expect MS to release something that is 100% bug free??).

Luckily for MS, they have reportedly performed a "Remote Wipe" of the data, including the OS, as soon as the phone was reported stolen.
Whew, that was a close one, Microsoft!

However, this is raising a lot of eyebrows in the mobile user community. Remote wipe of data is nothing new- its already possible if you are set up to sync with an Exchange Server, as a security precaution. That's an understandable data security feature for private info- a corporate exec or celebrity loses their phone, it can be remotely hard-reset (storage card included) before anyone can copy the sensitive info out of it. It won't return your lost hardware, but at least your data is safe. In some cases, devices have the option to be rendered useless, as a theft deterrent system (marking an ESN or IMEI number as "bad" so that networks won't activate it).

However, how does an OS-wipe work?
Do they remotely send a command to wipe out the ROM? Does it format its own EPROM chips so that you can't even get to the bootloader? This is entirely new- and, I might add, entirely unlikely.

First of all, why would this feature exist? Aside from the current situation (in which Microsoft is preventing its unreleased OS from falling into the wrong hands), when else would a remote wipe of the OS EVER be necessary? Would a user EVER want this done?
It seems very unlikely that Microsoft would go through the trouble of devoting R&D time to this kind of safety feature, just for the MWC. Clearly Microsoft is taking its sweet time innovating for the OS as a whole (judging by how far away the legendary version 7 is slated to be), so are we to beleive that development is being slowed because they are wasting their time with temporarily useful security precautions?

No, I think there may be something very fishy about this story.
Here's what I think may have happened:

Sol's phone was stolen, but they can't really remotely wipe the ROM. Its possible that they only did a remote wipe of user data using standard Exchange features. This means the ROM and 6.5 OS are still at large, however the press and/or MS Employee quoted heard the term "remote wipe" and assumed the Microsoft secrets were secured as well.

Sol's phone was stolen, and the MS code can be extracted and leaked. Microsoft comes forward and claims that the ROM is "remotely wiped", which will make people less interested in trying to find the leaked ROM online.

Sol's phone was never stolen, however there are already unofficial early betas of 6.5 floating around the net since before MWC. Microsoft, in fear of having the bugs reported before the software could be ironed out, claims that the ROM was stolen, but "remotely wiped", which will make people assume 6.5 roms floating around are merely unofficial hacks trying to get publicity, or at worst able to be remotely wiped by Microsoft! This may keep more people waiting for official 6.5 release devices.

Its also possible that this whole thing is a publicity stunt to show how versatile and synchronized the new OS is. Lose your phone? No problem- we can remotely do things you never dreamed possible. Does this feature really exist, though? Perhaps, although I still find it unlikely.

Now, its possible that Sol's phone was stolen, and that MS was able to lock out the phone using a remote bomb command to prevent potential theives from using the phone. Betas of 6.1 used to have a timebomb built in as I recall- to avoid it being leaked out and used on a large scale, they included a snippet of code that would prevent the OS from operating after a certain date. The final version of the OS could easily have this snippet of code omitted, leaving everything else intact.
Its entirely possible that MS included a remote-bomb along the same principles... namely, send a command to lock the user out of the phone. Such a command would NOT format the ROM however, and much less prevent someone from dumping the ROM, finding the lock and removing it (as someone did for 6.1, if I recall correctly).
It could also be an exposed new feature for OTA updates- it could be pretty useful to have portions of the OS update over the air with carrier updates (MS has included Windows Update on WM devices, but to my knowledge nothing has ever appeared on it). If stolen, perhaps they rolled out a bogus update that fried the bootloader. Unlikely, but possible.

Perhaps Microsoft really DOES have this feature, and if so its a very scary one indeed. This raises the same questionable practices Apple instituted with its "kill switch", namely that they have the ability to remotely lock/shut off/wipe portions of the code running on your phone. Now, in Apple's case they claimed it was to help prevent rogue code or faulty apps that might do damage to your handset, but of course that's what they would claim. No one wants to beleive in the whole "big brother" controlling their device, and many people are happy enough just assuming its for their own benefit.

Are there any other theories out there anyone would care to share?