User Tools

Site Tools


eop:essays:cheap_devices_dichotomy

Cheap Devices Dichotomy

This dictation is my interpretation of what ways cheap devices can commonly be created, in relation to the function and potential of EOPs. In essence, there are 3 ways in which manufacturers of “lower cost” electronics make their device. One is beneficial for EOP and open, one is harmful to EOP and protective, and one is mixed.

Option 1: “What Vulnerabilities?”

With this option, the device is usually found to be very easily exploited. It's usually a matter of just sending files, entering a basic developer menu, using a simple and known exploit, and other “plug and play” style hacks. Behind this option, is a company that thinks “it's so cheap that we don't even care what they do with it”. These companies usually won't have any “bulk” deals, so thus they are more focused on a hardware based profit, to make up their deficit. Simply selling the device puts them in the game, with no concerns about extraneous software or addons.

The device likely takes little to make, and is aimed at a market that is far away from the realm of exploits. Thus, the company sees no real loss to the device being exploited. At times, these devices will be cheaper due to hardware changes, in contrast to Option 2. Such devices are the best to find in the realm we cover, as usually their hardware can become nice WinCE or lightweight linux interfaceables.

Most of these devices originate from lesser known companies; these sorts of brand names aren't really familiar. Companies like them do not have a cancerous monopoly or R&D, so they know wasting money on security will give them no market safety. A good example is this cheapo mid-00s media player meant for kids: https://elinux.org/JuiceBox

Option 2: “Fear of Exploitation”

In this circumstance, the device in question is usually a difficult puzzle to crack. Exploits may be patched, hidden, convoluted, or at times, completely nonexistent. Classic methods will break for no reason, and seemingly obvious workarounds will be completely useless. Behind this option, is a company that knows their device has more power than it lets on, so thus, they must protect this fact, lest they lose money from people using it for more than it was meant for.

These devices are likely slightly more expensive on the hardware side, originating from a company that either makes their profit from software/support, or a company that saves cash on hardware by shaving off extraneous features. A good example would be a product with a “high” and “low” end variant, where the “high” end has an SD card slot, a USB port, a larger battery, and a better screen. In contrast, the “low” end variant, while still having the SD car d and USB on the board, has no access to these ports on the actual case or IO. Furthermore, the battery is of lower milliamp hours, and the screen is the lower resolution basic TN type.

Such devices are made typically with a “bulk” deal from a certain manufacturer, where a certain board is ordered to serve as the “base” across all models, with only auxiliary changes making a model “high” or “low” end. Ports will be covered and modular parts will be downgraded on the low, while ports will be enhanced and CPU clocks will be upped on the “high”. Because of this, these companies have to make their money on software (subscriptions, packages, overpriced garbage), corporate deals (sell support, keys for the corporate purposes, bulk deals), or something else (aforementioned cost-shaving modular principles). Often times, these companies will use these “bulk” deals across entire sectors of their market, using the same chip, board, or combination for many different things, since it's cheaper than ordering a bunch of different boards for different devices, even if the “bulk” combination is over/underpowered for certain instances.

Since these companies in essence, lose money on the hardware side for the lower end devices, they must compensate for it with these other methods. Device hacks completely go around this, simultaneously removing the company's ability to profit, whilst also unlocking the abilities of the stronger hardware inside. To these R&D focused companies, this is their worst nightmare. Thus, hacks must be patched up as much as possible, or else people will effectively be able to hack their $35 device or whatever, and get a $150 device by just software changes and clock increases.

Because of how these security measures take more time, whilst originating in “bulk” production deals, you will usually see this from larger companies with better known names. Those companies have more to lose, and have a certain place in the market that needs to be protected. Sony, Amazon, Microsoft, and Apple are some names to come to mind here, with examples including the PS3 (other OS removal), Fire Stick/Fire TV (lock down the reasonably powerful SoC that's being used for something low end), XBox consoles (prevent them from being used as just a PC), and the iPods (lock down the reasonably powerful SoC that's being used for something low end).

Option 3: “Combination”

There isn't much to say about this one, as it is basically a company that practices both doctrines at once, depending on the product line. Admittedly, this is quite smart, as it's picking the most efficient strategy depending on the manufacturing costs and profit methods. Magellan is one company following this, as some of their GPSes are stunningly easy to hack (just drop some WindowsCE files onto it), while others simply have a different fs and missing extra ports, causing a much more difficult hack, despite nearly identical product presentation.

eop/essays/cheap_devices_dichotomy.txt · Last modified: 2023/02/26 18:39 by io55admin