Prev: Regression testing for /* CAN'T HAPPEN */
Next: MII Management Interface, turnaround bits
From: D Yuniskis on 31 Mar 2010 17:16
Dombo wrote:
> D Yuniskis schreef:
>> Jim Stewart wrote:
>>> Fred wrote:
>>>> What do you think? Can any of you spot any weaknesses in my little
>>>> scheme? How would you go about trying to break it?
>>>
>>> The real question is "how much is it worth to break it"?
>>> If the answer is less than $5000, your scheme is just fine.
>>>
>>> If the answer is > $500,000, your scheme probably needs
>>> a rigorous analysis. In between, I don't know...
>>
>> That *used* to be a good summary of the risk/benefit analysis.
>> Nowadays, you have to add the "novelty/desirability" factor.
>> E.g., how motivated would a *hacker* (in the sense of
>> someone who just tinkers -- not a malicious intent) be to
>> reverse engineer it. Then, how likely is it for a *community*
>> (even 3 people!) of such hackers to develop and get together
>> "on line" to share their results.
>
> If the device is hackable it could actually increase the desirability of
> the device. Examples are the OpenWRT firmware for the LinkSys router and
> the CHDK firmware for Canon cameras.

Note that the OP is basing *his* product on a COTS hardware
platform. I.e., *he* gets cut out of the picture *completely*
if his product is hacked. By contrast, linksys/Cisco still
gets to sell routers *despite* the hacks!

>> And, how "rich" will your feature set be -- i.e., how motivated
>> would folks be to hack the device so *they* could add the
>> features that you *should* have!
>
> Unless it is a popular, easily obtainable, high volume product with
> interesting features, or a hack is worth a substantial financial reward,
> it is unlikely any one is willing to invest any time to reverse engineer
> and hack the device.

<grin> I think you would be surprised at the types of products
that have been hacked/stolen in this way. I've seen folks
reverse engineer *arcade* games (not easily obtainable, not
particularly high volumes -- a few thousand of each "model",
*no* financial reward, etc.).

I've seen folks de-pot devices that they could *emulate*
in software "for free", etc.

It's foolish to cling to old cost/benefit analysis for these
sorts of things. And, since it is easy for anyone who
does this sort of thing to *rapidly* share their activities
with others, you can easily lose your market if you go down
this road.

>> With COTS hardware, you risk losing your "product" since
>> anyone hacking this can bypass you to purchase the hardware
>> on which to deploy *their* software...
>
> Or a hacked version of *your* software.
From: Swarga Research on 4 Apr 2010 00:02
Last time on comp.arch.embedded, D Yuniskis <not.going.to.be(a)seen.com>
said:

>Dombo wrote:

>> If the device is hackable it could actually increase the desirability of
>> the device. Examples are the OpenWRT firmware for the LinkSys router and
>> the CHDK firmware for Canon cameras.
>
>Note that the OP is basing *his* product on a COTS hardware
>platform. I.e., *he* gets cut out of the picture *completely*
>if his product is hacked. By contrast, linksys/Cisco still
>gets to sell routers *despite* the hacks!

Exactly. If I manufactured and sold the hardware it would be a
completely different story.
First  |  Prev  | 
Pages: 1 2
Prev: Regression testing for /* CAN'T HAPPEN */
Next: MII Management Interface, turnaround bits