| Subcribe via RSS

Troubles w/Kindle And “Consumer Security”

May 6th, 2012 Posted in General, IT Industry, Moble, Networking, Security

I just wanted to provide the results of an two-hourlong trouble-shooting session on a new Kindle brought into my household yesterday.  Not only was it a bit frustrating, but in light of a number of things, quite astonishing as well.  Astonishing that Amazon, Google and even Apple to some extent view and address the consumer market the way that they do.  As a consumer, I have to say it’s frustrating.  As a security professional, I have to say it’s disappointing to say the least.

First the problem: You’d think these days it would be a simple thing to go down, buy a wireless device and throw it on your network in no time flat.  That was exactly what I attempted to do yesterday.  I went down to buy a cheap Kindle for one of my children, throw it on the network and be done.  Two hours and an even exchange later, I finally figured out what the problem was.

For most devices, the act of associating with your wireless network and then using your network are two different things.  So we always get a device onto the network first, then worry about how it’s going to connect to outside services later.  Because, yes, admittedly, I’m not running normal equipment here at home.  We don’t allow full blown access to the outside, polluted internet for a number of reasons.  We have a combination web-filter/proxy server appliance (in the cloud, actually), a commercial grade firewall, a caching DNS server and a few other things sitting inbetween devices on the soft, chewy inside network and the hardened outer shell.

But again, in the past, this was not a problem.  We knew, once devices got on the network, some equipment might have to be visited and settings slightly tweaked into order to get a device to work.

Here Is Why Amazon States Kindles Don’t Work In Enterprise Settings

The thing with Kindle that is different however is… when you are attempting to connect to your wireless network, Amazon, in the name of let-me-hold-your-hand-consumerism (which isn’t necessarily a bad thing — Amazon lives and breathes based on the consumer’s point of view, or tries to anyway), does a little bit more.  The Kindle first tries to connect to your wireless network, utilizing the base amount of information you’ve provided it.  Once successfully connected however, the Kindle doesn’t immediately tell you this.  It tries to connect to a backend somewhere at Amazon first.  If you have a firewall blocking that access, the Kindle doesn’t indicate this is the problem, it merely punts and reports back that… it can’t connect to your wireless network. Which isn’t entirely the case, but that is what is reported.

Now again, as I stated parenthetically above, I understand why Amazon goes through the invisible two-step process, but… what is reported back is not the case and extremely misleading.  It took me some time to discover, after digging through numerous forums, to find that Kindle (Amazon) is going through this transparent, behind-the-scenes two-step process.  Once that was known, I was able to work around it, albeit by taking drastic measures I wouldn’t normally expect to take, but, I was able to register the device.

Which brings me to a major frustration as a consumer and disappointment as a security professional.  If Amazon truly lives and breathes from the consumer’s point of view, I hope they as well as Google and Apple — three of the world’s most major internet “impactors” (at present) — take the following into serious consideration:

Amazon, Apple and Google Seem To Be Ignoring The Obvious

I can’t go off on a complete diatribe right now, but… Amazon and Google and to some extent even Apple don’t seem to realize that the internet they have helped develop has, as a result of their efforts, gotten just a tad bit more sophisticated lately.  With that sophistication, some complexity has necessarily had to be driven down to the consumer level.  It’s not just corporations which utilize firewalls and proxies and other security devices and approaches any longer.  You can go down to Best Buy or buy right off the Amazon “shelves” ironically, any number of mainstream wireless access points and routers and nearly all of them come with a feature set that allows a more sophisticated consumer (shall we say) any number of options for securing their home networks.  Not just from people getting in, but controlling somewhat how people on the inside get out.

Yet, I can’t for the life of me understand why Amazon and Google (and again Apple to some extent) “act like” these kinds of features don’t exist and continue to act like we are still in 2005 when most people simply didn’t or didn’t know how to apply simple WEP, WPA or WPA2 security to their wireless devices or utilize any other security approach.  They act like every WiFi network you attach to has completely 100% free unhindered access to the internet and maybe a couple of devices hooked up to it.

Beyond that even, they seem to be pushing for this to be the normative setup in a day in age where security has to be taken into consideration even down to the consumer level. These devices weren’t designed with that in mind and in fact the companies seem to thumb their noses a little at any consumer who has taken security a little bit more seriously than most. And that is disappointing and annoying. (That is, their explanations read between the lines as “Yeah, we know that, but we don’t care; our devices were purposefully designed to only work on wide-open wireless networks — deal with it.”)

Amazon has no provision in any of their products (as far as I know, and I’ve had two different Kindle devices so far — the high end and the low end Kindles) for utilizing a proxy server.  And seemingly, according to their disclaimers, have no intention in the near future of ever attempting to do so.  On that basis alone, I came within an inch of returning the Kindle and getting my money back.  The only thing that kept me from doing so was the thought that a Nook or any of the other eReaders on the market today probably don’t account for this either.

Google’s Android also does not allow for setting up a proxy server in it’s settings nor do they appear to feel a need to address this in any future release either as far as I know.  (Granted, I haven’t looked at the feature set of Android since last year some time.)

Apple at least allows for setting up a proxy server, but they assume that ALL traffic will be going through such a device instead of allowing for settings that tell the device when and when not to utilize the proxy server — which is something that is quite normative on Windows and even Apple desktops and inside of any of the main browsers on desktops.  (So when I want to address the many IP enabled devices on my home network from my iPhone or iPad, many of them providing HTTP-based services transparently [see iPad Remote App utilizes HTTP], I can’t.  My proxy server is in the cloud and I use a private address space at home.)

I’ll have more on this later — the surprising lack of foresight in the rapidly evolving world we live in, especially as cloud services are already being pushed down to the SMB and consumer levels.  I mainly wanted to highlight that:

If You Can’t Connect Your Kindle To Your WiFi, This Could Be Why

If you have a Kindle you are trying to connect to your internal network make sure that both:

  1. (1) You have provided the correct information for connecting to your wireless (that’s a given) and…
  2. (2) You have completely unrestricted access to the outside internet.  If you don’t, then you’ll need to drop this for a moment to get around the registration process.

Once connected, and you do have some expertise, there are a couple of ways around the problem, which I may also discuss at another time — what and how I will have to re-architect my internal security at the network layer in order to get this to work.


Comments are closed.