Cisco's iPhone is a phoney

ONE OF THE BUGS in words is, they can come back to haunt you. Just ask Mark Chandler, a senior vice president at Cisco and its General Counsel.

Chandler explains on his blog, why Cisco is taking action towards Apple over the use of the name Iphone. Apple's revealing of its own Iphone last week made headlines worldwide, to Chandler's chagrin.

"This lawsuit is about Cisco's obligation to protect its trademark in the face of a willful violation. Our goal was collaboration. The action we have taken today is about not using people's property without permission."

Yet Cisco has been accused doing exactly that with its Iphones. And it was told so months ago.

Dutch programmer Armijn Hemel notified Linksys, producer of the WIP300, late October that he had found several violations of the GPL software license. Not in the use of the operating system Linux. Linksys published this software on it site, one way to fulfill a requirement of the GPL.

The problem is in GPL code used in the applications that handle the phone calls and the software that does firmware updates, discovered Hemel. This GPL code is not published.

"I cannot understand how they let this happen", Hemel says. "It is not like it is the first time they violate the GPL. Either they do not care, or they do not have the skills to discover such code in their own products."

Linksys could not be reached for a comment on this. Apparently the entire US west coast was on a public holiday this Monday.

There is more amiss with Cisco's cherished Iphones. Hemel discovered a security leak in another type, the WIP330. This one runs Windows and a simple port scan can send it crashing.

Hemel pointed it out to Linksys in November. And again, he never heard from the company. Meanwhile the bug got published on the well browsed CVE web site.

Asked also to comment on this issue, Linksys came back with a flat denial.

"This only occurs when the user runs an nmap on the LAN. It causes the phone to reboot. Whilst this is a security issue, it is not considered critical, as most WIP330 deployments run behind a NAT, which makes it impossible for this problem to happen. The issue will only occur in LAN environments (running the application on the same LAN as the WIP330) or if the WIP330 uses a public address, which is very unlikely."

Rubbish, says Hemel. "That phone is advertised on their own website as good for use in public hotspots." µ