oh, the possibilities

So Danfuzz was showing off his new Danger Hiptop the other day, and from the little I played with it, it's pretty sweet: the form factor is good, the keyboard is easy to use, etc. I think it's a little too big, but I expect they'll fix that eventually.

But, unlike all those PalmOS telephones that are available, this thing is basically a cache for the upstream server: everything you save on the phone (address book, notes, any email you forward to the phone's mail reader, etc.) goes upstream to the mothership (and presumably you can sync with your computer via the company's web page or something.) In other words, it's pretty much a terminal, with the central-point-of-failure security concerns that come along with that model. Plus, you can't load your own software onto it: you get what the manufacturer sold you, and that's it.

Anyway, one of my first reactions was how cool this will be once someone hacks the server! Assuming these devices get popular, imagine being able to click on a map, zoom down to street level, see dots marking where people with Hiptops are (since, being cell phones, they're all lojacked) and then click on one of those dots to look through the phone's camera in realtime! Ok, mostly you'd be seeing the inside of someone's pocket, but still. I'll bet you'd at least be able to turn on the microphone and speaker remotely.

"Imagine the distributed denial-of-service attack you could build with a cluster of these..."

I want a device in the same physical case (because the ergonomics of it is really excellent), but that runs an open platform like PalmOS, so that I'm not beholden to The Phone Company's political and serve-the-least-common-denominator motivations over what software they should allow people to run.

Tags: , , , , , , ,

7 Responses:

  1. grahams says:

    According to their FAQ, Danger is going to be releasing an SDK for the Hiptop:

    Q. Does Danger have a Developer's program?

    A. Danger's objective is to make the hiptop application platform open to all developers. At this time, we are working with select developers on an individual basis. We intend to launch our formal developer program in early 2003. If you're interested in becoming a developer for Danger, please email us: developer@danger.com.

  2. Maybe that's what Woz is working on right now.

    • icis_machine says:

      well he is listed on the danger website.

      if they remained true to what i was told about 2 years ago, their solution is end to end so hacking the network would be very interesting.

  3. midendian says:

    you get what the manufacturer sold you

    More accurately (at least for now), it's what your carrier sends you. (You can only buy the T-Mobile Sidekick, not Danger Hiptop.) The server can push down new apps / new revs.

  4. loic says:

    We're hoping to get an SDK out sometime soon. Of course soon probably means six months. We all believe that making a platform is critical to our success as a company and the hiptop's long-term success. And we know that someone will come up with a killer app. Internally we have developed initial versions of all the important apps though - ssh, irc and livejournal clients :)

    In terms of hacking the server, I hope nobody manages, we've done our best with security but we're always keeping an eye out. The IO on the device isn't remotely addressable. All the apps on the device have quite a bit of intelligence, they just sync to the server.

    Oh, and your former coleague David Williams is now my manager in the browser group :)

    • jwz says:

      The IO on the device isn't remotely addressable.

      Well, that just means that you do it by downloading a "microphone server" or something. Either way, you have to compromise the mothership first, which is no small task: but, it's a single, very attractive target, since compromising that server lets you 0wn every phone in the world.

      It'll be a lot more attractive a product once there's an SDK and third-party apps, but I'm never going to feel comfortable about the fact that my notepad, address book, email, and whatnot are permanently stored on someone else's server...

      • unabomber says:

        I don't know if the Danger works like traditional WAP phones, but doesn't each phone report to the nearest server, with a mothership per calling cell or some kind of similar model? This might make it slightly easier to break into a single mothership, but it means if you're trying to get in at a particular mark, you've got to know exactly where they're standing in the grand scheme of things to fuck with them.

        The advantage to this is that if you have Jeff Goldbloom and a Macintosh, you can inject a virus into one server and make all of the motherships blow up. Right?

        I actually tried to buy one of these bastards tonight. I got suckered into the whole VisorPhone thing a year ago, and it has been virtually useless. Now I want to swap into a HipTop without getting nailed a $200 cancellation fee, but the people at 1-800-T-Mobile were functionally retarded, and said they were out of them. Or something. I think I need to send the president of VoiceStream T-Mobile a "book he has to read", if you know what I mean.