There is a post over at Volokh Conspiracy where the author Stewart Baker believes that the Kindle Fire users will ultimately be more secure because Amazon is acting as a big http proxy and by running everything through Amazon’s cloud it will reduce the risk of end point compromise. Instead of relying on your own ability to protect your device, Amazon will do it for you assuming that they are more knowledgeable than you in information security related matters. I am not nearly as excited for the following reasons:
1. Without physical security there is no security. If one has physical access to a device it is quite possible to subvert for nefarious purposes. Amazon cannot control that and if done well they will not be able to detect it. Ask Apple about all those jail broken iPhones. Additionally, many exploits rely on social engineering. All the hardware in the world cannot stop you from making an error.
2. A big filtering proxy in the cloud is just another filtering proxy. At some point its pattern recognition systems will have false positives enough times that users will work overtime to get around them; that, or Amazon will have to loosen up the filtering. One commenter pointed out correctly that AOL tried this before.
3. Amazon Fire will have its own broswer, which will have its own browser flaws and security problems. That is inescapable. Roll your own browser and you have to do your own code audits too, every change introduces new risks and possible regression errors.
4. Risk will be more non-linear. We may have fewer security problems but the impact of one will be far more severe. A heavily defended system is always complex and when a complex systems goes down it is frequently catastrophic in consequence.
5. Security is expensive. The more complex the system the higher the cost to defend it. Security is frequently one of the first areas relaxed when costs are creeping up. This is normally followed by a security failure of some kind, the firing of the security personnel, an increase in security spending on technological solutions and a return to the beginning. Think of this as the security personnel scapegoating life cycle. Amazon will not be immune.
In the end, the entire Amazon Kindle Fire ecosystem is just another system requiring defending with the same kinds of problems as other systems. I do not share the author’s optimism.
Risk Horizon Blog 