Rant: DiSA pain in the arse.

Pun intended, that is. Lately I've noticed that tablets from certain vendors such as RCA, Nextbook and LeapFrog have implemented a security feature by Singapore-based Digital Safety, also known as DiSA. According to the Digital Safety website, it "is designed to offer complete supply chain and in-store protection against shrink."

Fig. 1: A DiSA-protected device being activated
That is, it does away with physical anti-theft locks wrapped on the device's box prior to being sold to the end-user, and replaces it with an activation system that prompts for a code to be given by the sales person by way of a receipt. As mentioned earlier, this has been implemented by a number of manufacturers, though I don't think they've done so with Apple considering they already have a system that's already effective enough as it is. And I don't think that it has rolled out on all retail outlets either, especially with e-commerce and online stores displacing physical retail outlets - DiSA definitely won't apply to devices purchased online from what I can tell.

I know this is conjecture on my part, as I haven't fully studied and experienced such a system yet (we don't have Walmart here at my place :P), but I can see that this is without its pitfalls and shortcomings. A number of parents have been asking me to unlock their DiSA-protected Epics lately. I either tell them to phone LeapFrog about it, or in one case, decided to outright help one mum out and work around the issue. They contacted me and had their devices unlocked in good conscience, without any intention to have a dozen or so devices unlocked en masse to be sold to the black market. As what I can attest, this system has inconvenienced dozens of legitimate users, who are either unaware or not that savvy to know the ins and outs of such a protection in place (think elderly people who bought a tablet or two for their grandchildren). They may have unwittingly lost the receipt, or received the device as a gift. Manufacturer support lines may help with affected users, but this adds to support costs as I could imagine a mother lode of irate customers who are locked out due to DiSA.

The real kicker here is a determined user can and will defeat DiSA, mostly due to Android being not as secure (though not necessarily so; secure bootloaders such as those used on Amazon's Fire tablet and more prominently the KNOX scheme on Samsung devices) as iOS. An entry-level, Mediatek-powered tablet can be easily manipulated to excise the activation wizard, or one can use specialised tools found on shady reverse-engineering forums to activate said devices. Then again, most thieves probably won't be bothered to hack them anyway, though there is indeed the risk.

If this is the case, and indeed so, I'd either suggest improvements to the system, or perhaps outright discontinue this practice. In my opinion, bolstering asset-protection departments and hiring better security is a better choice than use a DRM that ultimately punishes the end user, whilst not mitigating the problem of theft or shoplifting in a reasonable and convenient manner. If deterring theft means pissing off a law-abiding parent or two, I'd say the perp gets the last laugh.

Comments

Popular posts from this blog

LeapFrog Epic part 1: The hidden Lock Screen.

And I came in for another LeapFrog Epic post.

Macintosh in a pinch: Sierra on a Pentium G3258/ASUS H81M-D