Archive

Archive for the ‘iPhone’ Category

iDevice tracking.

April 27th, 2011 Comments off
Reading Time: 3 minutes

I’m a little late wading into this but I thought it worth looking at based on my last post.

If you’ve been hiding under a rock; Apple tracks where you have been (regardless of your location tracking selection) in a file called consolidated.db.

Tracked!

This was originally discovered by Alex Levinson back in 2010 when he was researching the iPad.

Long story short there is s SQLite Database on both the iDevice (/private/var/root/Library/Caches/locationd/consolidated.db) and stored on your sync machine (/Users/<your user name>/Library/Application Support/MobileSync/Backup/). It uses cell tower triangulation, as opposed to GPS, to track your location (so accuracy isn’t always bang on, but pretty close in most cases).

Recently a couple of researchers from O’Reilly (Alasdair Allan and Pete Warden) wrote an OSX application that allows the visualisation of the stored data and bringing this out from the deep dark recesses of computer forensics to the mainstream, sparking outrage and cries of foul. This in turn forcing Apple to respond to these concerns.

You can see in the image “Tracked!” that it has tracked my movements throughout NSW and Canberra. So I decided to have a play myself to see what is all captured (instructions on how to find the consolidated.db file are on Pete Warden’s site). With the help of an SQLite viewer I opened up the file to see what all was there (see image below):

SQLite file opened

The second table is the interesting one that contains the location tracking data that everyone is interested in. A view into that table shows exactly what can be found in there:

CellLocation Table Contents

I’ve condensed the columns for Longitude and Latitude, mostly because I don’t want everyone knowing EXACTLY where I’ve been 😉

The interesting thing seems to be that there is also similar information being stored for WiFi locations though I’ll need some time playing about to understand how relevant the information stored is, but based on an initial pass it seems to capture any AP that my phone sees. I’ve tested this by pluging random MAC addresses into the Google to check against it’s wireless AP DB and sure enough, these are APs I’ve not connected to but are pretty close to some of the ones I do.

Given the high profile of this, now, and the ease in which the necessary scripts can be located online to grab this information. I suspect that it won’t be long before you see some exploits in the wild and high profile people start finding that their movements are published.

I hope Apple move to remedy this soon.

UPDATE: I forgot to add that Google also track phones and seem to track similar information on WiFi locations picked up by Android devices. I suspect that Apple is doing similar things with the information for their own reasons.

UPDATE2: Apple have released their latest IOS (4.3.3) that addresses some of the issues.

I’ve yet to run it up and review myself but it looks like they have made good. Now to see what happens with Google and Microsoft.

Mobility – Magic or Mayhem

April 7th, 2011 Comments off
Reading Time: 5 minutes

Love it or hate it, mobile computing is here to stay. Be it smart phone, tablet, netbook or ultra-portable, society as a whole seem stupidly addicted to information being at the tips of out fingers.

Mobile device sales now seem to outpace population growth, a cool statistic that Padmasree Warrior ( @padmasree ) wheeled out at a recent Cisco event was that every second 4 babies are born in the world, but in that same second 40 mobile devices are sold! Take a quick look around, how many iPhones, iPads, Android devices, eReaders, etc are in your household (I’ve got 3 iDevices alone in my house and both my kids are under 3).

Brought on by the modern need to be always connected and “there’s an app for that” approach to mobile computing (Social networking, collaboration tools, and other resources being some of these drivers), there is little wonder what “the next target” will be.

Criminals in general will target the best return for their investment, i.e. hit the biggest deployment base via the easiest means in the hope that a percentage of attacks will be successful. It’s called return on investment.

Attacks

These are still early days and attacks have come along way from a simple “Rick-rolling” of someone’s phone to embedding root-kits into applications, opening up the potential for much much more.

Google Android App store pulls 21 infected apps because of malware, with other stories suggesting upward of 50 applications were actually affected shouldn’t really come as a surprise

Whilst there are a variety of reasons why this happens, essentially it all boils down to money.

The growth of the smart phone deployment base, and the popularity of app stores in general, it makes perfect sense that we are seeing a rise in mobile platform exploits hitting the news. This form of exploit, embedding malicious code in applications that otherwise appear harmless, is certainly low hanging fruit that is ripe for the picking.

Whilst there is a relatively strong Desktop security software market along with a general heightened awareness when it comes to viruses, malware and even information classification in general, the mobile computing platform everyone seems to have a laissez-faire attitude.

Mobile security

While many say 2011 is the year of the Cloud, I’m going to suggest it is also the year of the mobile device exploit. I’m willing to bet that a lot of the bigger players out there are thinking along the same lines; as can be seen through some acquisitions and announcements.

The Enterprise

Always-connected comes at a price. Everyone wants these devices and wants them connected to the corporate network so they can access email, intranet pages, documents and even remote manage infrastructure.

I see there being a number of different issues.

  1. People will bring them in regardless of policy, so how are you going to change your policies?
  2. How do you provide secure access to the information and resources people need?

Policy – the fix all?

Before you say, but corporate policy disallows the use of XYZ device on the network so people won’t be connecting or using them, guess again! I can guarantee that in your organisation people are using the likes of Dropbox and Evernote to get access to the files and information that they need to do their job.

As I’ve said previously

policy only gets you so far. As with any security policy, if it is too restrictive or just too complex , people will just ignore it and do what they want, or need to do

People will connect their devices in ways that would make you cringe.

How do you provide secure access?

With the move to any device anywhere model in organisations this could be a real issue. What happens when a device, corporate or personal, gets compromised?

At this stage this is all up for debate as the industry hasn’t taken mobile device security seriously enough for long enough. The easiest way is to start by providing the tools that give both control to you as a business and your people the access they require.

Open or Closed?

Now there is the debate between open and closed platforms coupled with open or closed marketplaces, but even closed platforms have vulnerabilities that are exploitable, be it in hidden features or bugs in the code. It does, however, make sense that an open platform with an open marketplace would offer an easier target to that of a closed one, but as mentioned previously the user-base also plays a large part in the overall equation; again, these are early days.

Best choice is providing the platform so you can control, to some degree, what goes on. Else look at other measures that will allow functional, secure access to services.

Ultimately the open vs. closed system is one that has been raging for years, regardless of the platform. Only time, and statistics, will tell.

So?

What does this mean to Joe Average and the Enterprise? There needs to be a strategy. How will you address this, and one that is flexible enough to take in to consideration that this is a fast changing area.

A good start;  your mobile device is a computing device and at a minimium the same security precautions need to be taken as for traditional computing devices, arguably, given the device is more susceptable to both “locking down” or  being “lost” than that of  a desktop or  laptop, some additional device specific considerations should be considered.

Thanks to Ben for critique and edits.

Thoughtlet: evaluation of technology

January 31st, 2010 Comments off
Reading Time: 5 minutes

Stunned and dismayedRecently my wife said to me that she wanted to take an almost Amish approach to the evaluation of new technical bits and pieces that we, meaning I, bring into the house. Roughly translated, does this product X increase our quality of life sufficiently to warrant the expense.

“GASP!”

Could this be at all possible? I mean I love technical toys, in fact my job is almost (OK, previous job more so that this one) defined on the fact that new technology must be investigated and tinkered with to see what you can make it do.

Just over a year ago I bought Sarah an iPhone, despite a perfunctory reception, if I were to take it away I’d have my fingers slapped; it has become an integral piece of technology used for everything from phone calls, to emails, to shopping lists and even recording those crazy, yet special, moments with our son. So surely she of all people must understand that?

In general, when I evaluate a piece of Technology, I start with something similar to the below approach (this isn’t original , this an approach similar to how schools evaluate teaching and the use of technology in the classroom):

  1. Is the technology being used “Just because it’s there”?
  2. Is the technology allowing you to do Old things in Old ways?
  3. Is the technology allowing you to do Old things in New ways?
  4. Is the technology creating new and different experiences?

Read more…

Categories: iPhone, Technology Tags: ,

iPhone and our reliance on technology

June 15th, 2009 Comments off
Reading Time: 2 minutes

iphone

I have recently started taking an interest in the writings of Chris Hoff and James Urquhart. Both of them, despite being Cisco employees (sorry that is tongue in cheek), have pragmatic view towards the “cloud computing” phenomenon. The recent posts from both of them on using the iPhone as an analogy of cloud computing got me thinking about a couple of things:

iPhone as a technology enabler: Fact is that now a days people expect that services are always available and that information is always at their finger tips.

Personal even business related information readily available at your first whim. Supports the need, almost the requirement for, ubiquitous applications and data.

People today rely less and less on their ability to remember things and more and more on technology to do it for them. Perfect example;

last night at dinner the waitress came over, sans notepad, and took all our orders. Some were stunned, not by her ability to repeat the orders back to us, but that there was the chance that something might go wrong in the process, between repeating the order to us and  eventually having our meals delivered. As we had two developers at the table comments turned to how easy it would be to churn out a simple iphone/ipod touch app that would allow the orders to be entered into the system, how they could be tracked and we would be safe in knowing that there couldn’t be a breakdown in process. This led to talk about having ability to order straight from a touch screen imbedded in the table, all so we knew the accuracey of the orders being entered, etc… Can you say Xerts?!?

I think about how life was when I was growing up and that memorising great swarths of information (learning by rote) was just how it was done and look to how we function today, it’s less about knowing everything and more about knowing how to get access to the relevant pieces of information we need when we need them. I look at my son and think in wonderment at how he will access and use information as he grows up.

More and more, I think the technologies and gadgets that we cling to and get emotional about, they are the ones that give us access or are enablers.

Categories: iPhone Tags: ,