|
|
Your iPhone is watching you.
|
|
|
|
Senior User
Join Date: Nov 2003
Status:
Offline
|
|
If you've got an iPhone, everything you have done on your handset has been temporarily stored as a screenshot that hackers or forensics experts could eventually recover, according to a renowned iPhone hacker who exposed the security flaw in a webcast Thursday.
While demonstrating how to break the iPhone's passcode lock in a webcast, iPhone hacker and data-forensics expert Jonathan Zdziarski explained that the popular handset snaps a screenshot of your most recent action -- regardless of whether it's sending a text message, e-mailing or browsing a web page -- in order to cache it. This is purely for aesthetic purposes: When an iPhone user taps the home button, the window of the application you have open shrinks and disappears. In order to create that shrinking effect, the iPhone snaps a screenshot.
The phone presumably deletes the image after you close the application. But anyone who understands the way data works is aware that nothing is ever truly deleted from a storage device. Therefore, forensics experts have used this security flaw to successfully nab criminals who have been accused of rape, murder or drug deals.
That’s a pretty significant security/privacy flaw in my eyes.
The link to the webcast where this flaw was demoed:
http://www.youtube.com/watch?v=op-HyBVN2Ek
http://fyi.oreilly.com/2008/09/learn...he-iphone.html
Author of the upcoming book, iPhone Forensics, Jonathan has devoted much of his talent supporting law enforcement personnel with his development of a forensics toolkit that allows them to recover, process, and remove sensitive data stored on the iPhone, iPhone 3G, and iPod Touch. This live presentation is aimed towards law enforcement and anyone else who has a need to access the not-so-readily available data on an iPhone.
(
Last edited by moep; Sep 11, 2008 at 04:11 PM.
)
|
"The road to success is dotted with the most tempting parking spaces."
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2003
Status:
Offline
|
|
For that matter, every document on your PC or Mac is just as recoverable. I hate to sound like a Fanboi, but I don't see where the iPhone is any worse than any other computer.
|
"A fanatic is one who can't change his mind and won't change the subject." - Winston Churchill
MacBook Pro 17" 2.33 GHz - (mine)
MacBook Pro 15" 1.83 GHz - (wife)
Pair of iPhones
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jun 1999
Location: Las Vegas, NV, USA
Status:
Offline
|
|
I agree. It's a made up problem.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Feb 2000
Location: Washington, DC
Status:
Offline
|
|
It's a problem, but it's industry wide... it's not like the iPhone is the only smart device to have the security problem.
Also, the line "Therefore, forensics experts have used this security flaw to successfully nab criminals who have been accused of rape, murder or drug deals." really makes me laugh. How many iPhone users are there? I have yet to hear of ONE story where a rapist, murder or drug dealer was busted because of their iPhone... I think that would make the news.
|
|
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2000
Status:
Offline
|
|
Indeed, this sounds like somebody simply craving attention.
The phone presumably deletes the image after you close the application. But anyone who understands the way data works is aware that nothing is ever truly deleted from a storage device. Therefore, forensics experts have used this security flaw to successfully nab criminals who have been accused of rape, murder or drug deals.
The entire premise is false - shall I paraphrase?
"Bing tiddle bong, therefore [insert load of crap]".
Either way, this is a remarkable non-issue, in my opinion, and I'm a paranoid security nut. Anyone dumb enough to use a non-disposable product while doing drug deals is pretty damn stupid, and really deserves to get caught.
Anyway - if an iPhone was lost or stolen, chances are the sensitive data would be intact and able to be accessed through the standard interface. If it's sold, it's best to zero it anyway.
The lesson: Don't use the Calendar app to schedule gang hits.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2003
Status:
Offline
|
|
Originally Posted by Cipher13
The lesson: Don't use the Calendar app to schedule gang hits.
:: Furiously deleting calendar events ::
|
"A fanatic is one who can't change his mind and won't change the subject." - Winston Churchill
MacBook Pro 17" 2.33 GHz - (mine)
MacBook Pro 15" 1.83 GHz - (wife)
Pair of iPhones
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Feb 2005
Location: 888500128
Status:
Offline
|
|
Originally Posted by CorpITGuy
:: Furiously deleting calendar events ::
REMEMBER TO SECURELY WIPE YOUR PHONE.
(else just deleting those events and pics ain't gonna do no good once the forensics team hits your phone)
|
|
|
|
|
|
|
|
|
Moderator Emeritus
Join Date: Apr 2001
Location: Up In The Air
Status:
Offline
|
|
Now wait a minute.
My understanding is that the picture is taken of the screen when you press the home button. That's all. Unless I'm mistaken (and I might be) - pictures are taken of the screen at no other time, excepting the user holding down power and home to intentionally take a screen capture.
So navigate within an application to something innocuous first and then press home, if this concerns you in order to prevent it for now, yes?
|
|
|
|
|
|
|
|
|
Registered User
Join Date: Apr 2000
Status:
Offline
|
|
Originally Posted by vmarks
Now wait a minute.
My understanding is that the picture is taken of the screen when you press the home button. That's all. Unless I'm mistaken (and I might be) - pictures are taken of the screen at no other time, excepting the user holding down power and home to intentionally take a screen capture.
So navigate within an application to something innocuous first and then press home, if this concerns you in order to prevent it for now, yes?
Exactly.
It's a total non-issue, really.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jun 1999
Location: Las Vegas, NV, USA
Status:
Offline
|
|
The news keeps getting worse. Apparently the iPhone keeps copies of all your emails, and records phone numbers you have called as well as keeping a database of all your personal contacts and favorite songs!!!
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2000
Location: Isle of Manhattan
Status:
Offline
|
|
Originally Posted by chabig
The news keeps getting worse. Apparently the iPhone keeps copies of all your emails, and records phone numbers you have called as well as keeping a database of all your personal contacts and favorite songs!!!
OMG!!!11 also heard that this portable spy trap stores all the websites you visit in something mockingly entitled "history".
|
"Faster, faster! 'Till the thrill of speed overcomes the fear of death." - HST
|
|
|
|
|
|
|
|
Professional Poster
Join Date: May 2001
Location: North Dakota, USA
Status:
Offline
|
|
This is not a problem.
If it didn't do that, the iPhone would be considered sluggish... and watching any data transfer can easily show the phone is not transmitting this temporary image.
If you lose your phone, you got much more troubles than simply wondering what was last done when you put your iphone to sleep.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Feb 2001
Location: Deer Crossing, CT
Status:
Offline
|
|
Originally Posted by funkboy
This is not a problem.
If it didn't do that, the iPhone would be considered sluggish... and watching any data transfer can easily show the phone is not transmitting this temporary image.
If you lose your phone, you got much more troubles than simply wondering what was last done when you put your iphone to sleep.
Not if you set your security to wipe your iPhone after 10 failed password attempts.
|
|
|
|
|
|
|
|
|
Banned
Join Date: Jun 2005
Location: Indy.
Status:
Offline
|
|
I heard that the front of the iPhone will store your fingerprints if you don't wipe it. Will a screen protector solve this major issue?!?!
|
|
|
|
|
|
|
|
|
Senior User
Join Date: May 2002
Location: Austria
Status:
Offline
|
|
I have to agree that if someone steals your iPhone and goes through the hassle of recovering even the deleted files on it, he/she probably won't gain much additional information from the screenshots.
Still the question remains: Why does the iPhone have to save the screenshots to a file at all? The iPhone seems to work like this: - Get the contents of the screen
- Save it to a file
- Read the file back in
- Animate
- Delete the file
It really should be possible to somehow skip step 2 and 3.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Mar 2002
Location: adequate, thanks.
Status:
Offline
|
|
Some people need to breath in a bag for a while…
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jul 2004
Location: Canada
Status:
Offline
|
|
Originally Posted by moep
Here is another thing. Your memory contains everything you type and sometimes that data is copied into a swap file.
Seriously, give me a fricken break. The screenshot is not transmitted anywhere and periodically overwritten/purged. You are an irresponsible alarmist.
Even the guy who discovered it thinks people like you are blowing things out of proportion. Get off the internet for a while, go to a pub and have a few beers with your friends.
|
--
Aristotle
15" rMBP 2.7 Ghz ,16GB, 768GB SSD, 64GB iPhone 5 S⃣ 128GB iPad Air LTE
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jul 2004
Location: Canada
Status:
Offline
|
|
Originally Posted by chabig
The news keeps getting worse. Apparently the iPhone keeps copies of all your emails, and records phone numbers you have called as well as keeping a database of all your personal contacts and favorite songs!!!
That was awesome.
|
--
Aristotle
15" rMBP 2.7 Ghz ,16GB, 768GB SSD, 64GB iPhone 5 S⃣ 128GB iPad Air LTE
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Aug 2003
Location: In front of my LCD
Status:
Offline
|
|
Originally Posted by chabig
The news keeps getting worse. Apparently the iPhone keeps copies of all your emails, and records phone numbers you have called as well as keeping a database of all your personal contacts and favorite songs!!!
hahahahahahaha
|
8GB iPhone
Coming Soon: Mac mini Core 2 Duo 2.0Ghz
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: BFE
Status:
Offline
|
|
So my privacy is at stake when someone has access to my iphone? Apple must STOP people from using my phone!
|
I'm a bird. I am the 1% (of pets).
|
|
|
|
|
|
|
|
Senior User
Join Date: Nov 2003
Status:
Offline
|
|
Originally Posted by aristotles
Here is another thing. Your memory contains everything you type and sometimes that data is copied into a swap file.
Seriously, give me a fricken break. The screenshot is not transmitted anywhere and periodically overwritten/purged. You are an irresponsible alarmist.
Even the guy who discovered it thinks people like you are blowing things out of proportion. Get off the internet for a while, go to a pub and have a few beers with your friends.
Here’s news for you, I’m just voicing my opinion here which is well within the intended purpose of an internet forum.
If you think that makes me an irresponsible alarmist, you’re the one that needs to get off the internet. Don’t be a jerk, please.
|
"The road to success is dotted with the most tempting parking spaces."
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Wait a minute. The iPhone can't be watching me. The camera's lens points the other way. You guys are just trying to scare me.
Seriously, recovering data from the device should be the second big hurdle. The first is getting one's hands on the device to begin with. Unless there is some aluminum beanie-oriented "secret client" that dumps this stuff to computers run by people in black helicopters, basic security practices (not leaving the darn thing laying around, cleaning up after yourself, etc.) should be more than adequate.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jan 2005
Location: Los Angeles, CA
Status:
Offline
|
|
(
Last edited by ZinkDifferent; Sep 15, 2008 at 08:58 AM.
Reason: Removed because of duplication)
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Jan 2005
Location: Los Angeles, CA
Status:
Offline
|
|
Jonathan Zdziarski is quite simply a reckless attention whore, whose income stream depends on generating FUD that gullible folks believe, hook, line and sinker. This thread is just another example of that.
The guy bills himself as a 'forensics expert', and as such, his bankability and credibility depends directly on how much he is being mentioned in the media - which he makes sure keeps happening by regularly releasing such non-news, which the more or less clueless media laps up.
At the core of it, he's got a major axe to grind with Apple, for reasons of his own, which someone should, maybe, take the time to investigate on their own, don't you think..?
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2005
Location: Minnesota
Status:
Offline
|
|
Nothing is 100% secure when it comes to any type of computer and its components. Never has been, never will be !
|
2010 Mac Mini, 32GB iPod Touch, 2 Apple TV (1)
Home built 12 core 2.93 Westmere PC (almost half the cost of MP) Win7 64.
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2000
Location: Isle of Manhattan
Status:
Offline
|
|
Originally Posted by ghporter
Wait a minute. The iPhone can't be watching me. The camera's lens points the other way. You guys are just trying to scare me.
You mean, you don't know about the other camera?
|
"Faster, faster! 'Till the thrill of speed overcomes the fear of death." - HST
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|