Tuesday, September 04, 2012
FBI file of 12 million Apple iPhone personal records hacked, some info posted
by Larry Geller
That smartphones and their apps have truly revolutionized the lives of millions (billions?) of people is certainly an understatement. I’m continually amazed at the variety, innovations and utility of these apps. Yet the way the devices have been designed creates revolutionary ways for private user data to be collected and distributed.
It’s a two-edged sword due to the design of these devices. They didn’t have to be designed this way, but of course user privacy was not paramount on the designers’ minds. Quite the opposite. They want your data to be accessible.
I’ll mention some apps that blew my mind just this morning below. But first the bad news.
To cap off a summer of devastating corporate data breaches, hackers on Monday posted online what might be the crown jewel of data dumps: 1 million identification numbers for Apple iPhones, iPads and iPod Touch's, all purportedly stolen from the FBI.
Even worse, there may be 11 million more Apple device IDs yet to be released, many with full user names, addresses and telephone numbers attached.
[NBC News Techolog, Hackers leak 1 million Apple device IDs, 9/4/2012]
The hackers apparently stripped away the personal information (names, emails) that they say they obtained from the 1million (and 1) records they have posted. Their intention seems to be to get people riled up about their data security.
Will this do it? Probably not. People have become very complacent with the loss of their privacy, and they love their smartphones. Will releasing the complete, unredacted list of 12 million names, addresses and emails do it? Maybe. At least it would put Apple on the spot and raise consciousness among users towards the day when they demand better privacy (a day which may never come, unfortunately).
There are two secondary issues of why this information was on an FBI laptop in the first place, and why it was stored without encryption. The FBI is in the spy business, they should know that any of their computers may be subject to intrusion. Of course they know that. They just don’t care, and it’s too much to expect change when there are no consequences for not protecting data. We would be foolish to expect that our personal data is being protected on computers wherever it may be found.
In other words, if your personal data is in your phone, consider it to be widely available. The same for your usage of the phone, including your geographical tracks through the world.
One last issue is why a smartphone has to have a unique device identifier in the first place. It’s easy to come up with reasons, but can’t we run our apps without being identified so closely? And can the FBI (or anyone else) use the device ID that was so easily hacked to impersonate us using our smartphones?
This is a question of computer architecture. Practically any device that communicates these days has what’s called a MAC address, but there are also programs that anyone (even the FBI) can use to spoof a MAC address. In fact, routers commonly do that to clone the MAC address of the main computer to which a broadband account is linked. And programs should not have access to that address, but they do.
Apps do more than provide utility
Apps are designed not only to provide user functionality, but to provide profit and information to their creators. Of course that’s true. Do you think Google created Gmail as a public service? Whatever information they mine from our usage of it is worth it to them. Same for apps on your smartphone or tablet.
As users peck away at their virtual keyboards, Big Brother is watching and gathering information. The architecture of the Apple and Android operating systems facilitates this.
If information is gathered from you, then it is out there and could easily be broken free. We cannot count on government or private industry to protect our data. Heck, if a call center is in India (or anywhere, actually) your data may be on sale already.
Apps are candy
There are certainly some neat apps out there. For example, I discovered Winter Wake-up this morning. I can’t get that link to work on my computer, but presumably the app works. It’s an alarm clock. Why not—smartphones do everything and can replace cameras, etc. Why not replace the alarm clock? This one knows where you are, of course, and it checks the weather outside. If it finds snow or icy conditions it will wake you up sooner so you have time to deal with it or leave a bit early to cope with expected delays.
I took a look at my formerly admirable little digital alarm clock and realized that it’s really a pitiable thing, it has no idea when I should get up. It’s been rendered obsolete by an app.
Here’s another. It’s a little button that goes on your fridge. It looks like a pizza. Push the button and it sends an order through the Bluetooth connection to your smartphone, which in turn orders the pizza, and soon it is delivered to your door.
Isn’t that awesome?
I can think of a use for that capability right here in Honolulu. Imagine that you stick one of these buttons on your car dashboard. Then when you’re over a pothole, just whap the button. The smartphone knows where you are, so it sends the GPS coordinates to our less-than-hard-working city Department of Transportation which could, you’d think, dispatch a crew to the spot to fill in the pothole. Particularly if it receives several pothole whaps for the same spot, it should go right away. Well, I can dream.
I found these two and others on the trendwatching.com website. There are a couple that provide for outsourcing (to smartphone users in the neighborhood) of data verification and other quick “gigs” for which the user will be paid. Yes, it’s a whole new world of apps out there, growing literally every minutes. There are websites and magazines devoted to new apps.
But never forget that you are being watched, and that whatever you put in that phone, or do, or wherever (and whenever) you go someplace, could become public information one day.