The Market Ticker
Commentary on The Capital Markets- Category [Technology]

Oh boy.....

Apple has endowed iPhones with undocumented functions that allow unauthorized people in privileged positions to wirelessly connect and harvest pictures, text messages, and other sensitive data without entering a password or PIN, a forensic scientist warned over the weekend.

Why would Apple include such an undocumented interface?

There is no legitimate reason to do so.  There is a legitimate reason to include documented APIs for extracting data, but were they to be documented there would have been a howl a long time ago about the lack of protection of the data they can access.

What do these services do? You're not going to like it:

Zdziarski said the service that raises the most concern is known as com.apple.mobile.file_relay. It dishes out a staggering amount of data—including account data for e-mail, Twitter, iCloud, and other services, a full copy of the address book including deleted entries, the user cache folder, logs of geographic positions, and a complete dump of the user photo album—all without requiring a backup password to be entered. 

....

The Pcapd service, for instance, allows people to wirelessly monitor all network traffic traveling into and out of the device, even when it's not running in a special developer or support mode. House_arrest, meanwhile, allows the copying of sensitive files and documents from Twitter, Facebook, and many other applications.

Isn't that special?

Undocumented, unfettered access to the data on the device -- and all someone needs is even transient access to any device you've paired your phone with, ever, from the time of the last hard (data wipe) reset -- Bingo!

That "pairing" your phone effectively permanently defeats any encryption or password you have set for anything on the device wasn't disclosed when you paired for music or some other legitimate purpose, is it?

Didn't think so.

If you're a CIO at some firm with a concern over security -- say, a health-care company with a potential ERISA/HIPPA exposure or a financial entity with various fiduciary responsibilities: May I ask how warm you're getting under the collar right about now?

Oh, about that IBM "partnership" smiley

View this entry with comments (registration required to post)
 

Main Navigation
Full-Text Search & Archives
Archive Access
Get Adobe Flash player
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be reproduced or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media or for commercial use.

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.