The Issue IS NOT What's Being Discussed
The Market Ticker - Commentary on The Capital Markets
2017-11-12 07:00 by Karl Denninger
in Corruption , 760 references Ignore this thread
The Issue IS NOT What's Being Discussed
[Comments enabled]  

Note the talk-talk in this article:

The Uber app for iOS has been given a unique privilege on the operating system which allows the app to spy on the iPhone’s screen, a researcher has discovered. ZDNet reports that the Uber app can read the screen buffer in iOS, allowing it to view and potentially record anything on your iPhone’s screen without your knowledge.

The security implications are outrageous.  While passwords usually aren't displayed (sort of), usernames almost always are, and if you "unmask" a password it is as well.

Never mind that the application mix the user chooses to use, their contacts, email addresses, calendar entries -- all of this and more is visible if you can get at the screen (like, for instance, the picture or video you're shooting at any given time!)

Uber, of course, says it's "not connected to anything else" in their current codebase.

That's not the issue.

The issue is this: Uber didn't hack this into their app, Apple let them have it on a "privileged" basis and neither firm told you or got your consent.

Exactly who owns that device in your pocket?  Your viewpoint is that it's you, right?

Well, Apple thinks otherwise.  And so does Uber.  Both arrogated to Uber, without permission, the ability (whether used or not) to spy on everything that shows up on your screen.

This ought be a felony and everyone in both firms involved should be in the dock right now.

You know it won't happen..... and it's just another example of how you, dear American, allow firms to screw you blind and probably would consent to a camera in your bedroom -- or aimed at your glass-walled shower!

Go to responses (registration required to post)
 
Main Navigation
MUST-READ Selection:
Our Nation DESERVES To Fail

Full-Text Search & Archives
Archive Access
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

 
Comments.......
User: Not logged on
Login Register Top Blog Top Blog Topics FAQ
User Info The Issue IS NOT What's Being Discussed in forum [Market-Ticker]
Rollformer
Posts: 59
Incept: 2013-02-13

Report This As A Bad Post Add To Your Ignored User List
What possible legitimate use is there for this? Maybe make sure the people being picked up by female drivers arent watching porn? This really beggars belief.
Killben
Posts: 277
Incept: 2009-12-07

Report This As A Bad Post Add To Your Ignored User List
"and probably would consent to a camera in your bedroom"

It is already there...Instagram, Selfie...As long as it can get a few likes, shares and followers...

Rollformer
Posts: 59
Incept: 2013-02-13

Report This As A Bad Post Add To Your Ignored User List
Ok. So some research reveals it was for rendering maps. But the story broke early in October, and I follow the news quite closely. This a is first mention of it Ive seen.
Tickerguy
Posts: 150417
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
The alleged "intent" was so they could push content to the iWatch that was on your screen.

However, I don't care WHAT the alleged "intent" is -- that Apple allowed a "special permission" to a given developer without any notice to the user in advance, and that said "special permission" allowed reading the screen, is outrageous.

Maybe Uber exploited that and maybe they didn't, but the very premise of ALLOWING IT without notice -- effectively allowing an app to see ANYTHING you might have on your screen at ANY TIME -- is beyond ridiculous and well into the realm of felonious. Consider that such a capability could TRIVIALLY be used to "hijack" video or pictures you are taking!

The article has been in the queue for quite a while... it just happened to roll forward far enough to make it out today....

----------
Winding it down.

Beango
Posts: 731
Incept: 2009-06-05

Report This As A Bad Post Add To Your Ignored User List
Gee, why stop there. Why not give them access to your private keys or install a root cert.
Krzelune
Posts: 5812
Incept: 2007-10-08

Report This As A Bad Post Add To Your Ignored User List
I suspect this is just the tip of the phallus and isn't just a fruit problem.
Tickerguy
Posts: 150417
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
Yep.

Device security is difficult enough but if the manufacturer provides intentional access there's not **** you can do about it.

There is always access available (at some level of privilege) to the framebuffer or other I/O subsystem. There has to be or the device couldn't work at all. Device access, for obvious reasons, is one of the "golden things" that have to be gated through whatever permission-observing APIs are appropriate (e.g. disks are accessed through filesystems which then can enforce permissions and ACLs, etc.)

Violate that by letting someone have access to the screen framebuffer (for example) and all bets are off. If, for example, you let me "hook" block devices then I can trivially steal anything on your disk as soon as you access it irrespective of encryption because I can "hook" the system's access after the decryption takes place!

----------
Winding it down.
Ptjim
Posts: 366
Incept: 2013-06-26

Pacific Northwest
Report This As A Bad Post Add To Your Ignored User List
Quote:
..... and it's just another example of how you, dear American, allow firms to screw you blind and probably would consent to a camera in your bedroom -- or aimed at your glass-walled shower!

In this instance, I'm avoiding the potential problems - I've never owned an iCult product, never taken an Uber ride, have no Alexa or other spybox and still use my BlackBerry Z10 without all the spyware possibilities.

Knock on formica.

----------
He has erected a multitude of New Offices, and sent hither swarms of Officers to harass our people and eat out their substance. - The Declaration of Independence
Supertruckertom
Posts: 1511
Incept: 2010-11-07

USA
Report This As A Bad Post Add To Your Ignored User List
I still have 2 more factory batteries for my Z10.
What is the shelf life of them?

I also need to upgrade my Micro SD card to the largest it can handle.
4GB isn't enough.

Some web pages are starting to become an issue.
I just don't use them if they are full of pop ups and video adds.

The Z10 still works for most of my needs.


----------
Preparing to go Hunting.
Unknownsailor
Posts: 424
Incept: 2009-04-06

Bremerton, WA
Report This As A Bad Post Add To Your Ignored User List
Put me down as another Z10 user. Does everyone I want a smart phone to do, and nothing else.
Wa9jml
Posts: 50
Incept: 2017-04-29

DeKalb, Illinois
Report This As A Bad Post Add To Your Ignored User List
I still have my Classic. Hopefully, I will be able to get a new battery installed in it when the time comes. That will require a specialist. I use very few apps, and have taken some of them off of the phone. Hopefully, that will make it more secure.

I prefer the mechanical keyboard, so that is a requirement for me.
Ckaminski
Posts: 4285
Incept: 2011-04-08

Mass-Hole!
Report This As A Bad Post Add To Your Ignored User List
Quote:
That will require a specialist.


Doubt it. I will probably require a heat-gun and some spudgers (guitar picks) and maybe a few tiny screw-drivers.

It only takes time and patience. Should be some teardown videos out there.
Aquapura
Posts: 673
Incept: 2012-04-19

South of Canada
Report This As A Bad Post Add To Your Ignored User List
Guess I should say I'm not surprised. I have an employer issued iProduct with Uber installed since it's encouraged for corporate use over using local taxi. I can and do use Lyft so the Uber app is getting deleted this morning.
Login Register Top Blog Top Blog Topics FAQ