digg

Facebook Connect Join Digg About
See the original image at newscientist.com

Personal secrets your iPhone could reveal

newscientist.com Two trends in cellphones are combining to create a new security risk. On the one hand they are becoming more powerful, and more like computers. On the other, they are universally relied upon.

Who dugg this? Made popular Oct 3, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

60 Comments

show profanity settings
expand all
  • 6453893, on 10/03/2008, -2/+32Is there any reason whatsoever this is called "Things your iPhone could reveal" as opposed to "Things your cellphone could reveal"? No, just another two-bit blog trying to capitalize on the iPhone hype machine.
  • Invid, on 10/02/2008, -0/+24It's 2008. I haven't seen a payphone in a year where I live, not even in public places. That and I haven't had a home phone in 6 years means that I'm heavily reliant on my cell. Convenience is always a trade off with security.

    Just be careful.
  • Meheren, on 10/02/2008, -0/+19yes, which is why they should build tighter security into them.
  • oscarolim, on 10/03/2008, -1/+16Oh really? So if I lost my Nokia, or Sony Ericsson, or Samsung I am safe right? What about if i lose one HTC or similar? Safe. Great. I can even lose my wallet, that the only way I can risk secrets is if I lose my iPhone.
  • celerityfm, on 10/03/2008, -3/+18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . _________
    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ./ It’s a trap!
    . . . . . . . . . . . . . . . . _,,,--~~~~~~~~--,_ . . . . ._________/
    . . . . . . . . . . . . . . ,-‘ : : : :::: :::: :: : : : : :º ‘-, . . /. . . . . . . . . .
    . . . . . . . . . . . . .,-‘ :: : : :::: :::: :::: :::: : : :o : ‘-, . . . . . . . . . .
    . . . . . . . . . . . ,-‘ :: ::: :: : : :: :::: :::: :: : : : : :O ‘-, . . . . . . . . .
    . . . . . . . . . .,-‘ : :: :: :: :: :: : : : : : , : : :º :::: :::: ::’; . . . . . . . .
    . . . . . . . . .,-‘ / / : :: :: :: :: : : :::: :::-, ;; ;; ;; ;; ;; ;; ; . . . . . . . .
    . . . . . . . . /,-‘,’ :: : : : : : : : : :: :: :: : ‘-, ;; ;; ;; ;; ;; ;;| . . . . . . .
    . . . . . . . /,’,-‘ :: :: :: :: :: :: :: : ::_,-~~,_’-, ;; ;; ;; ;; | . . . . . . .
    . . . . . _/ :,’ :/ :: :: :: : : :: :: _,-‘/ : ,-‘;’-‘’’’’~-, ;; ;; ;;,’ . . . . . . . .
    . . . ,-‘ / : : : : : : ,-‘’’ : : :,--‘’ :|| /,-‘-‘--‘’’__,’’’ ;; ;,-‘ . . . . . . . .
    . . . :/,, : : : _,-‘ --,,_ : : : ||/ /,-‘-‘x### :: ;;/ . . . . . . . . . .
    . . . . / /---‘’’’ : # : : : : : | | : (O##º : :/ /-‘’ . . . . . . . . . . .
    . . . . /,’____ : : ‘-# : , : : : : ‘-,___,-‘,-`-,, . . . . . . . . . . .
    . . . . ‘ ) : : : :’’’’--,,--,,,,,,¯ :: ::--,,_’’-,,’’’¯ :’- :’-, . . . . . . . . .
    . . . . .) : : : : : : ,, : ‘’’’~~~~’ :: :: :: :’’’’’¯ :: ,-‘ :,/ . . . . . . . . .
    . . . . .,/ /|| | :/ / : : : : : : : ,’-, :: :: :: :: ::,--‘’ :,-‘ . . . . . . . .
    . . . . .’| |/ ‘/ / :: :_--,, : , | )’; :: :: :: :,-‘’ : ,-‘ : : : , . . . . . . .
    . . . ./¯ :| | : |/ :: ::----, :/ :|/ :: :: ,-‘’ : :,-‘ : : : : : : ‘’-,,_ . . . .
    . . ..| : : :/ ‘’-(, :: :: :: ‘’’’’~,,,,,’’ :: ,-‘’ : :,-‘ : : : : : : : : :,-‘’’ . . . .
    . ,-‘ : : : | : : ‘’) : : :¯’’’’~-,: : ,--‘’’ : :,-‘’ : : : : : : : : : ,-‘ :¯’’’’’-,_ .
    ./ : : : : :’-, :: | :: :: :: _,,-‘’’’¯ : ,--‘’ : : : : : : : : : : : / : : : : : : :’’-,
    / : : : : : -, :¯’’’’’’’’’’’¯ : : _,,-~’’ : : : : : : : : : : : : : :| : : : : : : : : :
    : : : : : : :¯’’~~~~~~’’’ : : : : : : : : : : : : : : : : : : | : : : : : : : : :
  • xsecretfiles, on 10/03/2008, -2/+14So if I lose the phone I could potentially risk my personal info......

    O'RLLY?
  • abajaj2280, on 10/03/2008, -1/+10They need to be realize that when you "clear" something, it should not be able to be recovered, especially cache. That is incredibly unsafe.
  • jordanwlee, on 10/03/2008, -1/+9Since when is the iPhone the only phone that can save personal data?
  • badwithcomputer, on 10/03/2008, -0/+8I'll take "Drug Dealers" for 500, Alex.
  • mytCbumps, on 10/03/2008, -3/+10Personal secrets your iPhone "could" reveal. OMG DON'T BUY AN IPHONE!

    Where's the "It's a trap!" guy?
  • asdfer, on 10/03/2008, -0/+4
    At the same time I want to be able to do whatever I want with my iPhone. I want to jail-break it, I want to hack it, etc....
  • CharlesSaint, on 10/03/2008, -1/+5iPhones can be remotely wiped as well, and have the same exchange support as blackberries.
  • inactive, on 10/03/2008, -0/+3It's iPhone, dumbass. Not i-phone, not I phone.
  • BluBerryGTI, on 10/02/2008, -7/+10thats kinda scarey, good thing i dont own a cell phone. GOOO pay phones and beepers
  • 6453893, on 10/03/2008, -0/+3a) The information applies equally to every phone.
    b)The article is critical of the iPhone.
    Did you even read the title, or did you just see the word 'iPhone' and decide to come rant about it?
  • RunJun, on 10/03/2008, -0/+3Did you appear on "The Wire?"
  • graemee, on 10/03/2008, -0/+2Does anyone still use pagers?
  • inactive, on 10/03/2008, -0/+2Not true. If your phone (iPhone or whatever smartphone you have) can VPN into your corporate network, any hacker could find their way into the database where the employee ssn's, payroll and banking information is kept as well as any information related to vendors, tax information, corporate secrets... the list goes on and on. It doesn't have to be on the phone to be a gateway for mischief. If it were me, I'd rather have the network guy's cell phone over the CEO's. He's the one with all of the network access.
  • RadicalEdward, on 10/03/2008, -0/+2New title: Personal secrets a piece of paper could reveal!

    OH NO!!!!! Don't use paper anymore!
  • elmetald00d, on 10/03/2008, -0/+2quite honestly, I don't think pay phones exist anymore. I could not tell you where there is a payphone at all where I live. payphones have disappeared.

    I really hope your comment was a joke, because finding a payphone is harder than finding hookers in broad daylight
  • HereComeTheBugs, on 10/03/2008, -0/+2Someone needs to create an iPhone app that clears all of this data...

    Come on developers! I just gave you your million dollar app idea. I'm sure there's a lot of money to made with an app like this.
  • graemee, on 10/03/2008, -0/+2Your contact list is stored on the BB. Not sure if a hard reset clears those. A factory reset will or a hammer.
  • megamod, on 10/03/2008, -0/+1does it really store your passwords into the keyboard cache? that just sounds stupid.
  • secrity, on 10/03/2008, -0/+1I have two phones; a Blackberry for business, which does phone, email, web, ssh, etc. I also have a personal phone, that only does phone calls.
  • Twee, on 10/05/2008, -0/+1buried for picking on the iphone instead of cell phones in general.
  • coldfusion1970, on 10/08/2008, -0/+1I purchased a pager probably 15 years ago, but never used it.
    I wonder if it still even works.
  • olivcarla, on 10/03/2008, -0/+1Unless you are a criminal, a celebrity or a big company's CEO, I don't think anybody should worry about this (if you are any of those, you have to be very careful anyway and try not to lose your phone!). I call it paranoid.
  • BenO169, on 10/03/2008, -0/+1Why do you have a Blackberry at work if all that you do is make phone calls?
  • dsendecki, on 10/03/2008, -2/+3Admiral Akbar?
  • jamshid, on 10/04/2008, -0/+1Four digit passcodes can be hacked, even if it clears memory after a few retries. The mobile os can be backed up to a simulator, and passcode attempts made repeatedly.

    To be secure all data storage needs to be encrypted, with the key stored in volatile flash memory that clears the memory if it hasn't been refreshed in X minutes. Or, the volatile memory needs to be specialized hardware that clears memory on too many passcode attempts.

    How about the case where it's stolen, but the thief hasn't backed it up to a simulator and it's accessible from the internet or cellular system? Need a special ping that does a remote wipe, like the Exchange remote wipe feature. But it's you instead of your Exchange server telling your device to clear its memory.

    If you're really worried about someone grabbing your mobile and immediately using it, seems like the key has to be stored on you and you have to have a way to stop it from broadcasting the key to the mobile (bluetooth ring?).

    I know this is stuff other people have thought about a lot more, e.g. with locking down desktops. Hopefully someone is implementing this well on people's mobiles -- the new, very personal computer.
  • Linkin4, on 10/03/2008, -3/+4I think Yoda wrote this title.
  • inactive, on 10/03/2008, -0/+1win
  • inactive, on 10/03/2008, -0/+1Its 'New Scientist'
  • secrity, on 10/03/2008, -1/+2I believe that I am reasonably safe if I lose my Blackberry because the data is encrypted and my phone locks. Also, my Blackberry admin can remotely do all sorts of mean and nasty things to the data in my Blackberry.
  • underpressure, on 10/03/2008, -1/+2
    Crackheads who steal phone dont care.
  • Zippo, on 10/03/2008, -0/+11989 called... they're telling you to suck it up and keep with the times.
    Hope there's a payphone nearby when your car breaks down on the highway.
  • Zippo, on 10/03/2008, -0/+1OK, so apparently everything deleted on an iPhone can be magically recovered... care to explain how?
  • spiritflare1, on 10/03/2008, -0/+1If you sell your iphone don't forget to delete your email accounts off the device, or you'll be changing passwords by the time you realize.
  • secrity, on 10/03/2008, -0/+1I understand that the remote reset will clear all of the data in the phone. My contact list is stored in the corporate Exchange server farm and a copy is cached in the BB. I was also told by our BB admin that the phones are configured so that nothing is stored in the SIM.
  • elmetald00d, on 10/16/2008, -0/+1to be fair, they have free emergency phones every mile of the highway system
  • HereComeTheBugs, on 10/03/2008, -0/+1I wasn't claiming to invent the idea of wiping data -- I was claiming (sarcastically) that to invent the idea of wiping data for the iPhone... Even then I'm not talking about wiping all data, just the personal data that is left behind in cache. Just like there is a "Clear all private data" in Firefox there should be some way to do the same on the iPhone.
  • inactive, on 10/03/2008, -0/+1"does it really store your passwords into the keyboard cache? "

    Nope. I wish it did, the browser needs some form of autocomplete
  • nett3, on 10/03/2008, -0/+1How is "they are becoming more powerful, and more like computers" on a different hand then "they are universally relied upon". I was expecting something contradictory. Isn't the phrase more like 'except'.
  • iamanorange, on 10/03/2008, -0/+1Same as any handset really. Anything with memory have these flaws.
  • Rethcir, on 10/03/2008, -0/+1It could reveal all the Sting solo albums I have, that might ruin my political career..
  • Aethirig, on 10/03/2008, -0/+1I once lost my wallet. Someone picked it up, didn't take a dime, and turned it into my employer. In turn, my managers hired a new focus tester.

    This doesn't really relate to iPhone security so much -- if you're tapping on your phone or your wallet in a public place, you can't really expect all that much security.

    But .. I thought I'd offer something happy,
  • inactive, on 10/03/2008, -0/+1sorry the real ACTA link I meant was http://en.wikipedia.org/wiki/Anti-Counterfeiting_T ... but I was too slow to verify and couldnt edit my post
  • inactive, on 10/03/2008, -0/+1ACTA practically mandates that phones (and other devices) be searched for copyright infringing materials. The list of countries that are talking about ACTA (all in secret, the actual wording is not for public consumption, etc) is quite long. http://en.wikipedia.org/wiki/Acta

    In addition to that you have secret data sharing agreements being talked about such as the US/EU one http://www.theregister.co.uk/2008/07/03/eu_us_data ...

    There is also the banking information that is being shared http://articles.latimes.com/2007/jun/28/world/fg-t ... (SWIFT is worldwide, for those that dont know).

    Then there are things like increased data retention laws, that just compound this problem. For those that say they have nothing to hide, why not just cough up your credit card numbers, bank account numbers, passwords to all your accounts, etc? Everyone has something to hide from someone, and given that data leaks can happen, just because the government collects the data does not mean they will be the only ones with that data. Already the US has been found out (by the ACLU via FOIA requests) to be sharing passenger data they promised they wouldnt (specifically on EU passengers which might violate EU laws on that information).

    For those that say "but this elected official will fix everything" maybe, what about the one after him? or the one after them? The two US candidates that are most viable right now do not have a good record, biden wanted to outlaw crypto unless it was backdoored so the govt can read everything (research his legislative history if you doubt), McCain doesnt have a much better track record either. Both obama and mccain voted for the the wiretap immunity. The list goes on of many many politicians in many countries that have similar records on such matters.
  • WhenCanIStop, on 10/03/2008, -3/+3Yes - because you probably don't use your other mobile phones to do half the things that people do on an iPhone because they're not as advanced. I doubt you could get any personal info from your old Nokia 3200
  • Fetching more discussions...
    Show 51 - 62 of 62 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.