Saturday, May 7, 2011

Perils of SmartPhone (Automatic geotagging)

Consider following everyday scenarios:

  • Dad takes a picture of a new family car via the smartphone and posts it on flicker, a few days later he posts a picture from a beach where the family is vacationing.

  • Mom likes to use twitter to keep extended family upto date. she tweets mundane things like I am at work, picking kids up at school etc etc, occasionally posting pics of something funny.

  • Teens are hooked on location/checkin apps, always broadcasting to friends where they are hanging out. they love checking racing to the “mayorship” of their favorite spot, collecting pins and other rewards.

They all look fairly innocuous. They are all possible by the power that smartphones pack these days. Decent camera, affordable data plans and engaging apps has made us very spontaneous. when ever we see something cool, funny, important etc, we instantly feel the urge to “tweet”, “facebook”, “flicker” it. This is extremely powerful and has the power of bringing down the established regimes. At the same time these simple acts can reveal personal information that can be extremely dangerous.

consider following.

  • Petty thieves use location search to find pictures on flicker in their target area. Based on geotags and pictures they pretty much know where the potential victims live. and looking at photostreams and dates reveals if victims are currently away from home. Essentially posting a geotaged pictures to a public site is like telling everyone where you were (exact location) at a given date/time. Home pictures reveal your exact address, Vacation pictures reveals that you are out of town.

  • Pedophile looking for new victims scans tweets around him, find the mom tweeting about the daily routine, follows her on twitter and based on geotags establishes the locations of her home, kids school, work place etc. Gets familiar with the routines and strikes. Twitter feed can also geotag messages and provides an easy way to search for tweets “around you”. everytime someone tweets, they are essentially telling the world exact location of where they were at the time they tweeted in addition to the tweet content itself.

  • Stalkers love “check in” apps. they make stalking extremely easy, using these apps with a public profile reveals your daily routine publicly. They also maintain a history so stalkers than easily see the patterns and get familiar with the routine.

If you use a social site with a public profile, just put yourself in the shoes of the “bad” guy and see how much info you can gather about youself. Most “public profile” are also searchable by simple google search and its easy to put together a complete picture of a person if they engage on multiple sites. Google maps with streetview can give everyone view of your home based on the picture you posted, or a simple tweet!

There are couple of ways you can protect yourself:

  • Make your profile “Private”. If you are a social person and like to share. Share it with people you know and you have vetted. Make your facebook, twitter, flicker private to your immediate friends.

  • Turn off geotagging. I am familiar with iPhone, (Android, etc should also have a similar feature I assume). On iPhone you can decide which apps can use geotags. you dont have to turn off geo location for the whole phone. e.g. You can allow “Maps” & “Urban Spoon” & foursq/gowalla to access your location, but disable it for flicker, facebook, camera app, twitter to use it. Iphone tells you which apps are actively accessing your location and the time they did (Settings->location service). Make sure that apps that are accessing your location are not posting it to your public profile, without your knowledge. Next time an app asks for access to geo location, think twice before allowing it.

The intension is not to fear-monger. Just be “Smarter” than your “Smart Phone”. Your location is very important and every one is trying to get access to it. Protect it. Your family deserves it.

Sunday, May 1, 2011

IPad security

iPad has various security features built in. I will review a few of them. They are all accessed by launching the settings app from the main iPad screen ( the icon with gears).

1. Password Lock : [ Settings-> General-> Password Lock -> Turn Password On]

 When turned on. iPad will ask for password when unlocked.  when the Password  is turned on, you can select either a "simple password" aka 4 digits, or a  non- simple password  any phrase using a full  keyboard.

2. Auto Lock : [ Settings-> General-> Auto-Lock]

Auto Lock will cause iPad to autolock after a period of unactivity. You can choose from 2min through 15 mins, or disable autolock.  You can also choose to autolock the iPad when ever you use the "Smart cover" (bought separately)


3. The  third security feature is  called Restrictions  in the settings app [Settings-> General -> Restrictions]. This is the area what allows you to setup parental controls. It lets to disable a few things to make iPad more secure for kids. You can set it up to use a different password than the Screen Lock password.


As you can see from the screen shot above, you can selectively disable a few apps. disable in app purchases  disable content based on ratings. You can also restrict the ability to install or remove a few apps.

I have turned off in app purchases, set settings to G, and disabled the capability of deleting apps for my kids iPad.

iPad is designed as a "I" device and not a "Me" device. thus, when the "restrictions" are turned on, there isnt a way to bypass them by just typing in the password.  Thus when I want to delete the App. I have to follow the following steps :

1. launch the  settings app,
2. Type in the password to access the restrictions area
3. Turn on  the app deletion
4. go back the screen
5. delete the app

6. launch the  settings app, 
7. Type in the password to access the restrictions area
8. Turn off  the app deletion

Kinda pain! but  it works.