Fortinet Blog | News and Threat Research
  • Products
  • Solutions
  • Service & Support
  • Partners
  • Corporate
  • Resources
  • How to Buy

Open questions to Apple's MobileMe

by RSS Axelle Apvrille  |  June 16, 2009  |  Category: Security Research

Last week, I had hardly reached my desk when a colleague rushed by my side and told me, all excited, Apple had announced the release of a new iPhone 3GS. They also unveiled interesting new functionality in MobileMe, which started out a long chat in our lab.

To summarize our discussion, tomorrow, MobileMe is releasing three novelties:

* locating your iPhone, for example, when it is lost

* displaying a message or a sound onto your iPhone

* remotely wiping your iPhone so a thief won’t find read any sensitive data

All of these are quite appealling at first, but they raise a few questions:

Security: which security measures are taken to make sure one cannot remotely wipe or send messages/sounds to another iPhone? I hope this is secure, otherwise attackers are going to have a lot of fun…

Price: all of these features require sending commands to the iPhone. How is the mobile device receiving commands? Are they sent over the 3G network? Is the phone receiving an SMS? And who’s paying for this? Is it included in your MobileMe subscription?

Eficiency: those features are probably helpful if you lose your iPhone, but I doubt they will help when your iPhone is stolen. From MobileMe’s screenshot, it looks like locating an iPhone only works if you have previously installed MobileMe and enabled the “Find my iPhone” option. The thief can probably disable this option, uninstall MobileMe or even reset your iPhone if he/she intends to keep it…

Privacy: I am uncertain of how legal tracking your iPhone is. In France, geolocalization is regulated by law and the CNIL has hard work enforcing it. To my understanding, the CNIL finds locating a stolen device acceptable as long as the feature cannot be turned into a spying / tracking device. And indeed, this is difficult to guarantee: you never know when your iPhone is going to be stolen, do you? So, you have to enable the localization all the time, and consequently, your iPhone (thus you?) can be tracked all the time too… unless Apple has thought of some special trick so your iPhone will only release localization data to you, its rightful owner.

We’re going to be busy after tomorrow…

by RSS Axelle Apvrille  |  June 16, 2009  |  Category: Security Research
Tags: apple iphone iphone 3g mobileme Research
comments powered by Disqus

Category

  • All
  • RSS Subscribe
  • Security Research
  • RSS Subscribe
  • Industry Trends & News
  • RSS Subscribe

FortiGuard Labs on the Web

  • Twitter Twitter
  • Facebook Facebook
  • LinkedIn LinkedIn
  • Youtube Youtube

Monthly Archives

  • May 2013 8
  • April 2013 17
  • March 2013 12
  • February 2013 11
  • January 2013 12
  • December 2012 8
  • November 2012 7
  • October 2012 4
  • September 2012 7
  • August 2012 7
  • July 2012 9
  • June 2012 17
  • May 2012 14
  • April 2012 16
  • March 2012 15
  • February 2012 11
  • January 2012 6
  • December 2011 4
  • November 2011 6
  • October 2011 11
  • September 2011 2
  • August 2011 2
  • July 2011 4
  • June 2011 6
  • May 2011 6
  • April 2011 5
  • March 2011 7
  • February 2011 5
  • January 2011 7
  • December 2010 8
  • November 2010 11
  • October 2010 3
  • September 2010 8
  • August 2010 4
  • July 2010 9
  • June 2010 9
  • May 2010 9
  • April 2010 6
  • March 2010 8
  • February 2010 6
  • January 2010 9
  • December 2009 8
  • November 2009 6
  • October 2009 6
  • September 2009 8
  • August 2009 5
  • July 2009 8
  • June 2009 7
  • May 2009 4
  • April 2009 7
  • March 2009 9
  • February 2009 4
  • January 2009 1
  • Older

Popular topics

Mobile Security hashdays network security Anonymous Anti-Spam symbianos sms trojan adobe symbos/yxes derek manky virut challenge botnet zitmo Research reverse engineering Firewall android Antivirus microsoft SpyEye exploit Fortinet Threat Landscape hacking challenge FortiGate mobile UTM reversing privacy mobile malware stuxnet bredolab Windows apple mobile phone BYOD facebook Security google symbian iphone Cryptography Mac OS X webinar Malware mobile phones conference Zeus