The iPod touch is one of the newer technologies released by Apple. For those who know the iPhone, it is basically an iPhone without phone capabilities. It allows users to store and listen to music, store and access photos and videos, use applications, and access the internet using a wireless internet connection. It has a 3.5 inch touch screen that allows the user quick, intuitive access to all its features. Like other iPods, it synchronizes with a computer using iTunes. Also, though, it can download applications straight to the iPod with access to a wireless internet. It can be linked up to e-mail and browse the internet just like a regular computer.
There are three primary security goals that I would have if I were the owner. The first is simply the physical security of the iPod. The iPod is compact, but easily slipped into a pocket or snatched if out of sight for a moment. Maintaining the physical security of the iPod will ensure confidentiality, integrity, and availability.
The second goal i would have would be to try to protect the iPod from unauthorized users. The iPod does allow for a 4 digit passcode to prevent random access. This would limit availability to only those who were permitted, confidentiality and integrity of any information stored on the device.
Finally, the use of wireless internet requires some goals. Just like using any wireless internet, you would want to make sure you are using a secure wireless network that you know. Otherwise, confidentiality and integrity could be compromised.
The main assets in question are access to any e-mail accounts linked to the e-mail application, any information stored on the iPod or in any of the applications, and anything involving the use of the internet, especially web server traffic and history.
Looking at physical security, if I was an attacker trying to attempt to exploit the technology, I could easily fit my hand around the device and slip it to some place where it could be removed. If I was able to get a hold of another person's iPod, chances are that there wouldn't be a passcode on it. It just isn't convenient to have to put that passcode in everytime you want to use it. Even if there is a passcode though, it is only 4 numerical digits. This doesn't allow for a very secure passcode. If I got a hold of it and was able to access it, and that person had hooked up their e-mail, you normally don't have to do anything but hit the e-mail button to look at their e-mail and send e-mail. Also, users must manually clear a browser history, cookies, and cache. These things would allow disclosure and alteration.
If the iPod would connect to an unsecured network, I believe someone would be able to track all of the traffic, just as if it was a normal computer. This is definitely a vulnerability.
I also think that an attacker might try to exploit the iPod using an application to get remote access to an iPod, which could possibly eventually lead to spreading of viruses or worms, hacking into networks, etc.
There is definitely a risk of someone other than the owner to have easy access that that owner's information. It would be important to make sure that you choose to connect only to secure networks that you know and avoid the risk of being tracked. If you want the access that the iPod gives you, however, you would have to accept the risk of its physical security. You could get insurance, but they wouldn't be able to prevent access to any information on the lost or stolen iPod. A very cautious owner could look into seeing if there is an alternative way to lock up the iPod so that protection from unauthorized people would be prevented.
Reference:
http://www.apple.com/ipodtouch/what-is/ipod.html
Tuesday, November 3, 2009
Subscribe to:
Post Comments (Atom)
Posts
With the thousands of apps out there, I'm sure getting access to someone's itouch would give them access to personal information on a computer synced to the itouch. There is actually an app that allows you to remotely control the music on your computer from your itouch. I'm sure there is a hacker out there that could remotely control a computer from an app like this. This would be another vulnerability to consider.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThe use of iPod touch seems like a security nightmare waiting to happen. The only thing I can think of is that if there have been problems with people misplacing or having laptops stolen, then there will definitely be even more widespread problems with the physical security of the iPod touch and the iPhone. There is a tremendous amount of personal data on this small device that the owner takes everywhere, and there's a false sense of security in that users don't think of their iPod or iPhone being as valuable as their laptop even though they have begun to store the same amount of information on those devices.
ReplyDeleteI think that the internet provided on college campuses is ideal for ipod touch users. You do not have to worry about the network being unsecured or not encrypted. It provides users with the piece of mind that what they are doing is safe and secure. It is only a matter of time though until someone can do harm to your network is if it not encrypted with something as portable and common as an ipod touch. Just like how you can drive in your car down the street and access unprotected wireless networks with a laptop. The same could be done with an ipod touch and someone that knows what they are doing.
ReplyDeleteI currently own an iPod Touch and use it frequently; however, this has made me question whether or not I should use it as much. When I use the wireless Internet on my iPod, I have never looked to see if the connection is secure. Does the iPod Touch notify the user if a network is secure or not? Also, because of the small stature of the iPod Touch, it can very easily be stolen. Unfortunately, as technology becomes more advanced and gadgets become portable, there are higher security risks.
ReplyDeleteFrom the security standpoint, one of the most interesting iPhone apps is MobileMe. It's ostensibly an app to sync devices, but it has a lot of security features in case an iPhone is lost.
ReplyDeleteIf an iPhone has MobileMe, the iPhone's owner can use it to display messages on the screen (like "NOT YOURS"), or lock the phone and require an actual password. It can also remotely wipe the phone of all information, and return it to factory defaults.
These features are all really useful, because they mean that if someone's iPhone is stolen, they can still do something to protect their privacy. As gadgets get smaller, finding ways to secure those gadgets is really important.
All these features, however, require that the iPhone be on -- which is bad, because iPhones have notoriously low battery life. Additionally, if anyone just wanted to steal the iPhone itself, they could turn it off and it would be undetectable. The iPhone also needs network access for MobileMe to work, so someone who wanted to use the information on the iPhone could set it to Airplane Mode to "hide" from MobileMe.
The one problem I have with this article is the fact that someone who is accessing secure websites or information that is vital to their businesses or school work usually doesn't do so through an iPod touch or mobile device. While I agree, the e-mail function is something that is very insecure, I think that it is important for someone who is using the device to access their e-mail over a network where they are familiar or similarly feel secure enough to use. With that in mind, I do think that the devices are extremely unique and useful for "on the go" situations and it has been a great asset to technology.
ReplyDelete