In one of Buzz Out Loud's recent episodes (episode 808), it has been reported that iPhone can take screenshots of everything a user does, which can be recovered by hackers or forensics experts. Jonathan Zdziasrski, an iPhone hacker and data forensics expert, states that iPhone takes snapshots of user's most recent action including; but not limited to, text messages, email or web browsing in order to cache it.
This issue is percieved by many people as privacy compromise, as many of the users are not aware of this issue, or they did not agree to share their information with someone else. But, in order to get the information from the iPhone, the hackers will have to have physical access to the handset, which limits the risk of privacy invasion. Issues of privacy raise the question of whether remote access to the iPhone will be possible by hackers in the future or not. Zdziasrski demonstrates in his webcast how to break the passcode locks. If he can remotely access the iPhone in the future as well, he can demonstrate that as well.
With all of the issues stated here, there are some benefits to it, as well. Law enforcement agencies can use these screenshots to track criminal activities.
After knowing some of the facts about the iPhone screenshot cache, the question comes to our mind of is it really such a huge privacy risk with physical access being required, and is the potential investigative benefit worth that risk?
Subscribe to:
Post Comments (Atom)
5 comments:
I'm sort of on the fence about this issue.
On the one hand, it's a privacy issue and potentially could give evidence or leave data for things that aren't already observable, like pictures taken and notes made.
On the other hand, there is a feature to safely erase all of your data if you need to.
I think most consumers won't be worried about this, but that doesn't mean nothing should be done. I feel that Apple should release an on/off switch for the feature so the user can make the choice to eliminate this vulnerability if they choose.
Really, I think people are seeing the need to be able to remotely wipe these devices just through Apple.
Consider this discourse:
Consumer: My phone was stolen, I need to wipe it and order a new one.
Apple/ATT: Okay, your phone has been wiped, all your data is erased, and a new one is on the way, have a good day.
Compare that to knowing that your data is on there as well as screenshots of your activities if your phone gets stolen.
I'd pay extra to wipe my phone if it was stolen!
The point is that no matter how small, these privacy vulnerabilities add up and Apple should be proactive about them to keep consumer confidence at a high level.
Group KMB
Nothing really justifies the invasion to privacy.
The government is using the excuse of “tracking criminals” to justify their invasion to regular citizens’ private lives and data.
The idea of safety by removing our freedoms does not sound appealing to me.
Unfortunately there is not much we can do to stop this invasion to privacy, once we choose to purchase certain devices.
The screenshot cache is not as big of a privacy risk with the requirement of physical access. The new feature that KMB talked about is a perfect way to take care of this issue. If you have the ability to have the iphone completely erased you are taking care of others who find or steal iphones and have the screenshot at their fingertips. As soon as you call Apple and have them erase it you are good to go and you disable the device and the party who has your device.
This feature is also an attractive one to corporations who have software and other private capabilities accessible through their employees phones'. They have a way of protecting their information no matter what their employees do whether they lose an iphone or get one stolen.
On the privacy issue, we feel that having the potential to protect information is crucial so being able to erase the data takes care of this. The downside is some privacy, but these costs are outweighed by protecting the data. As for law enforcement agencies using screenshots to track criminal activities this seems a little ridiculous. If the government can use this to help them we really have no control over it, but they better get a hold of the device before the criminal erases it.
As has been mentioned, there are two sides to this issue. The opportunity to retrieve the information could be beneficial if put to the right use. The down side is obviously the hackers.
This is a privacy issue even though it involves physical access. Users need to be made aware of these features. The consumer needs to be aware anytime there is the opportunity for others to access personal information.
We think there needs to be a way for the consumer to delete this cache memory. The consumer needs control over what is saved and not saved.
Group 1
Post a Comment