Why GPS Tracking Makes Your IPhone 3GS Vulnerable

by DMR2012 on August 6, 2012

In my last article on the vulnerability of multi-device syncing, I showed that your iDevice still has vulnerabilities that are prone to attack from outsiders—even if you decide never to jailbreak your iPhone, iPad, or iPod Touch. One vulnerability is iCloud. ICloud allows your content to be synced across all your devices; what most people do not understand is that their content can only be synced if their username and password are accessed across all devices. Thus, when your content on your iPhone syncs to your iPad and iPod Touch 4G, it does so because it also has access to your password across all your devices. Perhaps it is the case that you should not activate iCloud on all your devices. Additionally, iCloud swallows 5GB of the memory storage you purchase on an iOS device; as a result, leaving iCloud “in the clouds” may save you memory storage that can be used for other things. It seems that the security risks outweigh the benefits (convenience).

 

ICloud, however, is not the only vulnerability that your iDevice has. There is another: GPS tracking. Yep, it’s true: one technology convenience that makes it easy to find directions when you are lost and tell you what street to go down and how many miles you have before arriving at your destination is also an inconvenience that could become a hacker’s gateway to your device. At the Black Hat conference ten days ago (July 26), University of Luxembourg researcher Ralf-Philipp Weimann reported that GPS tracking within smartphones provides a loophole by which hackers can seize control of any users mobile device, email, and other private accounts.

 

One important point Weimann noted in his research that many do not know is that smartphones do not run on actual GPS tracking; rather, they run by way of a cellular network that connects to globally-positioned satellites. Smartphones run on a cellular network because of the time it would take the orbiting satellites to send data by satellite signals back to the smartphone (as well as the reverse). If smartphones ran on signals from the four satellites orbiting the earth, it would take up to 12 minutes to process locations and other information the smartphone provides. By running on “A-GPS,” or “assisted GPS,” smartphones allow cell networks to provide faster calculations for smartphone detection than the four orbiting satellites themselves. This does not sound like a problem—until you realize that the cellular network connects to the smartphone (and the smartphone to the network) by way of an unsecured Internet connection. The unsecured connection, as any unsecured connection, provides an opportunity for malware to be placed on smartphones. Malware contains all sorts of data-hacking abilities that cannot be known until it has done its damage.

 

If a smartphone goes over a WiFi connection that contains malware, a hacker can gain control of a device (including the consumer’s username and password), using the username and password to access your phone customizations, options, email, iTunes, and so on. Within minutes, you can experience the same fate as did Matt Honan: locked out of your email and social networking accounts. It only took minutes in Honan’s case; you could become a victim in as little as two minutes.

 

Not only can a hacker steal your personal information; he or she can also track your travel. If GPS works because it tracks your travel, it will work just as excellent for someone else—including a hacker. If a hacker makes his or her way into your smartphone and accesses your information over an unsecure Internet connection, a hacker could trace your whereabouts on your own smartphone. Just think of how many crimes have been committed where the attacker could trace the travel of an individual. Your device could be subject to a number of crashes, bugs, and all sorts of disastrous results.

 

Now that I have covered the risks and dangers posed by assisted GPS tracking, stop and think about how many conveniences your smartphone provides daily:

 

  • Near Field Communication
  • Credit card information storage
  • Personal emails
  • Photos
  • Twitter integration (iOS 5) and Facebook integration (iOS 6)
  • Work documents

 

There are many more; however, once you see the conveniences that can end up in hacker hands, it makes you consider whether or not GPS is a good thing, right?

 

If you find yourself in this position, let me assure you that GPS tracking has its purposes. How would you find your way to a new vacation spot or beach if you did not have GPS? GPS is resourceful when it helps you find your way to places you have never been; at the same time, you must take the good with the bad. If you decide to hang on to your iPhone 3G or iPhone 3GS, know that your GPS can direct you from one place to another while possibly directing a hacker to you. In jailbreaking, at least, you have more control over your own device.

Comments on this entry are closed.

Previous post:

Next post: