Schneier on Security
A blog covering security and security technology.
« Security Fail |
| Friday Squid Blogging: New Book on Squid »
May 11, 2012
Smart Phone Privacy App
MobileScope looks like a great tool for monitoring and controlling what information third parties get from your smart phone apps:
We built MobileScope as a proof-of-concept tool that automates much of what we were doing manually; monitoring mobile devices for surprising traffic and highlighting potentially privacy-revealing flows
Unlike PCs, we have little control over the underlying privacy and security features of our mobile devices. They come pre-installed with locked-down operating systems that often restrict their owners from exercising meaningful control unless they're willing to void their warranty and jailbreak the device.
Our current plans are to release MobileScope in the coming weeks and allow interested consumers, developers, regulators, and press to see what information their mobile devices can transmit.
Posted on May 11, 2012 at 6:42 AM
• 29 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
This is the kind of people who should be encouraged.
You are the kind of person that should learn proper grammar.
@D0R - I agree
@H8R - It's a Friday, be nice.
On topic - One of my responsibilities is to vet mobile apps for the "approved" list on our corporate-liability smart phones. If this works well it would be a great tool for providing a lot more transparency during the vetting process.
From the linked article "..we have little control over the underlying privacy and security features of our mobile devices."
There's no disputing that statement but I wonder about the effectiveness of the control of Location Services on the iPhone. I appreciate that turning them off for an app may limit that app but is the location getting out anyway through other channels?
This may be a bit out of place here as an iPhone tech support inquiry but the bigger question is about the effectiveness and actual beahvior of the few controls that are exposed. It is not clear to me that they actually work as advertised. Thanks for any ideas.
Android has a few apps that do this: LBE and Pdroid
@H8R And you are the kind that should learn how to practice proper manner and kindness.
The app does sound interesting, let's see where it goes from here.
I'd prefer it if all apps had a list of permissions that you could enable and disable at install.
Android, for what it's worth, allows selective enabling and disabling of permissions. It's the specific flavor you get from your provider that doesn't generally allow it. CyanogenMod allows permissions to be granted selectively. Of course, the apps you want to use might not function with those permissions revoked, but that's the right of the developer, not the user.
"...who should learn proper grammar."
The problem with mobile app permissions is that they have become just as meaningless as shrink-wrap software agreements. Even the most trivial Android app you install these days will ask for permission to read/write the SD card, Internet access and often GPS access. You can either agree or not install the app.
I really don't see why a schedule app for a conference inside a hotel needs to use my GPS.
In "The Fine Print Society", law professor Evan McKenzie wrote
Corporate managers have collectively determined to overwhelm us with fine print. We can't possibly read all this crap, much less meditate like some 18th century aristocrat on the implications of the content. Yet we can't do so much as download an update to Adobe Acrobat without "signing" a contract. We are conclusively presumed to have read, understood, and agreed to every lawyer-drafted word, and yet everybody knows that none of us reads this. Not even Ron Paul--so don't start with me. And the more of these contracts we get, the less likely it is that we will read any of them. So corporations have an incentive to send more of them and make them longer and more verbose. This is a collective decision on their part, and it is working, and they know it.
His entire post is at http://privatopia.blogspot.com/2011/12/... (4 paragraphs long)
In order to work, MobileScope needs access to your contacts, phone calls, and SMS messages, Facebook account...
"Ok" to continue...
I use LBE Privacy Guard for Android. It selectively blocks permissions, so if I don't want Angry Birds to have location access it doesn't have location access.
I'd like still-finer control. Allow apps the ability to write to certain directories on the SD card, but not others.
I use Gregg Microsystems Gatekeeper on all of my systems, including mobile devices.
Meanwhile, there's an iPhone app that supposedly lets you send a picture to someone that only lasts for 10 seconds and then disappears. I wonder how hard it will be to defeat that.
We will see the potential value of this app by those who contest it. So if Apple were to refuse to allow such an app, that means they don't want you to stop the bleeding of data. Likewise, if any carriers disallow the app, they too have something to hide (well, we already know that).
If nobody protests, then maybe the app isn't stopping anything. Mobile devices may be great but we don't have control of them.
...Sure don't really miss my "smart" phone all that much. Oh heavens me, I can't play "Words with Friends" or "Draw Something". The looks I get when I whip out my "flipper". But really, aside from GPS navigation and the flashlight app, the screen is too small to do any real meaningful work and not having to pay an additional $30 a month for slow internet is a plus.
However my phone now has Bluetooth (pre-installed and can't remove of course) that just happens to turn itself on every now and then, I wonder what it's doing... Putting 2 & 2 together I was a little unnerved to hear the other day that a couple Bluetooth sniffing devices were installed on a couple power poles on my commute route and can determine traffic speed and flow. Because I'm sure that's all they're doing.
Oh and thank the imbeciles who are so addicted and "finger-pump" their lives away and crash their cars or walk into oncoming traffic. Now we are starting to see laws banning the use of phones in cars and while crossing the street.
It isn't clear from the article or their website how MobileScope works. Anyone know the specifics?
I've been contemplating developing a similar product. I would like to offer a VPN service that filters (either blocking or spoofing) privacy-leaking communications. It would include broad-based protections, like blocking all communications to dedicated cyber-stalking services like doubleclick as well as things requiring deeper packet inspection like re-writing those unique device-ids to be specific to each end-point (e.g. your real device-id is FOO, packets going to google get FOO rewritten as FOO1, packets going to facebook get FOO rewritten as FOO2, etc).
(a) Needtab Athe:
How long the DRM lets you see it is VASTLY different from
how long it is resident in any transit system,
or redirected and frozen in capture mode.
As long as people are ignorant of these distinctions,
they are proving P T Barnum right.
WHAT mobile devices that leak personal data , unthinkable! everyone knows that these are start-devices, smart is even part of the name...
So all we need to do is lock done permissions...right? Ahhh NO, because that's little like slapping a bandaid on an arterial bleeder. the data is not leaking, its gushing out in such volume as to be a significant portion of the data consumed on many 3g devices. If you want a real shock look at the total volume of upstream smart device data and subtract actual user initiated data and ask yourself the question, What's the rest?
So whats the solution? Truth is there isn't a solution and the main problem is the Joe Average is pleased that his personal data is leaking and gladly signs up for ever larger leaks every single day. What truly amazes me is that many people are really happy that these insanely large leaks of personal data exist.
Back in the days, with my Symbian Phone I could selectively allow internet access for each seperate app, I could even specify which access point each app would be able to choose.
And as Symbian was said to be way behind Android and iOS, I figured that especially Android, being open-source and everything, would allow me an even greater control over my phone.
But on the other hand: I still bought Android, so for me, convenience (at a certain level) obviously wins over privacy.
If you want a real shock look at the total
volume of upstream smart device data and subtract actual user initiated data and ask yourself the question...
The first problem is trying to seperate the two, then working out what the extraneous data is all about...
If and when you've done that, the second problem is hunting out the redundancy in all the layered protocols that is a great haven for covert channels.
Then, as a third thorny problem is checking for time based channels of all sorts.
Then wherever there is some kind of multi use stack and or prioratising system, there are "sequence based" channels. That is if you have two packets of data with the same time out and priority, which goes first... And have you realy checked the selection process, is it realy random or secretly transfering information by the selection...
Oh and then there are "shadow channels" that is if you have several channels you can hide data by the difference between two or more channels
Then having found all the channels you can think of, you have to work out if there is any data in these channels, and if the data is meaningfull...
"Smart" functionality generally requires "efficient" use of resources, and unless great care is exercised in the design and implementation of the system the more efficient it is the more channels become available and the greater their bandwidth...
The same applies to low latency systems, likewise those with fast error correction
And this is where you switch from what are in effect passive channels that continuously leak data you have a small channce of finding to attacker activated channels which have a very low probability of being detected if at all (almost certainly not during "closed/private network testing". If you put a channel in the error correction mechanisms, under most ordinary conditions it will be closed and therefore not leaking data. However as the adversary you can chose to create some kind of error (say a lost packet) in which case the error mechanism is operated and can leak several bits of data each time, thus the attacker choses the how and when of leaking data...
I could go on at length but I think most people will have got the idea...
Forget side-channels and exotic memory attacks, you don't need them just make some facebook helper app and watch 99% of people click yes to every conceivable permission that you request.
Forget... ...you don't need them just make some facebook helper app and watch 99% of people click yes to every conceivable permission that you request.
Yup, but it also does not help when the network suppliers in the likes of the US add "test software" like CarrierIQ which just end runs around any and all security by sending everything in "plain text" right past the "NSA network taps" in a nicely formatted and easily recognisable chunk as regular as clock work...
It's like the old joke about two men in the jungle, when a tiger appears and one starts to run the other stops to tie his shoe laces... You don't have to be smart only a little bit smarter than the compleate idiot standing next to you...
The problem is very very occasionally there are not any "idiots" when you need them, then you do have to be a bit more than a little bit smarter...
As somebody once observed about playing chess, beyond a certain point you only get smarter by playing smarter people...
I've filled in the sign-up yesterday, and nothing happens...is there any SW that may be tested, or I missed sg. on the page?
German Consumer Reports (Stiftung Warentest....www.test.de....) current issue ran big test of about 63 "smart" phone apps (android and ios) and found about 40% to be dangerous in that they took personal data, complete contact lists and other data without user's knowledge and forwarded it to servers as well as dedicated snooper sites. Often without encryption.
I think I'll stay with my "dumb" handy.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.