The Iphone brings a host of new features with this release, but also brings some interesting security issues with it. Some are new while others have been around for a awhile. Sometimes I like to poke around with a digital stick and see what I can find…
Some people know that I have a somewhat “checkered” past when it comes to hacking. FBI/Law enforcement confiscating my computer aside, (Hey, I was a minor at the time!) hacking can be fun. In fact, I love it! Ok, down to business. The new Iphone “GPS” is actually an a-gps. This is good. A traditional GPS can be slow to locate you and so the Iphone can first try and triangulate your position using traditional GSM cellular antennas. In addition Apple has partnered with Skyhook (http://www.skyhookwireless.com) to track wireless APs (Access point – your linksys wireless routers etc that you have at home or work). Skyhook basically takes these APs and tags them geographically so they can report approximate positions to Apple. This means that its very likely the APs/Routers that you use at home and work are in Skyhooks database.
The problem is with the “Locate me” feature in google maps. Your phone queries Skyhooks database for the info. Every phone, actually every ethernet network device has a MAC address that is “supposed” to be unique. The problem is that MAC addresses can be cloned. I wondered if there was a way to “trick” Skyhook using the MAC address on a phone to give me the current location of an Iphone that I didn’t have. Being the lazy hacker that I am I googled for info on my “project”.
LONG STORY short, you can fairly easily set up a bridged network that is “new” to Skyhook and then “ask” Skyhook to tell you where you are. Several others were WAY ahead of me on this idea and had even written scripts to help with the process.
Now I have no real reason to care one way or the other about the Iphone “Locate me” security. I write this blog entry simply because I find it fascinating that its possible to track(Stalk) almost anyone you want these days. Real digital security is a myth. At best you can make it too “painful” in time or resources for someone to want to hack your system. Its always been a cat and mouse game. If one mouse gets caught there are always 100 to takes its place
Matt Heaton / President Bluehost.com