Feeds

Apple eyes kill switch for jailbroken iPhones

...for your own good

Application security programs and practises

Apple has applied for a patent covering an elaborate series of measures to automatically protect iPhone owners from thieves and other unauthorized users. But please withhold the applause.

The patent, titled “Systems and Methods for Identifying Unauthorized Users of an Electronic Device,” would also protect Apple against jailbreaks and other unauthorized hacks to the device, which were recently excepted from copyright enforcement.

The application, which was filed in February and published Thursday, specifically describes the identification of “hacking, jailbreaking, unlocking, or removal of a SIM card” so that measures can be taken to counter the user. Possible responses include surreptitiously activating the iPhone's camera, geotagging the image and uploading it to a server and transmitting sensitive data to a server and then wiping it from the device.

Rest assured that this jailbreaking identification, the application would have us believe, is simply a means of protecting owners from unauthorized users.

“Access to sensitive information such as credit card information, social security numbers, banking information, home addresses, or any other delicate information can be prohibited,” the application states. “In some embodiments, the sensitive information can be erased from the electronic device. For example, the sensitive information can be erased directly after an unauthorized user is detected.”

But elsewhere, the patent betrays ulterior motives that are considerably more self serving.

“An activity that can detect an unauthorized user can be any action that may indicate the electronic device is being tampered with by being, for example, hacked, jailbroken, or unlocked,” the patent continues. “For example, a sudden increase in memory usage of the electronic device can indicate that a hacking program is being run and that an unauthorized user may be using the electronic device.

“'Jailbreaking' of an electronic device can generally refer to tampering with the device to allow a user to gain access to digital resources that are normally hidden and protected from users. 'Unlocking' of a cellular phone can generally refer to removing a restriction that 'locks' a cellular phone so it may only be used in specific countries or with specific network providers. Thus, in some embodiments, an unauthorized user can be detected if it is determined that the electronic device is being jailbroken or unlocked.”

The application describes plenty of bells and whistles. They include voice-printing of the owner to detect unauthorized users (what could possibly go wrong with that?), activating the accelerometer to detect if thieves are in transit – even a “heartbeat sensor.”

Ignoring the possibility that a false positive in Apple's proposed theft protection might activate the spy cam while the user is in the bath, or in the middle of some other intimate moment, this technology seems Orwellian for another reason: It gives Steve jobs and Co. the means to retaliate when iPhones aren't being used in ways Cupertino doesn't expressly permit.

But remember, it's for your own good. ®

The Power of One Infographic

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.