Feeds

Apple eyes kill switch for jailbroken iPhones

...for your own good

SANS - Survey on application security programs

Apple has applied for a patent covering an elaborate series of measures to automatically protect iPhone owners from thieves and other unauthorized users. But please withhold the applause.

The patent, titled “Systems and Methods for Identifying Unauthorized Users of an Electronic Device,” would also protect Apple against jailbreaks and other unauthorized hacks to the device, which were recently excepted from copyright enforcement.

The application, which was filed in February and published Thursday, specifically describes the identification of “hacking, jailbreaking, unlocking, or removal of a SIM card” so that measures can be taken to counter the user. Possible responses include surreptitiously activating the iPhone's camera, geotagging the image and uploading it to a server and transmitting sensitive data to a server and then wiping it from the device.

Rest assured that this jailbreaking identification, the application would have us believe, is simply a means of protecting owners from unauthorized users.

“Access to sensitive information such as credit card information, social security numbers, banking information, home addresses, or any other delicate information can be prohibited,” the application states. “In some embodiments, the sensitive information can be erased from the electronic device. For example, the sensitive information can be erased directly after an unauthorized user is detected.”

But elsewhere, the patent betrays ulterior motives that are considerably more self serving.

“An activity that can detect an unauthorized user can be any action that may indicate the electronic device is being tampered with by being, for example, hacked, jailbroken, or unlocked,” the patent continues. “For example, a sudden increase in memory usage of the electronic device can indicate that a hacking program is being run and that an unauthorized user may be using the electronic device.

“'Jailbreaking' of an electronic device can generally refer to tampering with the device to allow a user to gain access to digital resources that are normally hidden and protected from users. 'Unlocking' of a cellular phone can generally refer to removing a restriction that 'locks' a cellular phone so it may only be used in specific countries or with specific network providers. Thus, in some embodiments, an unauthorized user can be detected if it is determined that the electronic device is being jailbroken or unlocked.”

The application describes plenty of bells and whistles. They include voice-printing of the owner to detect unauthorized users (what could possibly go wrong with that?), activating the accelerometer to detect if thieves are in transit – even a “heartbeat sensor.”

Ignoring the possibility that a false positive in Apple's proposed theft protection might activate the spy cam while the user is in the bath, or in the middle of some other intimate moment, this technology seems Orwellian for another reason: It gives Steve jobs and Co. the means to retaliate when iPhones aren't being used in ways Cupertino doesn't expressly permit.

But remember, it's for your own good. ®

SANS - Survey on application security programs

More from The Register

next story
WTF happened to Pac-Man?
In his thirties and still afraid of ghosts
Reg man builds smart home rig, gains SUPREME CONTROL of DOMAIN – Pics
LightwaveRF and Arduino: Bright ideas for dim DIYers
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Microsoft signs Motorola to Android patent pact – no, not THAT Motorola
The part that Google never got will play ball with Redmond
Happy 25th birthday, Game Boy!
Monochrome handset ushered in modern mobile gaming era
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Slip your finger in this ring and unlock your backdoor, phone, etc
Take a look at this new NFC jewellery – why, what were you thinking of?
US mobile firms cave on kill switch, agree to install anti-theft code
Slow and kludgy rollout will protect corporate profits
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.