Lee: My protection?
John: New identity, relocation, I'll take you through it step by step.
-Arnold Schwarzenegger as Agent John Kruger, Eraser
Hiding your identity works great in the movies, but it's pretty much impossible for a public figure like Arnold. That said, there are some common sense privacy boundaries that heads of state need to observe, for instance: you probably don't want to be broadcasting your position in real time. For good or for worse, however, that's exactly what the Governator is up to these days.
Take a look at this recent Twitter post from Arnold Schwarzenegger's account, http://twitter.com/schwarzenegger:
Where is this happy oatmeal scene occurring? According to the photo, it was taken within the California capitol in Sacramento:
How is this happening? The answer requires you to think differently - less Sacramento and more Cupertino. Let's take a look at the EXIF data embedded in some of the governor's Twitter pictures, and see if we can find some interesting data:
Here's a picture Arnold posted of himself meeting with three other state governors. This looks like a lot of fun, so how could members of the public attend? Well, here's the result of dumping EXIF for this picture:
Arnold's iPhone 3GS comes standard with a compass, a GPS, and a critical remote SMS vulnerability. We can see from this data that Arnold has patched the SMS exploit by updating his iPhone to 3.1, so we can't text a rootkit until Charlie shows up in Canada again. In the meantime, let's see what else we can learn.
In this picture we can clearly see the compass orientation, giving us some direction data for the camera, and even better, the current best GPS fix available on the handset when the picture was taken. This should make it easy to build a Governator-tracking app for the iPhone. I'm counting this blog post as prior art.
Converting and punching this GPS data into Google Maps is pretty easy.
So what does all this GPS tracking data mean for the rest of us? A whole lot less than it does for the Governator. While uploading a realtime public location history might be considered a security risk for a state leader (though in this case, apparently not...), for most people it's a convenience. The iPhone itself has a security model for photo GPS data that's extremely permissive: grant once, allow forever. Turning off embedded location data in iPhone pictures requires remembering to trip a switch to globally disable GPS, then turning it back on when you're done. And if you forget, there's no way to strip or view the hidden location data while it's on the phone. Privacy? There's no app for that. Unless you're jailbroken, in which case there might be, but on the downside Apple thinks very differently about those caught escaping from their gilded jail.
I for one can't help but recall Mayer-Schönberger's assertion that computers must learn to forget. What's called for in this case is transparency and proactive forgetfulness. If users want to embed and share their location data, they should be able to, however a single Opt-In on the camera app doesn't share nearly enough data with the user about the unintended consequences of location data leakage.
Perhaps Twitpic should give users the option to strip location data, the iPhone should add a similar switch, and the Governator should accept my modest professional recommendation that he purchase a hardened Blackberry. I'm not claiming it's secure, but it might be a step in the right direction, and hey, it's very presidential.
-stryde.hax, 10/13/2009
update A reader points out that Gadget Girl has spoken to this issue some already and located some EXIF stripping apps. Details TBD.
0 comments:
Post a Comment