(. . .it’s not just about real estate any more)
[blogger: Trent Henry]
Location services and presence aren’t particularly new. For many years, innovators have realized that where-you-are can be a useful piece of information for delivering consumer IT services. If your cell phone knows it’s in a movie theater, for example, it can automatically turn itself to vibrate or quiet mode. Or, if you make an emergency call, a GPS unit in the cell phone can inform responders where you’re located (the heart of the E911 service). These have been topics of discussion among the converged communication crowd for some time. In fact, even associated security issues have been considered for years: in 1997 Leonhardt and Magee wrote “Security Considerations for a Distributed Location Service.”
However, as with so many things, risk seems to follows utility. That is, vendors have spent considerably more time building location/presence functionality, and dreamers have been thinking about cool uses for it, far more than anyone has pondered the security ramifications.
Enter the iPhone.
Suddenly presence is going to be center stage—not because of newness, but because of ubiquity and richness. With millions of these devices marching around the globe, iPhone 2.0’s Core Location Framework becomes a tantalizing target to consider attacking. And to be honest, as an industry we really don’t understand the threat landscape very well.
I’m not going to create a laundry list of possible security issues here. Without more technical detail, it’s difficult to know what will be feasible and what won’t. And detractors love to argue about a vulnerability being “merely theoretical” (until something bad happens, that is). But we do need to think about WiFi and GPS presence combined with full-featured local applications combined with rich web services. This combination can really change the playing field. How about a microblogging client that automatically tracks and publishes location for you and your 50 closest friends? It’s pretty interesting information to know when 50 people converge on a given location at a given time. Such a service isn’t unrealistic (twitter.com), and it reminds me of concerns about RFID-enabled passports used as bomb triggers (ZDnet report).
The flip side, of course, is using location to augment security. For example, an enterprise might check device location before allowing wireless network admission: “Why is this system trying to connect when it’s not even in my building?” But for now I’m more concerned about possible security holes. In an era of increasing industrial espionage, it would be pretty interesting to know that a key person’s laptop or other device was in-country.
Here’s the fundamental problem: It’s not location/presence security itself that’s insecure—the Apple framework requires user intervention for an app to consume location, and it can be turned off altogether. And a web service that shares location data among groups of people or applications may have adequate protections. But bring these pieces together, and mix in the increasing amount of web-based malware and site hijacking taking place, and we need to pause to consider the new risk.
Who’s responsible for such a high-level view? Well, unfortunately, no one. But enterprises would do well to think carefully about employees’ use of location services. And individual consumers should replace a mindset of “whoa, that’s cool,” with “what exactly am I revealing?”
Comments