Cell Phones, Wireless Keyboards – data security – or not!
The biggest difference between Mac OS-9 (and earlier) and X is that the owner of the machine is not the sole user. By this I mean that OS-X integrated the multiuser OS architecture that the person who bought the machine is always one of many users (even if they are the only user).
A recent iPhone article brought this to light because, now, as phones and PDA’s get more powerful, they too could benefit from multi-user technology that would let you hand your phone/ pda/ web browser/ ipod/ mail tool, to someone else to make a call, without giving them complete access to all your private e-mail, web browsing history, and more. Apple’s simple "slide to unlock" is simply not enough…
At iPhone Alley, Michael Johnston says:
While most of us don’t necessarily mind letting others play with the iPod, YouTube, or Safari, allowing them access to Mail and your Text Messages is another story.
To wit, OS-9 did have the ability to handle multiple users, but it was not as deeply ingrained to the entire OS as it is in Unix. But as much as the iPhone is touted to be running OS-X, it shows no multi-user capabilities (or inherent security).
Ironically enough, I offer consulting for a multi-national corporation. All the XP-based computers there are multi-user and forced logins are de rigeur. They force long, alphanumeric passwords. They force changing passwords every three months. In general, this would seem to be a very secure place.
Once I log in as myself, though, I can not only see every other users’ stuff in the Documents and Settings folder, I can do whatever I want with those files in other people’s folders. View, change, and even delete them. That’s scary. Maybe that’s just how this corporation has their computers set up, but that seems to completely defeat the purpose of all that login security.
Today’s powerful phone handsets need the ability to be a basic device- i.e. phone, web browser, etc, without any personal data viewable. Similar to how any cell phone, even those without service, can be used to dial 9-1-1 for emergency services.
Then, with the swipe of a finger across the fingerprint reader, all the personal data reappears for the proper owner of the device. What happens if your phone gets stolen, or accidentally lost, pickpocketed, or "borrowed" without your knowing it?
What sort of information is available on your phone?
What e-mails with log-in information did you receive?
What phone numbers would you rather not be made public?
I know of several people who use their phone/PDA to keep track of all the various online user names and passwords they have. Access to this is just a few short steps away from identity theft.
Engadget reported on a single Panatech device that was FCC approved for the US in 2006, as well as Nokia’s recent patent application for fingerprint recognition. However, when we may hold a secure device in our hands is a completely different matter. As phones become computers, security of your data on any "single-user" device is very important.
Be vigilant, and, Hey, let’s be careful out there.
Oh, and as an added paranoia, Dreamlab just released a pdf on sniffing the wireless keyboards many of us are fond of using on our desktop systems.
Radio Frequencies are shared media and should be considered to be shared. We suggest to not use insecure communication channels for important information without adequate levels of encryption.
If you think you are alone, and far from "prying eyes" please think again.
Read this fun article by technical industry pundit Bob Cringely.
He describes how he built, with off the shelf components, a 10 kilometer WiFi hop.
That’s more than 6 miles away.
No real specialized technical know how required, and there are antenna designs with far more gain than he used to enable this distance on just the listening end.
Now imagine what someone intent on badness can do.