Threat Research

Open questions to Apple's MobileMe

By Axelle Apvrille | June 16, 2009

Last week, I had hardly reached my desk when a colleague rushed by my side and told me, all excited, Apple had announced the release of a new iPhone 3GS. They also unveiled interesting new functionality in MobileMe, which started out a long chat in our lab.

To summarize our discussion, tomorrow, MobileMe is releasing three novelties:

  • locating your iPhone, for example, when it is lost

  • displaying a message or a sound onto your iPhone

  • remotely wiping your iPhone so a thief won't find read any sensitive data

All of these are quite appealling at first, but they raise a few questions:

Security: which security measures are taken to make sure one cannot remotely wipe or send messages/sounds to another iPhone? I hope this is secure, otherwise attackers are going to have a lot of fun...

Price: all of these features require sending commands to the iPhone. How is the mobile device receiving commands? Are they sent over the 3G network? Is the phone receiving an SMS? And who's paying for this? Is it included in your MobileMe subscription?

Eficiency: those features are probably helpful if you lose your iPhone, but I doubt they will help when your iPhone is stolen. From MobileMe's screenshot, it looks like locating an iPhone only works if you have previously installed MobileMe and enabled the "Find my iPhone" option. The thief can probably disable this option, uninstall MobileMe or even reset your iPhone if he/she intends to keep it...

Privacy: I am uncertain of how legal tracking your iPhone is. In France, geolocalization is regulated by law and the CNIL has hard work enforcing it. To my understanding, the CNIL finds locating a stolen device acceptable as long as the feature cannot be turned into a spying / tracking device. And indeed, this is difficult to guarantee: you never know when your iPhone is going to be stolen, do you? So, you have to enable the localization all the time, and consequently, your iPhone (thus you?) can be tracked all the time too... unless Apple has thought of some special trick so your iPhone will only release localization data to you, its rightful owner.

We're going to be busy after tomorrow...

Join the Discussion