Security Review: iPod Touch
The iPhone has already had a security review and is similar to the iPod Touch, but I’m going to focus more on the security when someone has physical access to the device. There are a number of security measures that are or can be used on the iPod Touch to limit access to certain features. The iPod Touch, probably similar to the iPhone, contains a lot of personal information as well as access to iTunes and the App Store.
The two main assets of on the iPod Touch are the personal information on the iPod such as photos, emails, contacts, notes, and schedules, and the access to iTunes and the App Store. The owner of the iPod Touch may have some sensitive photos or emails that should remain secret. iTunes and App Store accounts are usually linked to a credit card. The owner wouldn’t want other people to make unauthorized purchases. The iPod has a lot of functionality, and it’s not always clear what information is sensitive and what isn’t.
The security goal here is to restrict or limit access to sensitive information as well as prevent unauthorized actions such as purchases from happening. At the same time, all the functionality has to be easy enough to use.
So two potential adversaries could be a nosy or prankster friend or someone who has physically stolen the iPod. A friend might want to snoop around your personal information or perhaps jokingly purchase an “adult” app or change your wallpaper to David Hasslehoff. Someone who has stolen your iPod may want to purchase apps and music using your account and credit card.
So the iPod has a few security measures. Functionality of the iPod can be password protected with a 4-digit number. When an iPod is locked (which typically can happen when a period of inactivity occurs), it asks for a 4-digit number to unlock the iPod. This is only the case when the setting is activated. Also, access to the App Store or iTunes is also password protected, but this time with an iTunes password, which is likely more complicated and can contain letters and numbers from a full keyboard.
Now there are a few ways to exploit these two security features. Since the iPod Touch is a touch screen device, there are often smudge marks left from oil on fingers. With a 4-digit password, it can be easy to spot the 4 smudges on the screen that may possibly be the password. Also, with the iTunes password or any password in general, there may be smudges, but more and with less spacing. However, as a convenient to the user, password input always shows the last letter that was pressed for a couple seconds. Normally on a desktop or laptop computer, the password shows up as asterisks. The iPod does the same eventually, but the last letter entered always shows up readable. Someone looking over the shoulder can easily decipher the password. Also, the pressing of each letter with just thumbs is much easier to read than when you have all ten fingers on a keyboard. Additionally, once the password has been entered, it remains valid for several minutes before requesting the password be inputted again. This allows an attacker to purchase apps or music right after the user has entered the password and finished with their legitimate purchases.
There are several potential ways to prevent these exploits. If a different, more smudge resistant screen was used, it may be more difficult to detect the password input. Also, suppressing the last letter of the password showing as an option would be good. Or even better, don’t show any asterisks so eavesdroppers can’t see how long the password is either. Additionally, perhaps a biometric scanner using a touch screen may some day be possible.
So the question really is, how much security do you need? I imagine the information on an iPod Touch isn’t terribly sensitive in most cases. And with a device like that, it will typically be in close proximity and unlikely to be accessed by an adversary without going unnoticed. The level of security already implemented seems appropriate for the value and sensitivity of the assets. However, it would be nice if there was a quick and easy way to password protect certain apps like email or photos with just the 4-digit number.
As technology grows, more and more information and functionality will be implemented in smaller and smaller devices. As a result, the value of the assets may grow as well. Blackberries have typically contained much sensitive information. The recent Blackberry Storm has featured touch screen. Along with the growing of assets contained in small devices, the security features currently available may become inadequate. It’s interesting to see more and more fingerprint scanners showing up in laptops. It seems people are aware that portable devices can contain sensitive information and can be stolen quite easily. It will be interesting to see what kind of new security measures may be implemented on touch screen devices in the future.