iOS security hole allows apps to grab user photos
“Bug” or “feature…?”
According to The New York Times’ Bits blog today, an iOS security feature that allows users to share information about their location can ALSO be used to allow those apps to surreptitiously grab user photos. The same user dialog box that requests access to a user’s location ALSO allows apps to copy photos, complete with GPS metadata, to a remote server without alerting users.
Frankly, I’m not at all surprised.
Apple did not respond to CNET’s request for comment. No surprise THERE! 
Frankly, I think it’s a “feature.” Apple developers are generally VERY competent.
On the other hand, it could be a “bug,” but maybe not a “software bug.” Maybe, it is something more like the “ROVING bug” used by the FBI, when they remotely activated the microphones in cell phones of New York organized crime families, as described in 2006!
At a time when EVERY CELL PHONE has a built-in camera (ah, so many faces to RECOGNIZE) despite their inherent security risks for companies, when telecommunications companies have been caught with “splitters” duplicating streams of phone and Internet traffic and sending them to the NSA, when SEVERAL “zero-day” holes in Windows were used, probably by a collaboration of three “nation states” to destabilize gaseous centrifuges enriching uranium in Iran using the Stuxnet Worm, WHY would the ability to “harvest” the user photos from one of the world’s most popular smartphones SURPRISE anyone? Or even the earlier “locationgate” feature described LAST April, in which iOS devices logged up a year’s worth of location data which they stored unencrypted….
It is as though we try desperately to cling to the comforting notion that the photos, messages, locations, and other digital information on our phones and computers are secure and private, despite OVERWHELMING evidence to the contrary.
Although I have sometimes “poked fun” at the clumsy way in which vulnerabilities seem “baked into” the Windows operating system (including those used by the Stuxnet Worm), I do not doubt for a moment that “backdoors” are a requirement for ALL operating systems to receive approval. That is just “my humble opinion,” but it is one that seems to be supported by a lot of evidence and one that I arrived at slowly, and which I did not WANT to believe at all.
It seems that we are left with a situation that, as developers FIX “bugs” discovered by groups that perform a “watchdog” function, other (or even the same) developers may be working on code to maintain the surveillance capabilities LOST when the DISCOVERED “bugs” are fixed. These new, undiscovered “bugs” (“features” really), sent out with OS updates, will allow governments and telecommunications companies to maintain surveillance until the new “bugs”, in their turn, are discovered and fixed.
So, savvy customers of technology may, at the one extreme, accept their role as active “spies” (who have PAID for the “privilege” ) for anyone on the receiving end of the harvested data stream or, at the other extreme, they can go buy that cabin in Montana!
The most pitiful reality is the one shared by the not-so-savvy customers of technology, who (incapable of IMAGINING the surveillance potentials of their devices) believe, despite all of the evidence to the contrary, that their data and communications are secure and private.
-Bill at
Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”
You can view higher-resolution photos at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. The Cheshire Cat Photo Store on Zazzle® contains a wide variety of apparel and gifts decorated with our images of California. All locations are accessible from here. LIKE Cheshire Cat Photo on Facebook here! If you don’t see what you want or would be on our email list for updates, send us an email at info@cheshirecatphoto.com.
