People familiar with the latest pre-release distributions of the next-gen OS say the software now includes the CoreLocation framework previously available via the iPhone SDK, which will allow Mac applications to identify the current latitude and longitude of the Macs on which they're running.
Since Macs don't include GPS technology like the iPhone 3G, CoreLocation will utilize a Mac's existing networking hardware to triangulate the system's location in a manner similar to the way the original iPhone was able to use the technology ti emulate a true global positioning signal.
I sure hope that there is a kill switch as I don't want every web site owner to know precisely where I am at all time. This feature could be used by fraudsters or as evidence by prosecutors.
People talk about BIG BROTHER watching over your every move, but that really looks like it. Sorry Apple, give us the kill switch or we won't buy Macs.
This is a huge, huge security issue. I'm a software developer and I can already think of several abusive ways to use these APIs to track people.
Malware writers I'm sure can too. Adds a whole new meaning to the "pedofile/sexual predator" expression.
People who think they can just turn it off by using some setting in the preferences are really naive.
And yes, I can write malware today that will send me your IP address, and I could locate the city you are in and your ISP, but I still can't quite pin point where your house is.
This is just taking it a step further. I hope Apple know that the direction they are taking is scary.
Perhaps it really is a good time to be looking into switching to Linux for all computing before it becomes illegal to own one.
I agree with you, I usually don't mind the government methods of tracking people as things like security cameras, phone tapping etc are proven to catch criminals. People will say 'oh wait no they're not, studies have found that is not the case' but they are.
Stuff like CoreLocation just isn't needed and most certainly adds a security risk. Sexual predators are a good example that people are dismissing too easily.
You can't track an IP address down that easily but geographical co-ordinates can pinpoint you to within meters. A global preference would set a plist setting that can be turned on by a simple 3rd party app. If the developer kit is open for 3rd party apps, which I would image it should be then it can be exploited to send the locations out over the internet.
Think of this scenario:
- kid logs on to some IM program or whatever they are into these days, bebo or mysace
- predator logs on and messages them with a file to open, which may be a file like this one:
- instead of installing malware, it simply executes code to turn on the location sending plist setting if it's off and push out the co-ordinates within just one chat session
- if it's a video chat, they have a face and a location within a few meters and this will come enabled on every Mac by default
- if you assume that people are smart enough to know to turn it off, check the Safari preferences and tell me if open safe files after downloading is turned off on your machine. That comes enabled by default on Macs.
I think it's most definitely a security risk. The iphone is different because it's sandboxed and predators can't send malware to people on an iphone. Not to mention, it's mobile so the location isn't completely accurate and also has no way of sending video chats, just photos manually.
The single advantage is that you would possibly know where your stolen laptop is, but a thief can certainly just turn the feature off as no-one is sending them malware to turn it on.
When it comes to the camera in the screen feature Apple are rumored to be working on, I can see how that would be convenient despite having some privacy concerns. However, I don't see any benefit in having CoreLocation on a computer system beyond maybe using maps on a laptop somewhere but even then, they should just allow you to use those features on your iphone as well as the internet connection by plugging it into a laptop. It sells more iphones too.
As the critic of little snitch pointed out, it's still *possible* to modify the kernel to get around these things, but if Apple did that they would be breaking the law, and if anyone else did that, it would have to be done by a virus attack (unlikely) or a malware installation that again, breaks the law.
Well I am the critic of little snitch suggesting that someone can modify your kernel. Honestly I'm not afraid Apple will abuse this technology. They stand to lose a lot of reputation if they do. I am suggesting malware writers may take advantage of it. It's really enabling technology. What someone does with it is up to them.
This is cool stuff, but I hope they allow us to simply set our location manually as well.
I have always found this to be a big of a bug or error on the iPhone. If you are inside a building (and most desktop Macs will be even if they get or are attached to GPS hardware), the iPhone can't determine your exact location. This screws up all the GPS related software to a degree when you are sitting in your own living room.
I can't for the life of me think why there is not a facility to look up your exact co-ordinates and set them as "home" for your computer or at least your Airport. I hate having all that advanced tech in the iPhone only to have every application believe that I actually live in a garage three houses down the street from where I am.
You can always register your wifi with skyhook. I have my home and business router registered so even inside I get accurate locations
Comments
People familiar with the latest pre-release distributions of the next-gen OS say the software now includes the CoreLocation framework previously available via the iPhone SDK, which will allow Mac applications to identify the current latitude and longitude of the Macs on which they're running.
Since Macs don't include GPS technology like the iPhone 3G, CoreLocation will utilize a Mac's existing networking hardware to triangulate the system's location in a manner similar to the way the original iPhone was able to use the technology ti emulate a true global positioning signal.
I sure hope that there is a kill switch as I don't want every web site owner to know precisely where I am at all time. This feature could be used by fraudsters or as evidence by prosecutors.
People talk about BIG BROTHER watching over your every move, but that really looks like it. Sorry Apple, give us the kill switch or we won't buy Macs.
This is a huge, huge security issue. I'm a software developer and I can already think of several abusive ways to use these APIs to track people.
Malware writers I'm sure can too. Adds a whole new meaning to the "pedofile/sexual predator" expression.
People who think they can just turn it off by using some setting in the preferences are really naive.
And yes, I can write malware today that will send me your IP address, and I could locate the city you are in and your ISP, but I still can't quite pin point where your house is.
This is just taking it a step further. I hope Apple know that the direction they are taking is scary.
Perhaps it really is a good time to be looking into switching to Linux for all computing before it becomes illegal to own one.
I agree with you, I usually don't mind the government methods of tracking people as things like security cameras, phone tapping etc are proven to catch criminals. People will say 'oh wait no they're not, studies have found that is not the case' but they are.
Stuff like CoreLocation just isn't needed and most certainly adds a security risk. Sexual predators are a good example that people are dismissing too easily.
You can't track an IP address down that easily but geographical co-ordinates can pinpoint you to within meters. A global preference would set a plist setting that can be turned on by a simple 3rd party app. If the developer kit is open for 3rd party apps, which I would image it should be then it can be exploited to send the locations out over the internet.
Think of this scenario:
- kid logs on to some IM program or whatever they are into these days, bebo or mysace
- predator logs on and messages them with a file to open, which may be a file like this one:
http://www.macworld.com/article/4945.../leapafaq.html
- instead of installing malware, it simply executes code to turn on the location sending plist setting if it's off and push out the co-ordinates within just one chat session
- if it's a video chat, they have a face and a location within a few meters and this will come enabled on every Mac by default
- if you assume that people are smart enough to know to turn it off, check the Safari preferences and tell me if open safe files after downloading is turned off on your machine. That comes enabled by default on Macs.
I think it's most definitely a security risk. The iphone is different because it's sandboxed and predators can't send malware to people on an iphone. Not to mention, it's mobile so the location isn't completely accurate and also has no way of sending video chats, just photos manually.
The single advantage is that you would possibly know where your stolen laptop is, but a thief can certainly just turn the feature off as no-one is sending them malware to turn it on.
When it comes to the camera in the screen feature Apple are rumored to be working on, I can see how that would be convenient despite having some privacy concerns. However, I don't see any benefit in having CoreLocation on a computer system beyond maybe using maps on a laptop somewhere but even then, they should just allow you to use those features on your iphone as well as the internet connection by plugging it into a laptop. It sells more iphones too.
As the critic of little snitch pointed out, it's still *possible* to modify the kernel to get around these things, but if Apple did that they would be breaking the law, and if anyone else did that, it would have to be done by a virus attack (unlikely) or a malware installation that again, breaks the law.
Well I am the critic of little snitch suggesting that someone can modify your kernel. Honestly I'm not afraid Apple will abuse this technology. They stand to lose a lot of reputation if they do. I am suggesting malware writers may take advantage of it. It's really enabling technology. What someone does with it is up to them.
This is cool stuff, but I hope they allow us to simply set our location manually as well.
I have always found this to be a big of a bug or error on the iPhone. If you are inside a building (and most desktop Macs will be even if they get or are attached to GPS hardware), the iPhone can't determine your exact location. This screws up all the GPS related software to a degree when you are sitting in your own living room.
I can't for the life of me think why there is not a facility to look up your exact co-ordinates and set them as "home" for your computer or at least your Airport. I hate having all that advanced tech in the iPhone only to have every application believe that I actually live in a garage three houses down the street from where I am.
You can always register your wifi with skyhook. I have my home and business router registered so even inside I get accurate locations
Skyhook Registration