Following up on our story from last week, we looked more closely at applications which used SSL to encrypt communications between iPhones and remote servers in order to determine if they were transmitting iPhones’ unique identifiers.
We performed SSL MITM attacks against several of these applications to obtain the messages in the clear.
While this study is not yet complete, so far the findings show that many of these applications are using SSL to transmit UDIDs to a remote host. For example, the “Mirror Free” application (http://itunes.apple.com/us/app/id379516970?mt=8) which emulates a mirror using the iPhone’s front-facing camera was decrypted and shown to be transmitting UDIDs to a remote host. Here is the plaintext of a portion of the SSL conversation; the UDID of the test phone is the string beginning with “b3d1bad” and ending with “d46b”.
00 01 00 05 65 6e 5f 55 53 00 00 00 0b 34 2e 30 en_US 4.0 2e 31 2e 38 41 33 30 36 00 00 00 01 00 00 00 98 .1.8A306 0a 28 62 33 64 31 00 00 00 00 00 00 00 00 00 00 (b3d1badxxxxxxx 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 xxxxxxxxxxxxxxxx 00 00 00 00 00 00 64 34 36 62 12 13 63 6f 6d 2e xxxxxxd46b com. 61 70 70 63 75 62 62 79 2e 6d 69 72 72 6f 72 1d appcubby.mirror 00 00 00 00 32 09 69 50 68 6f 6e 65 33 2c 31 3a 2 iPhone3,1: 03 34 31 30 42 03 33 31 30 48 04 52 14 5d c8 f9 410B 310H R ] 23 42 65 ac e5 96 c2 6d 00 00 80 c0 7d 00 40 97 #Be m } @ 47 58 c0 02 60 e0 03 68 90 01 70 02 7a 03 34 31 GX ` h p z 41 30 82 01 03 33 31 30 88 01 00 92 01 03 35 37 30 0 310 570 b2 01 05 65 6e 5f 55 53 00 00 00 0b 00 00 00 09 en_US 0a 05 08 c0 02 10 32 10 01 00 00 00 0c 00 00 00 2 00 00 00 00 0c 00 00 00 00 00 00 00 0c 00 00 00
We studied the following applications from our paper and confirmed they are transmitting UDIDs via SSL:
- Bed Intruder Soundboard
- Color Fill
- Galaxy on Fire
- I Bomber 2
- Mirror Free
- Mr. Runner
- Pimple Popper
In most of the cases where SSL was used, communication terminated on the qwapi.com network. The SSL certificate used on the servers on this domain indicate the name of the company is Quattro Wireless.
Quattro Wireless was acquired by Apple and is responsible for serving advertisements through the iAd system. Quattro Wireless’s website went down after the acquisition, but the Wayback Machine cached the content. In 2008 they boasted the following capabilities:
Quattro works with our agency partners to devise media plans to leverage our engaged audience based on partner goals and key targeting ideals: contextual, demographic information when available for both on and off deck sources, registration data, behavioral profiling and clustering. Targeting is available throughout the Quattro Network based on:
Channel, country, carrier, handset, time of day, Geo, demographic and mobile behavior across the Network
Standard Web advertising capabilities such as Frequency Capping, Pacing and Smoothing are available on a per campaign basis.
iPhone Applications & Privacy Issues: An Analysis of Application Transmission of iPhone Unique Device Identifiers (UDIDs)
In 1999, Intel released its newest CPU — the Pentium 3. Each processor included a unique serial number, visible to any software installed on the system. A product backlash quickly developed as privacy rights groups realized that this serial number could be used to track usersâ€™ online behavior. The industry, along with trade groups and governments, blasted this new feature; many governments went as far as proposing legislation to ban the use of Pentium 3 CPUs. Following the outcry, Intel quickly removed the serial number feature from their processor line, never to be re-introduced.
Fast forward a decade to the introduction of Appleâ€™s iPhone platform. Much like the Pentium 3, devices running the Apple iPhone operating system (IOS), including Apple iPhones, iPads, and iPod Touches, feature a software-readable serial number â€“ a â€œUnique Device Identifier,â€ or UDID. In order to determine if the privacy fears surrounding the Pentium 3 have manifested themselves on the iPhone platform, we studied a number of iPhone apps from the â€œMost Popularâ€ and â€œTop Freeâ€ categories in Appleâ€™s App Store. For these applications, we collected and analyzed the data being transmitted between installed applications and remote servers using several open source tools. We found that 68% of these applications were transmitting UDIDs to servers under the application vendorâ€™s control each time the application is launched. Furthermore, 18% of the applications tested encrypted their communications such that it was not clear what type of data was being shared. A scant 14% of the tested applications appear to be clean. We also confirmed that some applications are able to link the UDID to a real-world identity.
The iPhoneâ€™s UDID is eerily similar to the Pentium 3â€™s Processor Serial Number (PSN). While the Pentium 3 PSN elicited a storm of outrage from privacy rights groups over the inherent risks associated with the sharing of such information with third parties, no such concerns have been raised up to this point regarding the iPhone UDID. As UDIDs can be readily linked to personally-identifiable information, the â€œBig Brotherâ€ concerns from the Pentium 3 era should be a concern for todayâ€™s iPhone users as well.
The full report is available here: iPhone-Applications-Privacy-Issues.pdf.
Update: iPhone Privacy: What about the SSL Apps? (10/5/2010)
People ask me all the time… they say: “hey, why do Mac laptops suck so much?”
Well, I’m here to tell you. One quick note before we start, tho..
This is not about the OS. I’m not talking about OSX vs. Windows 7 vs. Linux at ALL. That is a discussion for another day. Today we are talking purely about hardware. The MacBook “Pro” is marketed as… well… a tool for professionals. I argue that it is an overpriced toy and that Apple should be bringing the heat if they want to put a “pro” label on their hardware.
I watched the gdgt liveblog of the WWDC announcements the other day, waiting to see the magic they would unveil. I want to know why people are so passionate about this hardware. I wanted to see the amazing new features they would cram into their laptops which would then trickle down in future years to lowly PC users. Maybe I’ll be one of those guys who buys a MacBook Pro to run Windows 7 just so that I can have the most cutting-edge hardware available.
I think this photo sums it all up nicely (image from gdgt.com):
Wow. SD card slots? Core 2 Duo procs? 8GB RAM? And, of course, non-replaceable batteries.
Innovations? Drool-worthy? I think not.
You call this a feature table? I’ve seen more exciting feature tables on a pair of headphones.
Here’s a quote about the 13″ model:
â€œWe challenged the engineering team to add in an SD card slot, and they did it.â€
Whoop-de-frickin’-do. My friggin’ netbook has an SD card slot. A 5 year old ThinkPad has an SD card slot.
Ok, let’s forget about the 13″ model… I’m more interested in the 17″ MBP. I’m a mobile-workstation kind of guy, and I feel that a 17″ laptop should be just that: a mobile workstation. One might even use the words “desktop replacement.” There is a LOT of room in a 17″ laptop chassis and there is no excuse for the dearth of features Apple has offered. Evidently, you get the ExpressCard Slot on the 17″ instead of the SD card slot. Why not both?? I mean, really… SD card readers take up almost NO room in a laptop. FireWire 800 is nice, but where is the eSATA?
Now is the part where I tell you how a 17″ should be built, and I’ll be using my Dell M6400 Precision as a prime, alpha-dog example.
First up: Quad-core processor. Yeah, that’s right. Enjoy your Core 2 Duo. My M6400’s Core 2 Extreme Q9300 quad-core will throat-punch your Core 2 Duo and send it gasping back to momma.
Next: 16GB RAM. It seemed like everybody was really impressed when they announced that the MBP’s would max out at 8GB of RAM. I’m really sorry to hear that. I have 8GB in my M6400 just for kicks, but it can hold 16. That’s a mobile workstation. Also, I’d like to add that I accomplish my 8GB via 4 slots. Have you seen the price of 4GB DDR3 DIMMs? Outrageous. It adds a cool $1000 on to the price of your MBP to go from 4GB to 8GB. One. Thousand. Dollars. I was able to use 4 of the comparatively-cheap 2GB DIMMs.
Dual internal HDDs. My Dell has a 64GB SSD as primary drive and a 500GB HDD as secondary. It is stupid-fast, but also has a ton of storage. I could also put dual 500’s in there and RAID them up, if I wanted to. That’s options, folks. No reason they couldn’t squeeze the option of a second HDD/SSD into that 17″ chassis.
Full keyboard including numeric keypad. Yes, I like to have a numeric keypad. It is extremely handy when you are entering numeric data. I can type over 100wpm, but numbers never flow faster than via the numeric keypad. There’s room for it on the MBP 17, but you don’t have it as an option. Oh, and just so you know, my keyboard is also backlit.
Fingerprint reader. I can’t believe they haven’t added these to MBP’s yet. Once you have a proper fingerprint reader on a laptop. you’ll wish it was on everything. For me, it was an option. I didn’t need to have it on the laptop, but I wanted it and it was available. Thanks, Dell, for giving me that choice.
Workstation-class GPU. The M6400 can be purchased with a Quadro FX 3700M GPU. That’s some serious pixel-pushin’ hardware there, kids, with 1GB of dedicated RAM. I don’t personally use CAD applications or other stuff that would make full use of that GPU, but it sure is great to have it as an option for a “mobile workstation.” The 9600M GT couldn’t dream to carry the enormous, titanium-reinforced jock strap of the 3700M.
RGB-LED backlit screen. This is a big one for me. The screen on this thing is amazing. The MBP uses an LED-backlit screen, but it is using white LEDs (to the best of my knowledge… apple.com just says “LED-backlit” and I think they’d tout RGB-LED backlit if that’s what they were using). By using RGB-LEDs, the screen is able to display an incredibly dynamic color gamut which is fantastic for anybody who works on photos. Ask anybody who has seen a laptop with RGB-LED next to a MBP and they’ll tell you it is a significant difference. Mobile workstation, indeed. I even have a choice of different resolution screens, but mine is 1920×1200.
Replaceable battery. Do I need to say more? You just can’t beat having a spare battery. Maybe there are so few features on this model because the entire chassis is full of battery.
Choice of optical drive. My M6400 has a DVD-RW drive…but I could have a blu-ray drive in there right from Dell (if that’s the way I wanted it)…and I could always do it later because I’m not afraid to take a few screws out and swap it myself. Choices.
Choice of internal radios. I have an Intel 5300 802.11a/g/n radio in my M6400 because that’s the radio I wanted. I had other choices. I also have a Bluetooth radio, which was optional. I also have a Verizon WWAN card. Can’t get those in MBPs yet, can you? Enjoy your USB WWAN adapters and tethered phones. Can you even get Bluetooth on an MBP? I have no idea, it certainly isn’t an option when you configure one.
Frickin’ buttons. Yes, I like buttons for my trackpad/pointing stick. I am not alone. My trackpad also does a neat trick for application-specific shortcuts which you can see here: http://www.youtube.com/watch?v=Ad6Q7DuGCQY
Other random features:
Along with all of that, the M6400 also boasts: eSATA, ExpressCard, PCCard, Smart Card, SD, FireWire, VGA, DisplayPort (not “mini”), camera with dual digital array microphone…and probably more I can’t think of right now. The eSATA port is a big one, IMHO. I have every external HDD I own in a case with an eSATA port (these cases are more abundant and cheaper than cases with FireWire 800) and those drives are indistinguishable from my internal drives, throughput-wise.
Was this M6400 expensive? You bet your ass it was… but it was still cheaper than a clearly-inferior MBP. Seriously. All these extra features on the hardware, arguably important features, yet it is less expensive. I don’t think the MBP is a bad machine, but for all that money (and the “pro” moniker), it seems like you folks should demand more. You should, at the very least, have some options. I understand the minimalist approach, and I’m sure the MBP 17 is lighter and thinner than the M6400, but wouldn’t it be awesome if Apple produced a REAL mobile workstation as the MacBook UltraKickAssPro 17? The MBUKAP would be a little bit bigger (yet still stylish) and could be the first dual quad-core processor laptop.
That would be innovation. That would be drool-worthy.
For the time being, I guess I’ll just keep on using my PC.