Breaking Into a Home With an iPhone
This is going to be one of these quick posts which just makes you think what the information security landscape will be like in 5 years. Before I move on with my commentary, here is a video which is essential for you to watch.
Got the idea? No? Let me explain. What you see in the video above is an application for the iPhone which gives you detailed characteristics of properties (houses) in USA. You can either search the map or just use your GPS coordinates to get information such as price of the house, number of floors, number of rooms, pictures taken from inside the house if the house was part of any register (letting agencies etc.) before you moved in, and other interesting information.
This is the kind of information gathering you see only in the movies. I won't be surprised if future versions of these kind of applications can pool even essential blueprints which show not only how the house was constructed from architectural point of view but also show the power and gas grids and perhaps even any other wiring such as telephone, coaxial, etc.
All of this information is also available through easily accessible APIs. Perhaps these APIs are not publicly known but anyone who can run a sniffer most certainly can get hold of the URLs and their formats. Now mash this APIs with any other tool such as one that correlates IP address to physical location (not very accurate btw) or better yet a wardriving tool and you have a infowar machine in your pocket that will make any criminal organization proud of.
This was the main purpose of my Web2.0 talk/research from two years ago. Back then I made a very simple analogy which I would like to bring once again. When the email was invented nobody even suspected that it will be used for things such as spam and malware. That was something unimaginable. Today spam is the fastest growing criminal industry and malware delivered over email is the most successful one. In summary, we cannot foresee how a technology will be used/abused. That depends on the imagination of the people.
The same goes for the Web2.0 meme. The more we use it, the more ways we will find to abuse it. However it is also important to say that the more we use it the more accustomed we will become to it. Therefore, when the shit hits the fan there will be very little that we can do.
The reason I am bringing this up is not because I would like to start even more FUD around the Web2.0 mem but it is time for us to stop looking into the technical aspects and start thinking in terms of technologies that affect normal people. Sometimes, we just lack the realism and we fail to spot the obvious problems.
ban applications:) but rather than elaborate how these applications, that data that is out there but yet undiscovered, can be used to create insecure situations or scenarios.
sinisterpurposes when combined with other sources of information and tools. In other words, your application, although obviously useful to many, facilitates easier research for malicious purposes. Zillow is among all other web2.0 enabled services out there. I am not arguing that we should abolish these tools and stop using them because of security and privacy concerns. I am only arguing that the web2.0 meme facilitates a different kind of future which mostly relays on openness. I am also arguing that web2.0 tools facilitate that openness in an unimaginable ways. And that is my only argument. Keep in mind that I am not anti-web2.0 person. I am running web2.0 infrastructures myself in other projects unrelated to GNUCITIZEN.