"iPhone Security Compromises Prove Difficult to Detect"
Mobile phones can be abused to enable stalking through location tracking, account compromise, and remote surveillance methods. Although experts can assist victims in detecting and recovering from this type of technology abuse, researchers at Carnegie Mellon's CyLab Security and Privacy Institute believe that average users are unprepared to identify and resolve these issues on their own. CMU researchers recently simulated technology-enabled abuse scenarios, such as those seen in intimate partner violence cases, to better understand how non-experts in victims' social support networks could assist non-tech savvy iPhone users in navigating these difficult situations. The four scenarios included determining whether a device's location was being tracked, identifying whether a spyware app was installed on a device, assessing whether an iCloud account had been compromised, and using online advice to find out whether the device had been jailbroken. According to Andrea Gallardo, a Ph.D. student in the School of Computer Science's (SCS) Institute for Software Research (ISR), the study considers a threat model in which the attacker or abuser does not use technical sophistication but rather takes advantage of physical access to the device to do things such as enabling location sharing or downloading apps that can transmit data back to them. The researchers presented the simulated scenarios to participants before asking them how they would assist a friend or coworker in detecting and resolving each security breach. Despite their familiarity with the iOS interface, the non-expert participants were unable to detect and resolve the problems in these scenarios, according to Lorrie Cranor, CyLab director. Overall, the study uncovers several usability issues in Google Maps and Apple's iOS, emphasizing the importance of taking the stalking threat model into account in usable security design and research. This article continues to discuss key findings from the study on strategies and obstacles in detecting iPhone security compromises in simulated stalking scenarios.
CyLab reports "iPhone Security Compromises Prove Difficult to Detect"