Comments on: Apple Knows Where You Are: Sniffing the iPhone Location Service in 1.1.3 http://davetroy.com/posts/apple-knows-where-you-are-sniffing-the-iphone-location-service-in-113 Design, Entrepreneurship, Economics and Software Sun, 29 Jan 2012 14:43:00 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: jason http://davetroy.com/posts/apple-knows-where-you-are-sniffing-the-iphone-location-service-in-113#comment-242 jason Tue, 16 Dec 2008 00:21:58 +0000 http://dave.popvox.com/?p=13#comment-242 well iPhone's security is a little lame... was reading an article here http://www.greyhatindia.com/2008/12/16/protect-your-iphone-from-getting-sniffed-on-wifi/ which clearly scared me about using the iPhone email on the Public APs let's see if apple does something in the future well iPhone’s security is a little lame… was reading an article here http://www.greyhatindia.com/2008/12/16/protect-your-iphone-from-getting-sniffed-on-wifi/ which clearly scared me about using the iPhone email on the Public APs

let’s see if apple does something in the future

]]> By: Dave Troy http://davetroy.com/posts/apple-knows-where-you-are-sniffing-the-iphone-location-service-in-113#comment-44 Dave Troy Fri, 18 Jan 2008 01:47:00 +0000 http://dave.popvox.com/?p=13#comment-44 rodbegbie - I agree that it's not clear what the nature of those fields are. I have a hard time believing, though, that there is not some piece of information transmitted that can not be correlated to my identity. <br/><br/>In fact, in the case of the SSL transmissions, there is no way to verify it at all. Apple's lack of a definitive disable mechanism for location services is also at odds with their SLA.<br/><br/>I will be following up on this in the next few days, as you suggest, to see if we can understand a little better what the transmitted information is. In the meantime, I hope this starts some conversation and investigation into the topic. rodbegbie – I agree that it’s not clear what the nature of those fields are. I have a hard time believing, though, that there is not some piece of information transmitted that can not be correlated to my identity.

In fact, in the case of the SSL transmissions, there is no way to verify it at all. Apple’s lack of a definitive disable mechanism for location services is also at odds with their SLA.

I will be following up on this in the next few days, as you suggest, to see if we can understand a little better what the transmitted information is. In the meantime, I hope this starts some conversation and investigation into the topic.

]]> By: rodbegbie http://davetroy.com/posts/apple-knows-where-you-are-sniffing-the-iphone-location-service-in-113#comment-43 rodbegbie Fri, 18 Jan 2008 01:17:00 +0000 http://dave.popvox.com/?p=13#comment-43 What makes you think your serial number is being reported to Apple? I don't see anything in that sniff that resembles a iPhone serial number.<br/><br/>If you're referring to the "s_nr" field: Can you check whether or not it is always the same value whenever you use it, and if it is unique to your phone? What makes you think your serial number is being reported to Apple? I don’t see anything in that sniff that resembles a iPhone serial number.

If you’re referring to the “s_nr” field: Can you check whether or not it is always the same value whenever you use it, and if it is unique to your phone?

]]> By: doylewalt http://davetroy.com/posts/apple-knows-where-you-are-sniffing-the-iphone-location-service-in-113#comment-40 doylewalt Wed, 16 Jan 2008 18:21:00 +0000 http://dave.popvox.com/?p=13#comment-40 Thorough and thoughtful post Dave - agree with you on all fronts. It will be interesting to see how "open" location becomes with the SDK release and/or at what cost.<br/><br/>Best - <br/><br/>Walt Thorough and thoughtful post Dave – agree with you on all fronts. It will be interesting to see how “open” location becomes with the SDK release and/or at what cost.

Best –

Walt

]]>