Locate Lost or Stolen Macs with ‘Find My Mac’ in Lion and iCloud
Apple’s popular Find My iPhone feature of MobileMe is being extended to Macs as well, as part of iCloud and Lion (10.7.2). It will also allow the person who found or stole the machine to login using a limited guest account (with only access to Safari), in order to allow your Mac to connect to the internet. As with the iOS version, Find My Mac will allow you to remotely send a message, lock or even wipe your computer.
I’m guessing the geolocation will be limited to triangulating local wireless networks, but I’m hoping it will also send back the public IP address of the network it’s currently connected to, which would help significantly when trying to recover a stolen device. I wonder how developers of commercial Mac tracking software are feeling right about now?
For more info and pictures check out this post at Cult of Mac. In other news, iOS 5 will finally bring the ability to delete entries from your call history.
Find My iPhone Brings Improved Offline Device Support
Apple has released an update to their free Find My iPhone offering, which greatly improves the support for tracking devices that are offline at the time. Note that this doesn’t mean you can track an iPhone or iPad that is turned off, or out of signal range (not possible). Instead, if a device is offline when you try to locate it, Apple will later send you an email with its location the next time that device gets back online. Thanks to this, it’s no longer necessary to constantly be checking the Find My iPhone app/webpage. Here is Apple’s summary of the changes:
- When you are unable to locate a device because it is offline, you will receive an email if the device comes online and is located.
- Ability to remove an offline device from the list using the app.
Note, it appears this updated feature is only available using the Find My iPhone app (version 1.2) available in the App Store – it is not yet available in the MobileMe web interface. I assume it won’t be updated until the new iCloud Find My iPhone web interface is launched. [Update: I was right.]
For more information on how to use this great free service to recover your iOS devices, check out Protecting and Recovering Your iPhone and iPad from Loss and Theft.
iPhone/iPad iOS 4.3.3 Fixes Location Tracking Bugs
Following the recent over-hyped “location tracking scandal“, Apple has released iOS 4.3.3 which fixes bugs in the Location Services on iPhone and iPad devices that caused them to store excessive location information. As detailed by Apple’s Q&A on Location Data, the location data stored on iOS devices (and backed up by iTunes) are merely a subset of Apple’s crowd-sourced location database of Wifi hotspots and cell towers, used to facilitate Location Services when GPS is unavailable or unreliable. The bugs were causing iOS to download this location cache even if Location Services were turned off, and to store the cache indefinitely, instead of being regularly purged.
This update contains changes to the iOS crowd-sourced location database cache including:
- Reduces the size of the cache
- No longer backs the cache up to iTunes
- Deletes the cache entirely when Location Services is turned off
It’s nice to see Apple resolve this issue so swiftly, and these changes will help improve the privacy of iPhone and iPad users, regardless of whether they use Location Services. The only thing I would have added if I were Apple, is the ability for the user to clear the location cache in the device settings. It’s a button that could be easily added in Settings > Location Services. Just sayin’!
Everything You Need to Know About the iPhone Tracking ‘Scandal’ [Updated]
Seeing as I cover OSX/iOS security and privacy, I figured it’s about time I weighed in on this whole iPhone/iPad tracking ‘scandal’. I have to admit I was surprised when I first heard of the iPhone storing location data, especially that it does so with Location Services turned off. This issue is not new, however, and was described in a fair amount of depth by Alex Levinson several months ago. What has made it so popular this month is the release of the iPhoneTracker app, developed by Pete Warden and Alasdair Allan, that creates a visual map of your visited locations. I promptly tested iPhoneTracker, and sure enough it showed a bunch of areas that I’d visited. Upon closer inspection, however, I noticed that it didn’t specifically geolocate me in two places where I’d spent a lot of time; namely home and work. On top of that, there were a number of locations I’d never even been to.
[Updated] According to the info recently published by Apple, this stored location data is not the location of the iPhone itself, but rather a subset of crowd-sourced location information for local cell towers and wifi networks, which is only used to rapidly provide the user with location information. Full details at the bottom of this post. Read more
Protecting and Recovering Your iPhone and iPad from Loss and Theft
My sister recently had her iPhone stolen, and it occurred to me that not enough people know how to help protect their iPhone/iPad from theft, what to do if it gets lost or stolen, and the steps to take even if they’re unable to get it back. Using a combination of security tips and geolocation, using Find My iPhone, you should have a much higher chance of recovering your device. Note that although this article is iPhone/iPad-centric… the principles apply to any smartphone!
NEW! Please refer to my Find My iPhone FAQ for the answers to some frequently asked questions (especially before asking a question in the comments). Read more
iOS 4.2.1 Released with Free “Find My iPhone”
Apple has finally released the highly-anticipated iOS 4.2 (actual version is 4.2.1), bringing support for the iPad along with several other feature including AirPlay and AirPrint.
Along with this release, Apple has made the “Find My iPhone” functionality in MobileMe free to all iPhone, iPad and iPod Touch device owners. This service uses a combination of GPS, cell tower and wifi-network triangulation to obtain the location of the device, which can then be mapped. It also allows you to send messages, lock or completely wipe the remote device. To use this feature, you’ll need add a MobileMe account using your iTunes Apple ID by going to Settings > Mail, Contacts, Calendars > Add account. You can then track your device using the Find My iPhone app available in iTunes, or using the MobileMe web interface.
Users concerned about the privacy implications of this feature can easily disable it by going to Settings > Mail, Contacts, Calendar > Select your MobileMe account > Set ‘Find My iPhone’ to Off. Have a look at Apple’s KnowledgeBase article for more info on this feature.
iOS 4.2.1 brings with it a number of security updates (including Safari and numerous WebKit patches). Although it’s not mentioned in the update details, the previously-reported cool-but-deadly keylock bypass vulnerability has been fixed. Hit the jump for full details.
Related: Protecting and Recovering Your iPhone and iPad from Loss and Theft!
Facebook’s Suspicious Login Tracking
This is kind of old news, but I’ve only recently become acquainted with Facebook’s tracking of suspicious logins. If you only use a couple of devices, or haven’t traveled around much, you may not have seen come across these recent security additions to the authentication mechanism.
When logging in to Facebook, the site looks up the last location you logged in from (by geolocating the IP address), and compares it to a list of ‘known’ locations. If the location the user is logging in from is beyond a certain ‘distance threshold’ from the known locations, the user will be challenged. There are two types of challenges that can be chosen; the first is to recognise friends based on their picture (a solution I find both elegant and effective); the second is to answer a pre-set security question. If the user fails both of these challenges (I did… go figure), they have to wait an hour before trying again.
The next time you successfully log in, you will be alerted to any recent suspicious login attempts, complete with a geolocated map of that attempt’s location (see screenshot).
This feature has been added to Facebook’s authentication mechanism, and is thus on by default for all accounts. There is another feature however, that is not on by default, but is also interesting. You can set Facebook to notify you whenever a new computer or mobile device is used to log in to your account. This setting is found under Account Settings -> Account Security -> Login Notifications.
Thought this would be of interest to anyone looking to further secure their use of Facebook. Check out their full blog post about these features.
Related:
Disable Facebook Places – or – Location-Stalking for Fun and Profit
In a direct strategic offensive on Foursquare’s service and a long-term plan for world domination, Facebook recently introduced their own service dubbed Places. These two services allow users to ‘check-in’ to virtually any venue/event, thus sharing their location with friends (or the world). This introduced an awesome new sport known as Foursquare stalking where one could follow the check-ins of known or random people (eg. by searching for 4sq.com on Twitter Search), call up the venue they are currently at, and ask to speak to the person… and then doing this for every location they check-in to. Tremendous fun. The guys at PLA Radio had fun prank-calling people using this, with amusing results.
Apparently the bald fat guy below just got home. Since he is kind enough to post the actual location of his domicile, all a thief has to do is wait until he checks-in somewhere far away, and then proceed to leisurely rob him of all his stuff. Sorry baldfatguy… didn’t mean to pick on you but you were at the top of the list.
Surely Facebook’s entry into this domain will allow for more stalking goodness. Another interesting perspective is using Places to create an alibi by spoofing one’s GeoLocation. Anyway, onto the essentials. At least most of us can just avoid using services like Foursquare… but if you have a Facebook account, it’s yet another privacy setting you will have to set yourself.
To Disable Places: Log in to Facebook and go to the Privacy Settings. Click on Customize Settings at the bottom, and then modify the Things I Share settings (you will need to select Custom from the dropdown menu in order to choose Only Me). These settings are only important if you do actually use Places.
Next go down to Things Others Share, and uncheck Friends can check me in to Places.
Hack Uses Geolocation to Pinpoint Your Location
In one of the more simple yet clever attacks I’ve seen this year, at BlackHat and Defcon, Samy Kamkar (author of the 2005 Samy MySpace worm) showed how javascript and geolocation could be used to more or less pinpoint a user’s location. An attack Samy dubbed ‘XXXSS‘.
The attack works by using javascript to obtain the MAC address (a unique hardware identifier) of the victim’s network router or gateway, and then submitting it to Google’s Geolocation service to obtain the coordinates. Read more