Tag Archives: David Phillips

iPhones, Facebook, and malware friendliness

Being the conscientious security professional, I do the best to keep all my Computing devices current on OS and application patches. This goes for every server in the lab to the iPod Touch and everything in-between. Last Night while checking iStore for App updates, I was advised that Facebook released a new version of their app.

As a force of habit, I looked at what the update addressed. Rather interestingly it made the Application more “user friendly”. the first item on the list was to be able to synchronize my friends with my contacts. This allows me to import things such as contact information, and profile Photos from Facebook to my “Contacts” or address book. Not too bad as such, although some of my “friends” like to use their dog, or a comic character as their photo. Neat feature, now should David Phillips ever leave OU, well, when he updates his phone number and email, I won’t need to worry, my iPod will update automajically. However, I don’t get to pick and choose which Photos to sync, so when an old High School Chum update their Photo from a nice head-shot, to something less than professional, well, I’ll have no choice there.

Now that is rather nice and user friendly, but at the same time, suddenly, Facebook is also Pushing messages, wall posts, friends requests, friend confirmation, photo tags, events and comments. In fairness, I did have to approve Facebook access, and authorization.

So here’s the rub, as normal user, I would say yea sure, that’s what I want, I want to know when David Harley posts the next AVIEN Blog to Facebook. But suddenly, Facebook has access to my address book, (Contacts to be precise) AND is able to push to my always on device (iPhone and iPod Touch use same app). This disturbs me greatly, as now my email addresses are harvestable (and who’s to know), as well as potentially malicious information being pushed to my phone. Am I paranoid? I’m envisioning a compromise at FB, which is now using iPods and iPhones to send SPAM, emails and SMS messages

As we often said in the past, a more user friendly environment directly translates to a more Malware Friendly environment. I only hope more mobile device users take the steps I did and NOT allow pushes, and the like.

Ken Bechtel