"When Gadgets Betray Us": The danger in that iPad

The gizmos we so love can unwittingly leak important security info. An expert explains what you should know

Published April 10, 2011 9:01PM (EDT)

Earlier this week, news outlets reported a strange glitch in one of Apple's latest must-have products. It appears that several iPhone 4s have been pre-wired with a bit of a voyeuristic streak, snapping pictures of their owners without their knowledge and displaying these images during their FaceTime calls. By now, hiccups like these seem almost inevitable. Many of us spend our waking hours staring at one computer screen or another, and despite the user friendliness of our GPS or smartphone or PC, we possess only a cursory understanding of how these devices actually work. We're also blissfully unaware of the dangers that come with many of their functions -- several of which we deem essential to our business and social lives (just ask your dinner guest futzing with his BlackBerry under the table).

But has our technophilia left us too vulnerable? Exactly how long is the trail of digital bread crumbs we leave behind on a daily basis? As bugs like the one nesting in the iPhone 4 reveal, even our more hi-tech gadgets are susceptible to malfunction or worse. (In fact, it's the complex computer systems that can cause the most damage.) "When Gadgets Betrays Us," Robert Vamosi's meticulously researched new book, offers a revealing look at the dark underbelly of our rapidly advancing electronics. This is not some Orwellian indictment of new technology, but instead a call for caution: Our gadgets are evolving faster than we can successfully secure them.

Vamosi is a security blogger for Forbes.com and an analyst for the tech company Mocana. Salon spoke with him over the phone about the perils of modern gadgetry and some of the modest measures we can take to combat them.

Why do you think Americans are so drawn to gadgets? What does it say about our culture that we're living in a time where Steve Jobs, Bill Gates and Mark Zuckerberg are household names?

I don't think Americans are necessarily more drawn to gadgets than anyone else in the world. Steve Jobs, Bill Gates and Mark Zuckerberg are household names because their products are ubiquitous. What draws us to their various devices and websites is their convenience. Obviously, social networks like Facebook and Twitter allow us to communicate with our friends and family whenever we need to, but it extends well beyond that. You no longer have to go to a designated room in your house to listen to hi-fi music; you can take it with you on the train or the bus. Our gadgets offer these myriad experiences at the click of a button.

What kind of toll do you think that modern electronics have taken on our ability to focus on the task at hand?

Not only do they distract us, I think our gadgets have made us a lot less resourceful. Just observe what happens when our technology fails -- when a city experiences a blackout and our wireless phone service goes down. Generations of people have been conditioned to navigate their way through unfamiliar surroundings, but suddenly we feel lost when we can't use our iPhone to direct us down the street. We consider our technology infallible because it's sexy looking, it beeps and some of it even speaks to us in a soothing voice. Needless to say, it's not. We as humans should be able to override our devices if we suspect they're leading us astray.

What gadgets are leaking our personal information most surreptitiously?

Their technology is relatively basic, but transit cards are a great example. We swipe a piece of plastic through a device, walk though a gate and never give the transaction a moment's thought. What we don't realize is that there's a machine that's keeping a record of every time we pass through that particular gate. When we used paper tickets, there was nothing to connect us to our day's travel. For the convenience of being able to walk through a turnstile very quickly, we're surrendering potentially vital information about ourselves. This won't be a problem for most people, but who's to say that several years from now someone won't try to use that data against you? Maybe your spouse is suing you in a divorce and she decides to use those records as proof that every Tuesday afternoon, you left the office early to meet with your mistress.

In your book, you seem very wary of devices that connect to the Internet because it makes them vulnerable to hackers and cyber-criminals. Do you see this trend of easy Wi-Fi access reversing, or is that animatronic cat out of the bag?

We're at a point in history where there are more non-PC devices connected to the Internet than PC devices, so access is clearly here to stay. Frankly, it's beneficial to have our homes equipped with things like smart meters that measure exactly how much water or electricity we're using and communicate that info back to the utility company via the Web. Having a meter reader come around once a month is wasteful and inefficient at this point. The downside of all this is that if I were to inject malware into a device in your home, it could worm its way into my neighbor's place down the street, the apartment building next door and maybe even the rest of the city. My concern with things like smart meters is that we're not doing enough to protect them from these outside influences. They're vulnerable to the same viral attacks as computers, but we're rushing them into people's homes in the name of efficiency. We need to put safety measures down at the chip level.

In recent years, there has been a major movement in American commerce to go digital. Do you think we're collectively prioritizing convenience over security with these kinds of measures?

In many instances, yes. One of the highest-profile examples of this is the Health Information Technology for Economic and Clinical Health Act, which was enacted as part of the American Recovery and Reinvestment Act of 2009 and offers healthcare providers economic incentives to convert their paper medical records. While researching my book, I spoke to Howard Schmidt, who's now the cyber-security coordinator of the Obama administration. He seemed to suggest that doctors and providers were desperate to capitalize on the stimulus money that was suddenly made available to them. Because there was an incentive program in place, people were rushing out to buy equipment that enabled them to transfer their records to a digital format. No one stopped to ask the question: Who's certifying that these devices are secure?

One of your book's chapters is devoted to the proliferation of something called radio-frequency identification chips -- electronic tags that communicate vital information via radio waves. My question is: if they're so easily traceable, how come everything from a passport to a Walmart T-shirt seems to contain one?

Again, we come back to the notion of convenience. When I approach a customs agent with my passport, they can read my code almost 30 feet away and have my electronic files ready. The same is true of the merchandise in a retail outlet. A clerk no longer has to rifle through a clothing rack to determine that the store is out of XL T-shirts because a quick RFID scan will tell him that. Until now, no one has started connecting the dots. If I'm wearing a certain shirt with a certain pair of shoes and a few other items that are broadcasting other coded pieces of information, a store could create a proxy of me. They might not necessarily know who I am, but they'll know where I like to shop and what I like to buy. There's no reason to believe that our privacy can't be invaded in even more insidious ways.

But can't we chalk some of these security risks up to the price of living, working and socializing in the 21st century? Do you think that the average American really feels betrayed by his or her electronic equipment?

No, but that's my point: We may not be the victims of a targeted attack, and we may not personally experience a failure of technologies that we depend on every day, but we shouldn't ignore the potential for these events to occur in the future. Ultimately, I think we're too quick to commit to new technologies we don't fully understand. And as more and more people favor a particular gadget, there's always a tipping point where it becomes profitable for certain enterprising minds to exploit its flaws. Now that we have cars and medical devices connected to the Internet, we should be securing those gadgets today knowing that someone will find them vulnerable tomorrow.

Throughout the book, you're a big proponent of layering -- a theory rooted in the idea that we can better protect ourselves by using multiple systems of security. What are a few practical measures that your readers can take to make their devices more secure?

One of the first things I'd recommend is to go into the configuration settings of your gadget and disable some of the functions you don't necessarily need. Many smartphone users don't even realize that they can turn off their Wi-Fi connection if they so choose. At the very least, they can tweak the privacy settings on their social networking apps so only friends and contacts can see the personal information that they're broadcasting. Just about any defense system can be hacked with enough time and effort, but the idea is to put as many obstacles as possible between you and a cyber-criminal.

How has writing this book affected the way that you use electronics? Has all of the research you've gathered made you a kind of reactionary Luddite?

I don't think my response has been quite that extreme, but I can say that I'm no longer an early adopter. Only recently did I purchase my first smartphone. I'm still passionate about new technologies, but I'm hopeful that my book will elevate the discussion of what kind of security needs to be implemented in our devices in order to comfortably enjoy them. Nobody wants a few bad user experiences to ruin a gadget forever. 

Jacob Sugarman is an editorial fellow at Salon.


By Jacob Sugarman

You can follow Jacob Sugarman on twitter @jakesugarman.

MORE FROM Jacob Sugarman


Related Topics ------------------------------------------

Books Internet Culture Nonfiction Our Picks