FW: Newsbank: Quip app security hole shares private photos (iPhone)

-------------------------------------------
From: David Peterson (SAL-AU)
Sent: Wednesday, March 31, 2010 12:16:33 AM
To: Newsbank
Subject: Newsbank: Quip app security hole shares private photos (iPhone)
Auto forwarded by a Rule

Quip app security hole shares private photos

• By Andrew Ramadge, Technology Reporter
• From: news.com.au
• March 30, 2010 11:39AM

The Quip app for iPhone had a massive security hole / File

• iPhone app had serious security hole
• Thousands of intimate photos leaked

THOUSANDS of intimate photos sent between iPhone users have been made public after an embarrassing security flaw.

The Quip app promised to let people send pictures to each other for free — like sending a multimedia message but without any fees.

What it didn't say was that anyone with a few web skills could see them as well.

Quip stored the private images on a publicly accessible web server without any encryption, making them easy prey for savvy internet users.

Now some of the most intimate moments of thousands of people are being circulated on web forums.

Many photos show people posing nude or having sex. Others show a day at the baseball or baby shots.

One image shows a man naked from the waist up and seemingly covered in cuts and blood. Another seems to have been taken inside the White House.

Some internet users have also allegedly matched up nude photos with real names and Facebook profiles.

On one web forum, a user identifying as one of the makers of the Quip app said the system had been shut down.

"Hello, this is Ish, the founder of Addy Mobile, makers of the Quip app," said "ish_addy" on Reddit.

"As soon as this post came to our attention, we immediately shut down our servers. We have also now disabled all S3 access and have started to systematically secure all files in the system.

"We will not bring the system back up until we have adequate security around all files shared over Quip."

However many of the photos, saved by people before the servers were shut down, are still being circulated.

 

Source: http://www.news.com.au/technology/quip-app-security-hole-shares-private-photos/story-e6frfro0-1225847390250

 

[additional note from DP]: fortunately for those who had their photos leaked, the quip app seems to resize the photos and strip the original exif data from them.  It would be one thing to have embarrassing personal photos leaked.  And quite another again to have such photos tagged with the owners GPS co-ordinates – since Google Maps will quite helpfully perform a reverse lookup to the precise street address.

 

 

David Peterson | Consumer Products Director - Australia and New Zealand L3, 2-4 Lyon Park Rd, North Ryde, NSW, 2113 Office: +61 416 008 612 | Fax: +61 2 9887 2511 | Web: www.trendmicro.com.au Did you know that Trend Micro is now running TV commercials in Australia and New Zealand?