May 6, 2010

A new commercial software program marketed to employers, parents and suspicious spouses lets customers surreptitiously monitor their Apple iPads remotely and view a record of all e-mail and Web use on the devices.

The software-as-a-service is the latest offering from Jacksonville, Fla. based Retina-X Studios, a company whose  Mobile Spy products have long allowed people to remotely spy on iPhones, Blackberries and other smartphones. For $99.97 a year, customers get access to a Web interface that allows them to view a list of every Web site visited, every e-mail sent and received, as well as any contacts added to the iPad.

Mobile Spy pitches the product thusly:

Are your kids viewing pornography while you are alseep? [sic] Are your employees sending company secrets through their personal email? You will have the answers to all these questions answered. Logs are instantly uploaded and viewable inside your control panel.

The company said in a press release that it plans to roll out even more capabilities for its iPadspy product, such as the ability to record the target’s location (by tapping the built-in GPS), and rifle through photos and notes stored on the device.

I haven’t used the service (I don’t even own an iPad, sadly). But these kinds of services are a good reminder about the importance of physical security for your computers and gadgets: In most cases, once an attacker has physical access to a device, it’s game over.

The software only works on jailbroken iPads, as the iPad is not able to run more than one program at a time unless it’s jailbroken.

14 thoughts on “New Software Turns iPad into iSpy

  1. emv x man

    ‘The software only works on jailbroken iPads’… sounds like a great way to turn an iPad into an iBrick!

  2. KFritz

    For readers old enough to remember, I hereby name this the “Robert Culp Ap,” in honor of the recently deceased co-star of “I Spy.”

  3. TheGeezer

    If this only works on ‘jailbroken’ iPads and someone has given you an iPad as a ‘gift’, you might consider taking it to your nearest apple store. Rumor has it that they can detect if it has been ‘jailbroken’ and restore the ‘unbroken’ software.

    1. InfoSec Pro

      Can someone (BK?) verify what Apple’s capabilities and policies on this might be? It would also be interesting to know if they are the same for both iPads and iPhones. I’m interested both as an iPhone owner and also as a CISSP currently evaluating iPhone security for our enterprise.


    2. TheGeezer

      Update: Checked this out at Apple store. They told me no need to bring it in.
      Make sure you have the latest version of iTunes and iTunes will detect a ‘jailbroken’ iPad. Hit ‘restore’ and it will restore your iPad.

      Now, I wouldn’t be surprised if the spy software would have also added code to prevent you from doing this. If this is the case, I’m sure the Apple store can restore the ‘unbroken’ software.

  4. george

    It’s sad a legitimate company decides to produce and market a product to surreptitiously monitor kids or employees. Education is the key to protect them against Internet dangers and not loading spyware on their devices. I predict it won’t be long until security holes will be discovered by badies in those “products” which will allow not only the parents but also various bots to take control of the iPADs provided with secret monitoring software.

    1. Chris Anderson

      I prefer to focus on Brian’s closing thoughts. Once they have physical access…. I’m sure my roommate has fiddled with my gear on more than one occasion. This is a effective, albeit pricey, solution.

  5. Gannon

    “In most cases, once an attacker has physical access to a device, it’s game over.”

    So much for “Trusted Computing” 🙁

  6. Mezzrow

    There are two things that need to be fixed on the iPad, and I’m hoping they will be available when the new version of the OS comes out later this year. One is the very weak 4-digit lock code, essentially your login ID. The other is that there is only the one account. On an iPhone, it’s assumed only one is needed, but with iPad, it’s being passed around among family members.

    I don’t have to share mine, and I don’t take it out of the house (I have an iPhone for that), so these issues don’t affect me. And I’ve never been tempted to jailbreak either one–and most of the security issues on iPhone stem from jailbreaking.

    I don’t have to mention that apparently most porn sites use Flash, which doesn’t work on either one…

    1. Jonathan

      If the iPad has the equivalent of or can use the free iPhone Configuration Utility download from Apple, then you can easily change a setting to require complex passwords in place of the basic 4 digit code. You can also set requirements such as the use of non-alphanumeric characters, minimum length and timed renewals.

      Fwiw, I believe that most porn sites have mobile versions that don’t use Flash.

  7. Joe Mason

    i am planning to buy an iPad since it looks lighter than a regular desknote and i don not use much of the features of a laptop..”

  8. Rob Rachwald

    Meanwhile, they’re having hearings on the Hill since iPads can be used to “bypass archiving”? WTF?

Comments are closed.