A Six Year Old's Win Against iPhone Privacy

Remember the privacy-related wailing and breast-beating surrounding the FBI’s attempts to crack open the locked iPhone belonging to the San Bernardino terrorist suspect? It tried to lean on Apple with no success, and finally, after weeks of using all sorts of super-secret, government-level tricks and tools, they finally got in (“The swine!” some would shout). So judging by these trials and tribulations, getting past an iPhone lock screen is no child’s play.

Or is it?

An Arkansas woman found out the hard way that kids can be more of a privacy threat than our national intelligence services when she awoke from a well-deserved nap one day.  

I picture her groggily stretching and reaching out for her phone to see what, if anything, had transpired while she was recharging. But she was suddenly wide awake, jaw tightening into a action-movie grimace as she saw not one, not five, not 10, but 13 notifications from Amazon confirming orders of Pokémon items. Grand total? $250. Next step? Pull up the holo-diagram to trace the cyber-fiend’s steps. Objective? Find out who compromised her identity, Mission Impossible-style.

Okay, fine, it didn’t happen quite like that, but Bethany Powell of Little Rock, Ark. did find confirmation emails from Amazon for $250 in Pokemon purchases that she didn’t make the day after the nap. At first she thought she was a victim of a cybercrime, but her six-year-old daughter Ashlynd pulled a tell-tale heart move and soon came clean. Ashlynd revealed that she’d used her sleeping mother’s thumbprint to unlock her iPhone and log in to Amazon to make the orders.

It all started innocently enough with family movie night.

“We laid there and two minutes into the movie I fell asleep because I was wiped out,” Powell told Daily Mail Online. “On this occasion, my phone was sitting on the coffee table next to the couch. Ashlynd picked it up and used my thumb to open the phone.”

Powell explained that even at the tender age of 6, her daughter knew her way around the smartphone block since she already was allowed to use apps like YouTube and Netflix.

But, Powell said, she had clearly acquired covert knowledge. “I didn’t know she knew what Amazon was,” she said.

As ever with such masterminds, we never know exactly what they know. And sure, this kind of insidious insider threat requires physical access to the owner to work. The moral of the story is this: It pays to be hypervigilant against what might be lurking inside your home. And never, ever assume the little ones can’t or won’t game the system. Clearly they’re worse than the NSA when it comes to getting past biometric protections.

Also I’ll offer a little food for thought as regards mitigation: There’s a whole market here for special privacy gloves to ward off the tiny tots of terror. Maybe Amazon can stock them.

Photo © wawritto/Shutterstock.com

What’s Hot on Infosecurity Magazine?