June 26th, 2010

iPad + Goodreader = Scary security risk

It’s not often I blog at 8am on a Saturday but this alert about Goodreader on the iPad from Jason Griffey’s discovery at the American Library Association conference is too scary to let pass by.

By default, Goodreader doesn’t require authentication or any warning to connect via Bonjour, and it allows you to browse AND DOWNLOAD any files that are so shared. Sitting in the Conference Center lobby, I was able to connect to two different iPads, view and grab files arbitrarilly, and push files TO the iPads as well.

Thinking about the implications of iPads that may contain cached sensitive medical information or documents with login or other data outside a secure hospital system (how many of us catch up on a little bit of work while at Starbucks?) setting  freaks me out even more. What opportunities are there for medical librarians, hospital IT departments and med students/residents/clinicans to easily share what devices they are using and be aware of the latest security risks and how to resolve them?

Posted at 08 28 AM | 3 Comments » | print this post

Tags: , , ,

3 Responses to “iPad + Goodreader = Scary security risk”

  1. […] This post was Twitted by mdwright […]

  2. […] This post was mentioned on Twitter by Nikki D., Mary-Doug Wright. Mary-Doug Wright said: RT @eagledawg: iPad + Goodreader = Check your wifi settings or scary stuff possible. http://bit.ly/aoR7IV […]

  3. timothy morgan says:

    Definitely unsettling. You’d hope it would be librarians that would be helping to educate people about these risks, but then we have to assume it was librarians who had their unencrypted passwords and financial info in a shared folder for which they never bothered to check the access settings. *Somebody* is going to have to do some education. (And Goodreader had better fix their app.)

    I did some testing with the Lite version on iPhone 3GS… From computer to iPhone: I can’t get or put files unless the Goodreader is specifically waiting for file transfer (you have to be on a certain page in the app) AND I know the network address of the phone (i.e., it doesn’t appear to be advertised through Bonjour) … so it feels somewhat secure, without having changed any of the default settings. (Not that I would ever store sensitive information on it.) Don’t know if the full version, the iPad version, or the mobile-to-mobile interface leads to different results.

Leave a Reply