Search Google Appliance

News iPhone app leaves Portland woman 'overexposed'
Author: By Anne Yeager
Posted: April 29, 2010

PORTLAND, Ore. -- A Portland woman thought she could securely send her husband a revealing photo - that ultimately ended up on her boss's desk. She hopes that others will learn from her mistakes after that "risque" picture, sent with the defunct iPhone app Quip, had made its way across the World Wide Web.

"Ashley" used an iPhone app called Quip to send a topless picture to her husband, who was serving overseas.

"I'm young. I wanted to please my husband so he can think of me," Ashley said.

Ashley thought her partially-nude picture would go directly to her husband's iPhone; however, Quip worked a bit differently.

The picture was sent to a Quip server, where it was physically stored and then exposed by a massive security flaw.

With a five-digit code, anyone could view the thousands of pictures stored by the app's administrators.

And figuring out a five-digit code doesn't take a computer wizard, according to Portland State University's Craig Schiller, a computer expert.

Schiller said it just takes someone with a bit of free time.

Last October, 28,000 pictures that had been sent with the Quip application were made public, Schiller said.

Unfortunately, there isn't much that Ashley can do to have the pictures removed, since online content is difficult, sometimes impossible to take down.

"Things that go on the Internet stay on the Internet forever, " said Schiller.

If naked pictures weren't embarassing enough, some malicious users have gone one step further by contacting women in the pictures that were publicized.

Ashley received a message on her Facebook page that said, "'You're so sexy. I sent this picture to all your friends and your bosses,'" she told KGW.

The message's sender wasn't bluffing. Her boss received the picture and called her while she was driving around Portland.

"I started to cry, I couldn't stop it, I was baffled," she said.

Psychologist Tony Farrenkopf said identity theft like this is perpetrated by people who are "angry" or who "want revenge."

"In a way, it's like psychological rape," said Farrenkopf.

These malicious users aren't just posting on Facebook or MySpace.

An underaged girl had naked pictures posted on her Christian high school fanpage.

Ashley said the whole experience had been an eye opener.

"I had no idea that the world was so cold. It was a revelation to me that there are people who don't even know me but would want to hurt me," she said.

KGW contacted the Quip app's creator, who responded with this prepared statement: "I apologize to our users for this security breach. As soon as this post came to our attention, we immediately shut down our servers."

But did they? Schiller noted that the photos became public last October but that the app's administrators had known about the security flaw "for months."

That infuriates people like Ashley.

"I paid money to have my life destroyed," she said.

Apple, which operates the iPhone App Store, did not respond to requests for comment by KGW. And Quip has taken the app's servers offline. But the damage has been done for people like Ashley.         

Protecting your online identity can be as simple as adjusting the settings on your Facebook and MySpac