Goodreader & the iPad

EDIT: please check out my new post, with the real problem identified. This post contains old information that is not correct!

Goodreader is by far the best interface and app for handling different filetypes on the iPad…PDFs, doc files, images, etc. But this morning at the ALA Annual conference I discovered one really scary security issue with it. By default, Goodreader doesn’t require authentication or any warning to connect via Bonjour, and it allows you to browse AND DOWNLOAD any files that are so shared. Sitting in the Conference Center lobby, I was able to connect to two different iPads, view and grab files arbitrarilly, and push files TO the iPads as well.

Goodreader Security issue

Goodreader Security hole

This is INCREDIBLY SCARY. In the first 2 minutes, I saw files that had credit card information, passwords, bank account information, and more.

If you are using Goodreader and are connected to any public wifi point, make sure that you have gone into Settings, Other Settings, and make sure that Ask Permission Before Connecting is ON.


About this entry