Commentary

No, iPhone location tracking isn’t harmless and here’s why

It didn’t take long for the blogosphere to respond to research presented on Wednesday that detailed a file in Apple iPhones and iPads unknown to the vast majority of its users that stored a long list of their time-stamped locations, sometimes with alarming detail.

On Thursday, a forensics expert who sells software to law enforcement agencies gave a first-hand account why scrutiny of the location-tracking database is crucial. Alex Levinson, a forensics expert specializing in mobile devices, blogged that “geolocational artifacts were one of the single most important forensic vectors found on” the devices. As a result, he wrote a proprietary program called Lantern that law enforcement agencies use to actively examine the contents of the iPhone location database.

Soghoian said Apple had a responsibility to let customers know the type and extent of the information their iPhones and iPads were collecting about them.

“When you get stopped by the police and they arrest you for any crime, they can search your phone and get any data off of it,” he said. “This is definitely something that people should be concerned about and I think what it points to is that Apple isn’t taking privacy seriously.”

Indeed, Alex Levinson, a forensics expert specializing in mobile devices, blogged here that “geolocational artifacts were one of the single most important forensic vectors found on” the devices. As a result, he wrote a proprietary program called Lantern that law enforcement agencies use to actively examine the contents of the iPhone location database.

“Within 24 hours of the iPhone 4′s release, we had updated Lantern to support forensic analysis of iOS 4.0 devices,” he wrote. “Within 36 hours, we had begun writing code to investigate consolidated.db. Once a jailbreak came out for iOS 4, I wrote a small proof of concept application to harvest the contents of consolidated.db and feed it to a server for remote location tracking.”

Levinson also said iPhone location tracking has gone on much longer than indicated by Warden and Allan, who claimed it began with the introduction of Apple’s iOS 4 in late June. In fact, said Levinson, earlier iPhones contained a hidden file called h-cells.plist that contained much of the same baseband radio locations that consolidated.db has now.

“Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices,” wrote Levinson, who is a lead engineer for Katana Forensics. Continue reading…

Related Posts

EU laws already protect the open Internet: let’s enforce them now to stop the rise o... There’s a sign in a street near the Skype office which reads: I can’t understand why people are afraid of new ideas. I’m frightened of the old ones. ...
Proposal Suggests Browsers Should Block Users From BitTorrent Sites As the United States heads off firmly down the domain seizures route, other countries around the world are also considering how best to deal with the ...
The Internet Society on the Wikileaks issue Recently, we have witnessed the effective disappearance from the Internet of a website made infamous through international press coverage and politica...
Be Confident Storing Information in the Cloud Over the past few years, information explosion has inhibited organizations’ ability to effectively secure, manage and recover data. This complexity is...
Mozilla Leads the Way on Do Not Track Earlier today, Mozilla announced plans to incorporate a Do Not Track feature into their next browser release, Firefox 4.1. Google also announced a new...
Does disk encryption really protect your data from unauthorized access? Disk encryption is one of several physical security measures that could be used to protect data on your computer from unauthorized physical access. An...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*