No, iPhone location tracking isn’t harmless and here’s why

It didn’t take long for the blogosphere to respond to research presented on Wednesday that detailed a file in Apple iPhones and iPads unknown to the vast majority of its users that stored a long list of their time-stamped locations, sometimes with alarming detail.

On Thursday, a forensics expert who sells software to law enforcement agencies gave a first-hand account why scrutiny of the location-tracking database is crucial. Alex Levinson, a forensics expert specializing in mobile devices, blogged that “geolocational artifacts were one of the single most important forensic vectors found on” the devices. As a result, he wrote a proprietary program called Lantern that law enforcement agencies use to actively examine the contents of the iPhone location database.

Soghoian said Apple had a responsibility to let customers know the type and extent of the information their iPhones and iPads were collecting about them.

“When you get stopped by the police and they arrest you for any crime, they can search your phone and get any data off of it,” he said. “This is definitely something that people should be concerned about and I think what it points to is that Apple isn’t taking privacy seriously.”

Indeed, Alex Levinson, a forensics expert specializing in mobile devices, blogged here that “geolocational artifacts were one of the single most important forensic vectors found on” the devices. As a result, he wrote a proprietary program called Lantern that law enforcement agencies use to actively examine the contents of the iPhone location database.

“Within 24 hours of the iPhone 4′s release, we had updated Lantern to support forensic analysis of iOS 4.0 devices,” he wrote. “Within 36 hours, we had begun writing code to investigate consolidated.db. Once a jailbreak came out for iOS 4, I wrote a small proof of concept application to harvest the contents of consolidated.db and feed it to a server for remote location tracking.”

Levinson also said iPhone location tracking has gone on much longer than indicated by Warden and Allan, who claimed it began with the introduction of Apple’s iOS 4 in late June. In fact, said Levinson, earlier iPhones contained a hidden file called h-cells.plist that contained much of the same baseband radio locations that consolidated.db has now.

“Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices,” wrote Levinson, who is a lead engineer for Katana Forensics. Continue reading…

Related Posts

Humanitarian Free and Open Source Software The Relevance of IT for Humanitarian Response The humanitarian response domain aims to help save lives and alleviate human suffering in responding ...
FSF position on GPLv2 & current App Store terms This was written by Brett smith on the VLC development mailing list. Brett is the Licensing Compliance Engineer with the Free Software Foundation: Sal...
Benefits of the MeeGo Software Platform The MeeGo open source project is unique in that it offers benefits to everyone in the ecosystem starting from the developer all the way up to the oper...
Tracking Protection Lists: A privacy enhancing technology that complements Do Not Track Yesterday, Microsoft released version 9 of Internet Explorer, which includes two significant new privacy features: Tracking Protection Lists (TPLs) an...
The Next Net The moment the "net neutrality" debate began was the moment the net neutrality debate was lost. For once the fate of a network - its fairness, its ru...
Android Open Accessories Android’s USB port has in the past been curiously inaccessible to programmers. Last week at Google I/O we announced the Android Open Accessory APIs fo...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*