No, iPhone location tracking isn’t harmless and here’s why

It didn’t take long for the blogosphere to respond to research presented on Wednesday that detailed a file in Apple iPhones and iPads unknown to the vast majority of its users that stored a long list of their time-stamped locations, sometimes with alarming detail.

On Thursday, a forensics expert who sells software to law enforcement agencies gave a first-hand account why scrutiny of the location-tracking database is crucial. Alex Levinson, a forensics expert specializing in mobile devices, blogged that “geolocational artifacts were one of the single most important forensic vectors found on” the devices. As a result, he wrote a proprietary program called Lantern that law enforcement agencies use to actively examine the contents of the iPhone location database.

Soghoian said Apple had a responsibility to let customers know the type and extent of the information their iPhones and iPads were collecting about them.

“When you get stopped by the police and they arrest you for any crime, they can search your phone and get any data off of it,” he said. “This is definitely something that people should be concerned about and I think what it points to is that Apple isn’t taking privacy seriously.”

Indeed, Alex Levinson, a forensics expert specializing in mobile devices, blogged here that “geolocational artifacts were one of the single most important forensic vectors found on” the devices. As a result, he wrote a proprietary program called Lantern that law enforcement agencies use to actively examine the contents of the iPhone location database.

“Within 24 hours of the iPhone 4′s release, we had updated Lantern to support forensic analysis of iOS 4.0 devices,” he wrote. “Within 36 hours, we had begun writing code to investigate consolidated.db. Once a jailbreak came out for iOS 4, I wrote a small proof of concept application to harvest the contents of consolidated.db and feed it to a server for remote location tracking.”

Levinson also said iPhone location tracking has gone on much longer than indicated by Warden and Allan, who claimed it began with the introduction of Apple’s iOS 4 in late June. In fact, said Levinson, earlier iPhones contained a hidden file called h-cells.plist that contained much of the same baseband radio locations that consolidated.db has now.

“Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices,” wrote Levinson, who is a lead engineer for Katana Forensics. Continue reading…

Related Posts

Humanitarian Free and Open Source Software The Relevance of IT for Humanitarian Response The humanitarian response domain aims to help save lives and alleviate human suffering in responding ...
Apps is the new Web: sowing the seeds for Web 3.0 Billions of downloads. That’s how the success of software platforms is measured today. And while downloads is not a currency (it does not necessarily ...
Top 10 upcoming Android tablets Contrary to popular belief, the iPad 2 isn’t the only tablet computer in the world. Yes, it is rather wonderful, and the game support is staggering, b...
The top 10 best Android games of 2010 The history books will doubtless look back on 2010 as the year the whole Google mobile platform idea really took off. As the year closes out, the qual...
The MeeGo Progress Report: A+ or D-? The end of October saw the release of MeeGo 1.1, the second major milestone release of the platform since it burst onto the scenes in February 2010. T...
The Android Monopoly and how to harness it From an underdog to ubiquitous manufacturer support, the Android platform has come a long way since its introduction in 2008. Almost every single devi...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*