It didn’t take long for the blogosphere to respond to research presented on Wednesday that detailed a file in Apple iPhones and iPads unknown to the vast majority of its users that stored a long list of their time-stamped locations, sometimes with alarming detail.
On Thursday, a forensics expert who sells software to law enforcement agencies gave a first-hand account why scrutiny of the location-tracking database is crucial. Alex Levinson, a forensics expert specializing in mobile devices, blogged that “geolocational artifacts were one of the single most important forensic vectors found on” the devices. As a result, he wrote a proprietary program called Lantern that law enforcement agencies use to actively examine the contents of the iPhone location database.
Soghoian said Apple had a responsibility to let customers know the type and extent of the information their iPhones and iPads were collecting about them.
“When you get stopped by the police and they arrest you for any crime, they can search your phone and get any data off of it,” he said. “This is definitely something that people should be concerned about and I think what it points to is that Apple isn’t taking privacy seriously.”
Indeed, Alex Levinson, a forensics expert specializing in mobile devices, blogged here that “geolocational artifacts were one of the single most important forensic vectors found on” the devices. As a result, he wrote a proprietary program called Lantern that law enforcement agencies use to actively examine the contents of the iPhone location database.
“Within 24 hours of the iPhone 4′s release, we had updated Lantern to support forensic analysis of iOS 4.0 devices,” he wrote. “Within 36 hours, we had begun writing code to investigate consolidated.db. Once a jailbreak came out for iOS 4, I wrote a small proof of concept application to harvest the contents of consolidated.db and feed it to a server for remote location tracking.”
Levinson also said iPhone location tracking has gone on much longer than indicated by Warden and Allan, who claimed it began with the introduction of Apple’s iOS 4 in late June. In fact, said Levinson, earlier iPhones contained a hidden file called h-cells.plist that contained much of the same baseband radio locations that consolidated.db has now.
“Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices,” wrote Levinson, who is a lead engineer for Katana Forensics. Continue reading…
16 Responses
With Wuala i lose 700 GB
http://www.swisscastles.ch/wuala
Baaaaaaaaaah, Wuala got a gift of their life from Snowden. Anyone hosting whatever within US/UK/NZ/AU is just crazy.
@Gianluca: Did you already notice users migrations? Are you getting more orders?
Canada?
Nopes, Cyprus
We have been using the program for about 2 years and have many many problems on every computer ranging from 2 to 3 bluescreen crashes per day on a Windows 7 PC, which only happens when working on an Office 2008 file and writing an email at the same time. Other issues include Read Only files that have to be resaved, loss data due to crashes, folders that can’t be deleted as they just keep coming back, files that disappear out of folders or show 0KB, etc, etc. We also have MACS that have the same problems except for the blue screen crashes. Support is also virtually non-existant. As for privacy, it seems to be secure but that’s about it. Over all I would not recommend Waula for any business or personal use unless you can afford data loss and have a lot of time on your hands to deal with software problems on a daily basis.
We have since switched to Drop Box and have had virtually no problems except for when we were copying the files from Wuala and I’m pretty sure missing files were again caused by Wuala. Good riddance!
@Gianluca no open source client = no trust
Whatever you will say is useless. Wuala can push at any time an update to “steal” the user’s password if a judge asks for it.
A judge has power to covertly force a software company to sit down and develop code, “push” the update (on a Linux system?) and target one specific user to steal their password and forward it to the judge? Um… no. This is as safe as Spideroak. Spideroak will have to comply with any orders requiring them to turn over data as well… the point is that the data is encrypted and the password never touched their servers, so there’s no way to turn over what they don’t have. As a boss of mine used to say about paper trails, “One cannot audit what there is not.” 🙂
But the client could easily be updated (and the terms of service, too) to capture passwords, without informing anybody.
So could the Linux kernel if Linus Torvalds gets hit on the head and turns into Evil Linus. I don’t lie awake at night worrying about that.
Hi!
The only provider I really trust in terms of security is Spideroak. They have pretty much centered their whole business model around that issue. If you like you can listen to my interview with Spideroak CEO Ethan Oberman:
http://www.cloudbackuping.com/interview-with-spideroak-ceo-ethan-oberman/
Now, in the post-prism era, we just wait to see how quick SpiderOak will be forced to shutdown, like LAvabit or to cooperate 🙁 🙁 🙁
Hey there, this is Gianluca from the Wuala Team. Thanks for your interest in Wuala. Rest assured that there is no backdoor (unless the NSA managed to put one into AES or other cryptographic building blocks, but in that case, your tipp of separate encryption does not help much either). For 99.9% of the users, the thing to worry is malware with keyloggers and weak passwords.
Best,
Gianluca (http://wuala.com/en/about/)
OK, nice that the wuala team is monitoring this discussion.
I would prefer the old rule of the cryptography “popes” who say what makes a safe cryptographic system:
1)A safe algorithm
2)code an priciple must be open
3)you can have plain/encrypted samples
4)you don’t have the password
= no attack on your privacy is possible.
In that sense I would prefer if WUALA would open its code for review by renowned specialists.
So far I’m not convinced completey of the trustworthyness of the WUALA solution.
Remember what happened to PGP, when the PGP code was not disclosed anymore by “Network Associates”?
Brgds, Mike.
Just keep this in mind; do not trust any cloud service to protect your privacy. They are required by law to hand over info on any account on their service, if any govt agent/agency requests for it.
Also. a govt sometimes succeeds in having them build a backdoor into their application.
That applies for the majority of Cloud Storage providers. However, not for Wuala.
More details by blog posts from Wuala’s CTO:
http://wuala.com/blog/2012/02/court-rules-you-cannot-be-compelled-to.html
and
http://wuala.com/blog/2011/12/patriot-act-and-cloud-storage.html
Best,
Gianluca