Ubuntu for phones

It didn’t take long for the blogosphere to respond to research presented on Wednesday that detailed a file in Apple iPhones and iPads unknown to the vast majority of its users that stored a long list of their time-stamped locations, sometimes with alarming detail.

On Thursday, a forensics expert who sells software to law enforcement agencies gave a first-hand account why scrutiny of the location-tracking database is crucial. Alex Levinson, a forensics expert specializing in mobile devices, blogged that “geolocational artifacts were one of the single most important forensic vectors found on” the devices. As a result, he wrote a proprietary program called Lantern that law enforcement agencies use to actively examine the contents of the iPhone location database.

Soghoian said Apple had a responsibility to let customers know the type and extent of the information their iPhones and iPads were collecting about them.

Related Post:  Who’s watching you?

“When you get stopped by the police and they arrest you for any crime, they can search your phone and get any data off of it,” he said. “This is definitely something that people should be concerned about and I think what it points to is that Apple isn’t taking privacy seriously.”

Indeed, Alex Levinson, a forensics expert specializing in mobile devices, blogged here that “geolocational artifacts were one of the single most important forensic vectors found on” the devices. As a result, he wrote a proprietary program called Lantern that law enforcement agencies use to actively examine the contents of the iPhone location database.

“Within 24 hours of the iPhone 4′s release, we had updated Lantern to support forensic analysis of iOS 4.0 devices,” he wrote. “Within 36 hours, we had begun writing code to investigate consolidated.db. Once a jailbreak came out for iOS 4, I wrote a small proof of concept application to harvest the contents of consolidated.db and feed it to a server for remote location tracking.”

Related Post:  Anti SOPA/PIPA Protest: How it happened and what you can do

Levinson also said iPhone location tracking has gone on much longer than indicated by Warden and Allan, who claimed it began with the introduction of Apple’s iOS 4 in late June. In fact, said Levinson, earlier iPhones contained a hidden file called h-cells.plist that contained much of the same baseband radio locations that consolidated.db has now.

“Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices,” wrote Levinson, who is a lead engineer for Katana Forensics. Continue reading…

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Hola! Did you notice that LinuxBSDos.com no longer runs network ads?  Yep, no more ads from the usual suspects that track you across the Internet.  But since  I still need to pay to keep the site running, feel free to make a small donation by PayPal.

Subscribe for updates. Trust me, no spam!

Mailchimp Signup Form

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event for 2020.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

16 Responses

  1. Baaaaaaaaaah, Wuala got a gift of their life from Snowden. Anyone hosting whatever within US/UK/NZ/AU is just crazy.
    @Gianluca: Did you already notice users migrations? Are you getting more orders?

  2. We have been using the program for about 2 years and have many many problems on every computer ranging from 2 to 3 bluescreen crashes per day on a Windows 7 PC, which only happens when working on an Office 2008 file and writing an email at the same time. Other issues include Read Only files that have to be resaved, loss data due to crashes, folders that can’t be deleted as they just keep coming back, files that disappear out of folders or show 0KB, etc, etc. We also have MACS that have the same problems except for the blue screen crashes. Support is also virtually non-existant. As for privacy, it seems to be secure but that’s about it. Over all I would not recommend Waula for any business or personal use unless you can afford data loss and have a lot of time on your hands to deal with software problems on a daily basis.

    1. We have since switched to Drop Box and have had virtually no problems except for when we were copying the files from Wuala and I’m pretty sure missing files were again caused by Wuala. Good riddance!

  3. @Gianluca no open source client = no trust

    Whatever you will say is useless. Wuala can push at any time an update to “steal” the user’s password if a judge asks for it.

    1. A judge has power to covertly force a software company to sit down and develop code, “push” the update (on a Linux system?) and target one specific user to steal their password and forward it to the judge? Um… no. This is as safe as Spideroak. Spideroak will have to comply with any orders requiring them to turn over data as well… the point is that the data is encrypted and the password never touched their servers, so there’s no way to turn over what they don’t have. As a boss of mine used to say about paper trails, “One cannot audit what there is not.” 🙂

        1. So could the Linux kernel if Linus Torvalds gets hit on the head and turns into Evil Linus. I don’t lie awake at night worrying about that.

    1. Now, in the post-prism era, we just wait to see how quick SpiderOak will be forced to shutdown, like LAvabit or to cooperate 🙁 🙁 🙁

  4. Hey there, this is Gianluca from the Wuala Team. Thanks for your interest in Wuala. Rest assured that there is no backdoor (unless the NSA managed to put one into AES or other cryptographic building blocks, but in that case, your tipp of separate encryption does not help much either). For 99.9% of the users, the thing to worry is malware with keyloggers and weak passwords.

    Best,

    Gianluca (http://wuala.com/en/about/)

    1. OK, nice that the wuala team is monitoring this discussion.
      I would prefer the old rule of the cryptography “popes” who say what makes a safe cryptographic system:
      1)A safe algorithm
      2)code an priciple must be open
      3)you can have plain/encrypted samples
      4)you don’t have the password
      = no attack on your privacy is possible.
      In that sense I would prefer if WUALA would open its code for review by renowned specialists.
      So far I’m not convinced completey of the trustworthyness of the WUALA solution.
      Remember what happened to PGP, when the PGP code was not disclosed anymore by “Network Associates”?
      Brgds, Mike.

      1. Just keep this in mind; do not trust any cloud service to protect your privacy. They are required by law to hand over info on any account on their service, if any govt agent/agency requests for it.

        Also. a govt sometimes succeeds in having them build a backdoor into their application.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter
Mailchimp Signup Form

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.

Categories
Archives

The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.

Anastasia Marchenkova

An invitation from Anastasia Marchenkova

Hya, after stints as a quantum researcher at Georgia Tech Quantum Optics & Quantum Telecom Lab, and the University of Maryland Joint Quantum Institute, I’m now working on superconducting qubit quantum processors at Bleximo. I’ll be speaking during Algorithm Conference in Austin, Texas, July 16 – 18, 2020. Meet me there and let’s chat about progress and hype in quantum computing.