iKnowwhatyoudidlastsummer

iPhones know where they are, so they probably know where you are, and these data have been captured and maintained by the Apple devices and have been used by police in geoForensic investigations. Crushing civil liberties? There’s an app for that!

Apple came to international attention in 1984 when the upstart computer company bought Superbowl Halftime ad space to show how they could destroy Big Brother. I’m not sure who Big Brother was at the time (it may have been a combination of IBM and Microsoft) but this was a direct reference to Orwell’s book “Nineteen Eighty-Four”.

Ironically, or perhaps expectedly, there is little in the computer world more Orwellian than a widely used and much loved hand held device being distributed widely and lovingly, which secretly keeps track of your location, and secretly storing those data where they could later become available to The State. I wonder what else they are keeping track of? I wonder if we know where all the copies of these data are stored?

The Linux-based Android system also collects these data but does not send it to Big Brother unless you tell it to.

Following is a summary of recent posts and news reports on this and closely related topics to give you an idea of the nature and magnitude of this problem.

How People Broadcast Their Locations Without Meaning To: Smart phones include geotagging features that many people aren’t aware of.

People were up in arms this week about the privacy implications of news that the iPhone gathers location information and stores it in a file on the user’s computer. But experts say that smart-phone owners are unknowingly taking a much bigger risk with information about where they go all day. During a presentation at the computer security conference Source Boston, Ben Jackson of Mayhemic Labs and Larry Pesce, a senior security consultant with NWN, described the way photos taken by many phones are routinely encoded with latitude and longitude tags. When users post those photos online through services such as TwitPic, they often expose much more personal data than they realize.

“It is definitely true that folks don’t [understand] the risk,” says Jackson. …

iPhone keeps record of everywhere you go: Privacy fears raised as researchers reveal file on iPhone that stores location coordinates and timestamps of owner’s movements

Security researchers have discovered that Apple’s iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner’s computer when the two are synchronised.

The file contains the latitude and longitude of the phone’s recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner’s movements using a simple program….


3 Major Issues with the Latest iPhone Tracking “Discovery”

Today, two researchers for O’Reilly media published an article claiming discovery of a hidden tracking system on the iOS 4 operating system. Using simple techniques, Alasdair Allan and Pete Warden extracted data off of an iOS version 4 device and wrote an open source software utility to effectively graph this data onto a map. As a fellow researcher, I champion their creativity and their development. As an expert in this field, I have three points of argument to raise….

(In the above article, the writer seems to make the claim that it is not as bad as everyone says because some people knew about this months ago.)

How police have obtained iPhone, iPad tracking logs

Law enforcement agencies have known since at least last year that an iPhone or iPad surreptitiously records its owner’s approximate location, and have used that geolocation data to aid criminal investigations.

Apple has never publicized the undocumented feature buried deep within the software that operates iPhones and iPads, which became the topic of criticism this week after a researcher at a conference in Santa Clara, Calif., described in detail how it works. Apple had acknowledged to Congress last year only that “cell tower and Wi-Fi access point information” is “intermittently” collected and “transmitted to Apple” every 12 hours. …

How to See the Secret Tracking Data in Your iPhone: Your iPhone is tracking your every move. We take a look and tell you what you can do about it.

Coverage of the iPhone tracking “feature” has ranged from concern to outrage. “I don’t know about you, but the fact that this feature exists on an iPhone is a deal-killer,” wrote PCMag Columnist John Dvorak, shortly after news broke. PCMag Executive Editor Dan Costa drew a softer line, writing, “Apple may not be actively tracking you, but it did turn your phone into a tracking device without telling you.”

As frustrating as it is to learn that your iPhone has been spying on you, collecting an unencrypted treasure trove of your travels, the truth is we knew this was happening. Last June we reported that Apple updated its privacy policy, stating that it could, “collect, use, and share precise location data, including real-time geographic location of your Apple computer or device.”…

It’s not just the iPhone, Android stores your location data too

…The file is only accessible on devices that have been rooted and opened up to installation of unsigned apps. This is similar to the way that the iPhone used to store the data before it was made available to developers using the iPhone’s background API for location sharing.

Now however, the iPhone data is exposed to casual access using an application called iPhone Location Tracker that is similar in intent to the app that Eriksson has created for Android phones….

Weaponizing GPS Tracking Devices: Researcher demonstrates how he was able to easily turn Zoombak personal GPS devices against their owners

Those low-cost embedded tracking devices in your smartphone or those personal GPS devices that track the whereabouts of your children, car, pet, or shipment can easily be intercepted by hackers, who can then pinpoint their whereabouts, impersonate them, and spoof their physical location, a researcher has discovered.

Security researcher Don Bailey at SOURCE Boston today disclosed the newest phase of his research on the lack of security in embedded devices, demonstrating how he is able to hack vendor Zoombak’s personal GPS locator devices in order to find, target, and impersonate the user or equipment rigged with these consumer-focused devices.

A letter from Al Franken to Steve Jobs (PDF)

Comments

  1. #1 daedalus2u
    April 23, 2011

    If it collects wifi data, does that mean that every wifi device in range is located at every tracking point?

    That means that once there is overlapping coverage, every single wifi device within that overlapping coverage is located.

    With that data base you could track anyone and everyone that has any wifi device, even people without an iPhone or iPad.

    It isn’t just spying on you, it is spying on everyone around you.

  2. #2 Lassi Hippeläinen
    April 23, 2011

    @1: That is technically feasible, but there is one important difference. The iPhone knows the identity of its owner, but it doesn’t know whom all those WLAN devices belong to, because there is no global database of MACs. It’s only pseudonomous tracking.

    But in the long run even pseudonomous tracking will collect enough information to identify the person.

  3. #3 Ken
    April 23, 2011

    Nothing terribly new here, I’m just glad it has made the mass media with a big splash. Cell phone companies have been tracking cell phones since the first cell phone. That’s how cell technology works. The cell company MUST track the phone so it knows where to send incoming calls to.

    The accuracy of tracking via only cell towers increased enough over the years that the government required cell companies to use updated equipment so calls could be triangulated better from multiple towers (for emergency response).

    10 years ago the phone companies swore on a stack of their quarterly reports that they didn’t store this information for any “reasonable” length of time due to the large amount of data and cost of storage. Today?

    If you don’t want to be tracked in today’s world, it’s not an easy thing to accomplish. You can start by turning off your cell phone, taking the battery out, wrapping the phone tightly in aluminum foil, then putting it in a mylar bag. Or, I suppose, you could just drop it in the river and walk away.

  4. #4 daedaalus2u
    April 23, 2011

    Lassi #2, as I understand it, the “long run” you mention is a oouple of days. It has already happened.

  5. #5 Rick
    April 23, 2011

    The Android phone may not track you…Or it may.

    The data is extremely interesting to Google.

  6. #6 gwen
    April 23, 2011

    I love, Love, LOVE my iPhone. I have disabled the tracking on my phone, as much as it allows me to. I don’t really go anywhere that needs to be reported to the feds, as long as I don’t ‘go missing’ as a victim of a crime. Having a years worth of my travel IS a bit disconcerting though…

  7. #7 Lassi Hippeläinen
    April 24, 2011

    daedaalus2u #4: The “long run” depends on what other sources of information are available for the party that has the MAC location records. Some example cases:

    * Your phone operator knows your location. If they see a laptop MAC moving the same route as your phone, your laptop is associated with you in seconds.

    * You use your laptop in a popular cafe. Another visitor doesn’t know which customer you are, unless you meet several times.

    * Your writings to blogs can contain information that locates your movements. May take months.

    It all depends on your threat model. If someone tries to find out your MAC, they can send a tail who gets close to you in a known location. Can happen in less than a day, and doesn’t require an iPhone. It can even be done automatically with a WLAN base station and a camera.

    But luckily in most laptops you can change your MAC for fun and profit…

  8. #8 daedalus2u
    April 24, 2011

    Lassi, if all you had was the data from one or a few iPhones, you are right. But if you have the data from millions of iPhones, you can correlate them. Throw in public data on addresses and you can identify just about everyone. Once you identify someone, where they were during the period you have data on becomes an open book.

    I wonder how much $$$ Apple got and is getting from the US government to track everyone?

    Why they are doing it with unencrypted files is curious, it is almost as if they want to be caught. If the files were encrypted, what they did would have remained obscure. Was Apple compelled to do this by the Bush administration? How much of the iPhone development cost was covered by the US government? How much subsidy is Apple getting to expand market share?

    As I remember, Google got into a lot of trouble when they were mapping wifi locations in Europe because they recorded stuff. Are people with iPhones who travel in Europe going to get into the same trouble as Google got into? They are doing much the same thing, just on a smaller scale.

  9. #9 johnm55
    April 24, 2011

    Crushing civil liberties? There’s an app for that!

    I shall be sticking with my Palm Treo 650 for a while yet. As far as I know the only app on it that tracks anything is the one I use to keep track of my blood glucose.

  10. #10 daedalus2u
    April 24, 2011

    On the other hand, isn’t the iPhone assembled in China? Maybe this ap is for the Chinese government. They want to track everyone as a condition of being able to sell iPhones in China.

Current ye@r *