[liberationtech] iPhones/iPads secretly track 'scary amount' of your movements

Frank Corrigan email at franciscorrigan.com
Fri Apr 22 12:49:09 PDT 2011 

More critical analysis of the original tracking claims has been posted
here:

"Here's hoping Apple's location tracking isn't as big a threat as some
believe. But until those who know for sure speak up (Apple PR, are you
listening?), we think the prudent thing to do is assume it is."
http://www.theregister.co.uk/2011/04/22/apple_iphone_location_tracking_analysis/

No, iPhone location tracking isn't harmless and here's why

Secret Apple database already being tapped by cops

By Dan Goodin in San Francisco b"

Posted in ID, 22nd April 2011 00:51 GMT

Analysis It didn't take long for the blogosphere to pooh pooh research
presented on Wednesday that detailed a file in Apple iPhones and iPads
unknown to the vast majority of its users that stored a long list of
their time-stamped locations, sometimes with alarming detail.

On Thursday, a forensics expert who sells software to law enforcement
agencies gave a first-hand account why scrutiny of the location-tracking
database is crucial. We'll get to that in a moment. But first, let's
take a sampling of the rampant naysaying.

The most common criticism was that the contents of the SQLite file,
which is stored on the phone and on any computer backups, were wildly
imprecise. Blogger and web developer Will Clarke, for instance, used the
researchers' freely available software to map the coordinates gathered
by his own iPhone during a recent round-trip bike tour he took from
Philadelphia to New Jersey. When he compared the results to the actual
route, he found that balmost all the points were way off.b

In an interview with The Reg, he said some of the points on the
resulting map were as much as 3,000 meters, or almost two miles, away
from his true location.

bThe data that is exposed basically reveals which city you were in at a given time,b he concluded in a post that called the research bsensational.b bNothing more specific than that. It can't tell what house you live in, it can't tell what route you jog on, nothing like that.b

He went on to conclude: bApple is not storing the device's location,
it's storing the location of the towers that the device is communicating
with.b

Software analyst David bLeftyb Schlesinger found similar inaccuracies
when he used the database contents of his iPhone to plot a train ride he
took in July from Amsterdam to Den Haag, about 60 kilometers away. He
also found that the iPhone file showed he was in Santa Cruz, California,
on Christmas Day and traveled as much as 80 miles, when in fact he
stayed in the state's Central Valley, some 130 miles away, the entire
day.

Like several other bloggers, he also noted huge inconsistencies in the
time intervals that locations were logged. Sometimes iPhones and iPads
went days without updating the database, and on one occasion went almost
two weeks.

The critics make a valid point that the data stored in the
consolidated.db file hardly contains a historical record of a user's
real-time comings and goings, or a user's every move, as incorrectly
suggested in initial coverage from The Register and many other news
sites. Researchers Pete Warden and Alasdair Allan readily acknowledge
that they have yet to figure out what triggers iDevices to log location
details, but it's not unusual for hours or even weeks to occasionally
pass between entries.

They said they have noted one or two grossly inaccurate locations logged
in the database. One region that seems to regularly pop up in files
stored on multiple phones is an area just outside of Las Vegas. Allan
said the database extracted from his iPhone and the iPhones of several
people he knows logged that Nevada city even though none of the owners
were anywhere near it on the date indicated in the corresponding
timestamp.

Las Vegas also incorrectly showed up on the iPhones of Clarke and a
co-worker of his, suggesting the iOS code that logs locations may be
buggy.

bWe both have the exact same data point in Vegas, and neither of us have been,b he said.

Warden and Allan said their reverse engineering exercise made it
impossible to learn the precise way the logging works, but they insist
the conclusion of their research is still correct: The contents of the
consolidated.db file stored on every iDevice and on any computer
containing a backup of its data contains a bscary amount of detail on
our movements.b

bBy inspecting it, I can tell what part of downtown San Francisco I'm in, I can see that I'm in a particular neighborhood,b Warden said.

Added Allan: bIt's a bit above block level, but it can certainly tell
that I'm in north east Manhattan, or south east Manhattan.b

They said the precise latitude and longitude plotted on a map is
accurate to about 500 meters in areas where there are many cellphone
nodes and as much as 4 kilometers with fewer nodes.

bIt really does seem to be dependent on how good your cell coverage is,b Allan said. bIf you're in a big city like downtown San Francisco, the positioning is going to be much better. If you're in the middle of London, the positioning is going to be much better. If you're in a rural or semi-rural area, your positions are going to be much rougher.b

They also refuted Clarke's assertion that the latitude and longitude
coordinates logged in the database referred to the position of cell
towers rather than the Apple devices themselves. Some of the extracted
databases they examined plotted literally thousands of unique
coordinates in a small part of a single city. It's almost impossible
that there could be that many corresponding nodes in such a confined
area, they said.

What's more, the geographic locations of cell towers is usually kept
secret by the carriers who own them, and there's no clear way an iPhone
would be able to detect its longitude and latitude anyway.

bOur current stance is that this is the position of the device,b Allan said. bThere has to be now or very soon a big public debate about location data and privacy. This (research) might be something that helps kick that debate off.b

Cops already tapping consolidated.db predecessor

Chris Soghoian, a security and privacy researcher with no connection to
Warden and Allan's work, agreed.

bI don't think users had any idea that this information was being collected,b he said. bThe fact that it doesn't detail the exact street corner you were on and merely deals with what neighborhood you were in, I donbt think that's going to be comforting to people.

He compared the the iPhone and iPad's tracking of location information
to the Google Street View debacle, in which roving vehicles throughout
the globe logged unencrypted Wi-Fi traffic and dumped it into a giant
database, contradicting previous assurances from the company. Google
later pledged to destroy the data, which may include passwords and other
sensitive information.

Soghoian said Apple had a responsibility to let customers know the type
and extent of the information their iPhones and iPads were collecting
about them.

bWhen you get stopped by the police and they arrest you for any crime, they can search your phone and get any data off of it,b he said. bThis is definitely something that people should be concerned about and I think what it points to is that Apple isn't taking privacy seriously.b

Indeed, Alex Levinson, a forensics expert specializing in mobile
devices, blogged here that bgeolocational artifacts were one of the
single most important forensic vectors found onb the devices. As a
result, he wrote a proprietary program called Lantern that law
enforcement agencies use to actively examine the contents of the iPhone
location database.

bWithin 24 hours of the iPhone 4's release, we had updated Lantern to support forensic analysis of iOS 4.0 devices,b he wrote. bWithin 36 hours, we had begun writing code to investigate consolidated.db. Once a jailbreak came out for iOS 4, I wrote a small proof of concept application to harvest the contents of consolidated.db and feed it to a server for remote location tracking.b

Levinson also said iPhone location tracking has gone on much longer than
indicated by Warden and Allan, who claimed it began with the
introduction of Apple's iOS 4 in late June. In fact, said Levinson,
earlier iPhones contained a hidden file called h-cells.plist that
contained much of the same baseband radio locations that consolidated.db
has now.

bThrough my work with various law enforcement agencies, we've used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices,b wrote Levinson, who is a lead engineer for Katana Forensics.

Based on Levinson's account, it's hard to put much credence in critics
who cite bugs and a lack of geographic granularity to argue that the
undisclosed tracking of iPhones and iPads is harmless or inconsequential
to its millions of users. Inclusion of the database means that anyone
who ever loses his device risks exposing potentially large amounts of
information about where he was over months or years.

That could be devastating for people embroiled in messy lawsuits or
those whose whereabouts are closely guarded secrets, such as volunteers
who work with victims of abusive spouses.

Of course, none of this speculation would be necessary if Apple would
come clean about exactly how the location tracking it built into its
devices works and what precise information is collected. The company, in
keeping with its Jobsian obsession with privacy, has yet to utter a peep
despite widespread media coverage.

Here's hoping Apple's location tracking isn't as big a threat as some
believe. But until those who know for sure speak up (Apple PR, are you
listening?), we think the prudent thing to do is assume it is.
Frank


----- Original message -----
From: "Rafal Rohozinski" <r.rohozinski at psiphon.ca>
To: "Liberation Technologies" <liberationtech at lists.stanford.edu>
Date: Wed, 20 Apr 2011 22:51:53 -0400
Subject: Re: [liberationtech] iPhones/iPads secretly track 'scary
amount' of    your movements

It's not just iPhones that record vast amount of data that can be easily
geo-located and reconstruct  person's movements,  networks, and personal
 communication - any cell phone going back 15 years stores  data through
log files, message  and SMS traffic that can be reconstructed and
retrieved to create pretty comprehensive profiles of usage and location.
 Devices that do forensic extraction (UFED) are quite widespread and in
use throughout police forces intelligence agencies as well as  most
cellular carriers  around the world. For those of you for whom  this is
a revelation, I'd advise you to take a look at this website of a leading
provider of UFEDs.  There are some interesting videos, and once you're
done,  take a look at where this company has  it's permanent
representatives.

http://www.cellebrite.com/forensic-products/ufed-physical-pro.html

Time for a reality check. Mobile phones are essentially digital dogtags
so if you're concerned about  the ability they have to track your
movements and  communications -  do like Osama, use  exclusively
off-line means through trusted intermediaries.  Otherwise  accepting
that cell phones are  a risk to privacy is just  the flip side of the
convenience that these devices bring.  With or without Apple  networks
are essentially  spiderwebs    -  that's the essence of modern signals
intelligence. 

It's worrisome that there are a lot of myths   among the activist
community about cell phone security. True, you can "drive up the
negatives" and make it  more difficult for a casual actor to scan or 
obtain PII  from your  phone ( so I  I agree with Nathan) -  but if
you're up against  well resourced opponents, most of these tools  plain
ineffective and their very presence on your phone may be more of a
giveaway that  actually makes you more  of a a target of interest.  
Unfortunately security is not a product or something you can buy
shrink-wrapped in code.  Its practice and process  and  ultimately comes
down to the risks you're willing to take in the service of an objective 
or cause.  And if you want to play in the big tent, it's  good
old-fashioned tradecraft and not better toys that make a difference.

Rafal



On Apr 20, 2011, at 5:43 PM, Frank Corrigan wrote:

> 
> I am aware of the general principle of mobile phone tracking, it is just
> that most people assume this data is only accessible via cell tower
> providers or via a court order/lawful request, not recorded on the
> device itself and accessible in an easy to read format to anyone who has
> access and inclination or has impounded it for law enforcement purposes.
> I suppose it's a bit like the Windows IE index.dat files. Now of course
> anyone crossing a USA border can have such devices taken away and such
> location data easily copied for later in-situ analysis.
> 
> Frank
> 
> ----- Original message -----
> From: "Nathan Freitas" <nathan at freitas.net>
> To: "Frank Corrigan" <email at franciscorrigan.com>, "Liberation
> Technologies" <liberationtech at lists.stanford.edu>
> Date: Wed, 20 Apr 2011 16:20:13 -0400
> Subject: Re: [liberationtech] iPhones/iPads secretly track 'scary
> amount' of    your movements
> 
> On 04/20/2011 03:55 PM, Frank Corrigan wrote:
>> More reasons for activists/protesters in hostile (ordinary) environments
>> not to bring along their mobile phone, latest cell connected gizmo.
> 
> ... and return to megaphones, flags, smoke signals, carrier pigeons and
> frantic arm waving instead? If our ordinary environments are truly
> hostile, then either we give up ever using a mobile phone, or we find
> some way to address the problem.
> 
> Don't get me wrong, this latest revelation on mobile privacy is indeed
> scary, and Apple better fess up. I just think we can fix these issues,
> instead of allowing them to be disempowering.
> 
> In this case at least, turning your phone into "airplane mode" would
> have stopped the phone from broadcasting its availability to and
> registering with mobile towers. This would stop the active triangulation
> of your location from being logged into the local iOS database.
> 
> I have an "airplane mode" icon on my Android phone home screen. Anytime
> I am not expecting an important call, or am reachable by another means
> (email, IM, irc), I generally activate it. Not only does it reduce my
> location footprint data trail, but it also saves quite a bit of battery
> life!
> 
> I also like Google's Latitude Dashboard which encourages user to really
> "own it" when it comes to mobile location data tracking. They have a
> really pretty UI, charts, etc, that can show you how many minutes a day
> you spend at home, the gym, work or your local pub. Their point is that
> if government and mobile phone operators already have this data, why
> shouldn't you (the user and human being tracked) also benefit from it?
> 
> https://www.google.com/latitude/history/dashboard
> 
> All in all, we shouldn't cede the advantage technology can bring to the
> movements and causes we care about because developers at Apple and Skype
> (see their recent issue with Android app data permissions) are clearly
> make very bad decisions about how they implement their closed-source
> software.
> 
> Best,
> Nathan
> 
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech

_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily
digest?"

You will need the user name and password you receive from the list
moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the Testlist mailing list