Researcher: iPhone Location Data Already Used By Cops
The "news" that iPhones and iPads keep track of where you go has been known in forensic circles for some time
When British programmers Alasdair Allan and Pete Warden took the stage at the Where 2.0 conference to unveil their work on iPhone location tracking, it was clear they had some big news on their hands. The duo outlined what they called "the discovery that your iPhone and 3G iPad [are] regularly recording the position of your device into a hidden file." Their findings started a firestorm of media coverage.
But as the details came to light, one researcher was left scratching his head—because he'd already made the same discovery last year.
Alex Levinson, 21, works at the Rochester Institute of Technology in western New York, and he has been studying forensic computing and working with Katana Forensics, which makes tools for interrogating iOS devices.
In a post on his blog, he explains that the existence of the location database—which tracks the cellphone towers your phone has connected to—has been public in security circles for some time.While it's not widely known, that's not the same as not being known at all.In fact, he has written and presented several papers on the subject and even contributed a chapter on the location data in a book that covers forensic analysis of the iPhone.
(One blogger reviewing the book in January mentioned the cell-tower data and says, "more and more you realize how much information Apple's mobile devices could contain and how valuable this could be for your investigation.")
Ignoring the Obvious
In his post, Levinson takes issue with the claim of "discovery." In fact, he told me by e-mail that Allan and Warden had apparently missed a whole area of existing research conducted by forensic analysts.
"It was a shock to me when this came out labeled as a 'discovery,'" he explains. "I watched the video, and they don't appear to be interested in the forensic side of this, which is honestly where the research lies."
Part of it seems to be a failure of researchers across different disciplines to plug into each others' work. As Levinson put it, "They basically built a bridge without turning to the civil engineers—I'm not the only one familiar with this stuff."
Bad communication among researchers, however, isn't the only culprit. Levinson adds that the press missed the story first time around and now seems more focused on the horror of data storage than the reality (for example, there's no evidence, at least at the moment, that the data are sent back to Apple).
"I do blame the press somewhat for sensationalizing [this] without recourse," he says. "I e-mailed 20 of the top media outlets [that] covered this, linking them to my side—none of them replied, except a famous blogger who cursed me."
Sometimes this is the case with research, and just because it's not new to you, doesn't mean it's not news. Sometimes the people credited with breakthroughs are the ones who have been able to communicate their ideas to the right people. And clearly Allan and Warden's presentation is having a lot of impact, not least because they have released the tools to make the data obvious to users.
Just an Internal Log?
The truth is, there may be more important things to consider than the issue of who discovered what. Levinson's revelations are more important than that, because he explains that the location data are already being put to use. In his blog post he says (my emphasis):
"This hidden file is nether new nor secret. It's just moved. Location services have been available to the Apple device for some time. Understand what this file is—log generated by the various radios and sensors located within the device. This file is utilized by several operations on the device that actually are what make this device pretty 'smart.'
"Through my work with various law enforcement agencies, we've used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices."
That's very interesting. It's not that people in some circles already knew about the location data; in fact, the data are actively being used by law enforcement agencies as part of their investigations. Levinson declined to divulge the names of those agencies but told me he had worked with "multiple state and federal agencies both in the U.S. and internationally."
So when Allan and Warden say, "Don't panic … there's no immediate harm that would seem to come from the availability of this data," you have to ask whether that's the case. No court orders are needed to track your location history via an iPhone, since the devices are relatively open. All the investigator needs is the device itself.
Wednesday, April 27, 2011
Researcher: iPhone Location Data Already Used By Cops - BusinessWeek
via businessweek.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment