Thursday, April 21, 2011

Your Apple product is spying on you. Right now. For real.

Yes my friends, from the massive, huge, monstrous "...but am I paranoid -enough-?" file, we have this new story about Apple products remembering exactly where they've been.

Security researchers have discovered that Apple's iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner's computer when the two are synchronised.

The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program.

For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010.

Oh and by the way, its legal.  You said they could.

Apple can legitimately claim that it has permission to collect the data: near the end of the 15,200-word terms and conditions for its iTunes program, used to synchronise with iPhones, iPods and iPads, is an 86-word paragraph about "location-based services".

Call me picky, but one paragraph of abstruse legalese hidden among 15,200 words of same does not seem like sufficient notification for something like this.  I'd be happier with a big red label on the front of the box that says "ATTENTION!!!   WARNING!!!! This device will record your every movement, forever, and you can't delete it!!!"
Warden and Allan have set up a web page which answers questions about the file, and created a simple downloadable application to let Apple users check for themselves what location data the phone is retaining. The Guardian has confirmed that 3G-enabled devices including the iPad also retain the data and copy it to the owner's computer.
Go check that web page out ASAP if you have an Apple iAnything and don't want Steve Jobs to know exactly  where you  you were at 2:10 pm yesterday.
Now, this next article is where we all get to see that we are nowhere near paranoid enough.
The Michigan State Police have a high-tech mobile forensics device that can be used to extract information from cell phones belonging to motorists stopped for minor traffic violations. The American Civil Liberties Union (ACLU) of Michigan last Wednesday demanded that state officials stop stonewalling freedom of information requests for information on the program.

ACLU learned that the police had acquired the cell phone scanning devices and in August 2008 filed an official request for records on the program, including logs of how the devices were used. The state police responded by saying they would provide the information only in return for a payment of $544,680. The ACLU found the charge outrageous.
A US Department of Justice test of the CelleBrite UFED used by Michigan police found the device could grab all of the photos and video off of an iPhone within one-and-a-half minutes. The device works with 3000 different phone models and can even defeat password protections.

"Complete extraction of existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags," a CelleBrite brochure explains regarding the device's capabilities. "The Physical Analyzer allows visualization of both existing and deleted locations on Google Earth. In addition, location information from GPS devices and image geotags can be mapped on Google Maps."

Your TomTom GPS unit remembers where its been too.  I'd wager the police community has known about this iPhone location file for a while now.  They've also known for a while that your car GPS makes an EXCELLENT witness against you in court, as does the OBDII engine management computer in your car.  You can almost do lap time analysis with an OBDII download, it records throttle position, engine speed, braking events, what gear your transmission is in, all kinds of things. 

You may think you have nothing to hide, but against an all-seeing eye that knows where you parked illegally 18 months ago, you probably do.  Your GPS plus your iPhone plus your car's computer and a bit of data minning from customer loyalty cards and such, a reasonably competent data analyst could probably guess if you have a mistress, and what her taste in deserts runs to.

If the cops are going to start vacuuming portable electronics during a routine traffic stop, I'm going to start digging into the best way of blanking a phone and GPS.  Older cars don't have computers.  And as always, cash is king.

Additionally, it occurs to me to wonder if the Kindle ebook reader remembers where its been.  Those things are 3G enabled, they do phone home too.   Hmmmmn.....

1 comment:

WiFi Lunchbox guy said...

3 month update:

A company that forwards cell phone GPS data into the 911 system also does government surveillance on the side. Meet TruePosition.