Asiaone News – April 21, 2011
IF YOU use an Apple iPhone or iPad, it is highly possible that you could be tracked almost anywhere in the world – and without your knowledge too.
Two security researchers have discovered a simple way to map out where you’ve been using information from a location cache file found within your iPhone’s backups on your Mac or PC.
Because the files are not encrypted, it brings about serious privacy concerns and opens the door to physical and cyber security threat.
In a published article in Ars Technica, researchers Alasdair Allan and Pete Warden revealed their findings on Wednesday ahead of a conference taking place in San Francisco.
They found out that the iPhone or 3G iPad, or any Apple product with 3G data access, are logging location data to a file called consolidated.db with latitude and longitude coordinates and a timestamp.
This data collection appears to be associated with the launch of iOS 4 last June and what this means is that Apple users have almost a year’s worth of location data collected.
In order to prove their discovery, the two researchers developed an open source application called iPhone Tracker to let anyone with access to the computer of the 3G device’s user to track the locations he or she has been to.
The software managed to track all of the countries they visited while using the iPhone.
Their findings also showed that Apple uses the Global Positioning System (GPS) to track locations and it makes sure that the user is notified every time an app is used to grab a GPS location.
However, that’s not all. Apple also triangulates the location from mobile phone towers and logs that information in order to help get a faster GPS lock.
This method does not go through the “approval” step required from the user when he fires up an app that uses GPS, so users do not get to decide whether their locations are tracked or not.
This tracking technology is not new and mobile companies have been using this information for their own purposes for years.
In the United Staes, regular people cannot access that data and a court order must be obtained.
However, with the method Apple is using, the data can be accessed from any computer which is used to sync the iPhone or iPad, as the information is not encrypted.
This means that anyone can have a detailed picture of your whereabouts but not without having to snoop at your computer.
Security expert Mr Charlie Miller told Ars: “This file is only readable by root. That means that a rogue App Store app won’t be able to read it. Even a bad guy who hacks into your browser won’t be able to read it.”
However, it is still possible for remote hackers to exploit the data and it seems that there is no fix for now, wrote Mr Sam Biddle at Gizmodo.
“The only way to remove it from your computer is to wipe your back up files from your computer. But then you have no back ups to restore your phone in case you lose it.
“And every time you sync your computer, though, it’ll create a new file. And if you do lose your phone, all your tracking data goes with it, right into the hands of whoever found it. And if you upgrade your phone to the next iPhone, the location tracking data goes with it,” said Mr Biddle.