Police have obtained iPhone, Ipad tracking logs
- Thread starter QueEx
- Start date
How police have obtained iPhone, iPad tracking logs
A peek at location data stored on an iPhone. (Credit: Josh Lowensohn/CNET)
Cnet
by Declan McCullagh
April 21, 2011
Law enforcement agencies have known since at least last year that an iPhone or
iPad surreptitiously records its owner's approximate location, and have used that
geolocation data to aid criminal investigations.
Apple has never publicized the undocumented feature buried deep within the soft-
ware that operates iPhones and iPads, which became the topic of criticism this
week after a researcher at a conference in Santa Clara, Calif., described in detail
how it works. Apple had acknowledged to Congress last year only that "cell tower
and Wi-Fi access point information" is "intermittently" collected and "transmitted
to Apple" every 12 hours.
At least some phones running Google's Android OS also store location information,
Swedish programer Magnus Eriksson told CNET today. And research by another
security analyst suggests that "virtually all Android devices" send some of those
coordinates back to Google.
Among computer forensics specialists, those location logs--which record nearby
cell tower coordinates and time stamps and cannot easily be disabled by someone
who wants to use location services--are not merely an open secret. They've
become a valuable sales pitch when targeting customers in police, military, and
intelligence agencies.
The U.K-based company Forensic Telecommunications Services advertises its iXAM
product as able to "extract GPS location fixes" from an iPhone 3GS including "latitude,
longitude, altitude and time." Its literature boasts: "These are confirmed fixes--they
prove that the device was definitely in that location at that time." Another mobile
forensics company, Cellebrite, brags that its products can pluck out geographical
locations derived from both "Wi-Fi and cell tower" signals, and a third lists Android
devices as able to yield "historical location data" too.
Alex Levinson is the technical lead for a competing company called Katana Forensics,
which sells Lantern 2 software that extracts location information from iOS devices.
"The information on the phone is useful in a forensics context," Levinson told CNET
today. Customers for Lantern 2, he said, include "small-town local police all the way
up to state and federal police, different agencies in the government that have
forensics units."
Research by security analyst Samy Kamkar, a onetime hacker with a colorful past,
indicates an HTC Android phone determined its location every few seconds and
transmitted the data to Google at least a few times an hour, according to a report
in The Wall Street Journal. It said that the Android phone also transmitted the name,
location and signal strength of nearby Wi-Fi networks, as well as a unique identifier
for the phone.
Apple did not respond to a request for comment. Google could not immediately be
reached for comment.
Apple's iOS operating system does not appear to make geolocation logs readily
available to applications, but storing records of an owner's physical meanderings
raises novel security and privacy concerns. Not only is the log stored on the device
itself (a lock code can easily be bypassed by forensics software), but it's typically
backed up on the computer to which it's synchronized.
One concern is the circumstances under which law enforcement can gain access
to location histories. Courts have been split on whether warrants are required to
peruse files on gadgets after an arrest, with police typically arguing that the Fourth
Amendment's prohibition on unusual searches doesn't apply. (The Justice Department
under the Obama administration, in a series of prosecutions including one in Nebraska
involving a crack cocaine dealer, has taken the same position.)
In addition, the U.S. Department of Homeland Security has publicly asserted the right
to copy all data from anyone's electronic devices at the border--even if there's no
suspicion of or evidence for illegal activity. The U.S. Ninth Circuit Court of Appeals
has blessed the practice.
All of this has led to a spike in law enforcement interest in the topic. Micro Systema-
tion, a Swedish firm that announced last year the U.S. government had placed the
largest order in the company's history, offers a course on how to extract "GPS
information" from the "Apple iPhone, iPod Touch and iPad devices." A now-deleted
description of the course, retrieved from Google's cache, says students will "learn
how to acquire data and retrieve GPS location" from iOS devices. O'Reilly Media, too,
offers a two-day workshop on iPhone forensics for the princely sum of $3,500. (Police
get a discount.)
Micro Systemation said in a post on its Web site that this week's news "will come as
a surprise to most iPhone users, as their devices do not give any visual indication that
such data is being recorded." But, the company said with some apparent glee,
they're "no surprise to the developers here at MSAB who have been recovering this
data... for some considerable time."
The U.S. Department of Justice has funded tests of which "mobile device acquisition
tools" are most effective in forcibly extracting information from iPhones. Test results
(PDF) for the iXAM software say it was able to "acquire SIM memory and review
reported location related data." Another evaluation of a competing product called
Mobilyze 1.1 (PDF) said "if the cellular forensic tool supports acquisition of GPS data,
then the tool shall present the user with the longitude and latitude coordinates for all
GPS-related data in a useable format," although neither report appears to have tested
that feature. The U.S. Embassy in Bogota, Colombia, even pays for training for local
counter-narcotics agents to learn about iPhone and BlackBerry forensics.
A book titled iOS Forensic Analysis ($59.99 list) published by Apress in December 2010
elaborates on how the information is stored. Here's an excerpt:
Rep. Ed Markey, the Massachusetts Democrat, today wrote a letter (PDF) to Apple
CEO Steve Jobs posing a series of questions, including whether the company collects
this information from iPhone users and whether the logs can be turned off. Markey
also suggested the practice could violate federal privacy law, 47 USC 222, although
the language only applies to "telecommunications carriers" and not handset makers.
(See related article about Markey pressing wireless carriers for tracking details earlier
this month.)
It's still not entirely clear when Apple added this extensive location logging to the iOS
operating system, except that it did exist in an even less visible location before iOS 4.
An August 2008 analysis of the files suggested that the "cache.plist" file only included
the most recent location. That's also what iPhone hacker-turned-author Jonathan
Zdziarski wrote in his September 2008 book on iPhone forensics, saying it "contains
the last coordinates fixed on by the GPS."
Levinson of Katana Forensics, who previously published information about the location
logs, says the alterations in the database between iOS 3 to iOS 4 strongly suggests
that Apple is intentionally storing the data.
"I don't buy the argument that Apple dropped the ball on the data being there, that
the programmer forgot" to delete old locations, he says.
http://news.cnet.com/8301-31921_3-20056344-281.html
