Security researchers have discovered a hidden iPhone feature that secretly tracks and saves the meanderings of the phone – and presumably its owner. 

The tracking feature was described in a presentation at the Where 2.0 Conference in San Francisco on Wednesday. According to the researchers, Pete Warden, founder of Data Science Toolkit and Alasdair Allan a researcher at Exeter University in the UK, the tracking feature records the phone’s movements, including what cell phone towers and Wifi hotspots it connects to, when and where. While that information isn’t shared with Apple, it is retained even when iPhone users update their hardware, suggesting that Apple had plans to use the data at a later time.

Apple did not immediately respond to requests for comment on the hidden feature.

According to Allan, the feature was discovered by accident while researching what data was retained on the iPhone.

“I started poking around in the backups on the Mac and stumbled on a directory called LocationD,” he said in a O’Reilly Media video chat about the tracking feature. Inside that directory, Allan found something called “consolidated.db,” a SQL log file containing latitudes, longitudes and cell phone IDs.

Backup data isn’t stored in clear text, but can be parsed using a so-called manifest file. After Allan and Warden unpacked the data stored in consolidated.db, they found it contained a year’s worth of data showing every cell tower Allan’s phone connected to since the phone was upgraded to iOS 4. An analysis of Warden’s backups found an identical file stored for his phone, also.

The file, which is common to iOS 4 devices, appears to have been stored locally, only, not shared back to Apple’s servers. However, it is retained even when the iPhone hardware is upgraded.

“My original iOS device was a 3GS and since then I’ve been through two iPhone 4s since then, and this data set persists,” Allan noted. That data was significant: on average 100 data points a day.

The researchers also found that the file contained 220,000 wireless data points with time stamps, the Wifi Mac address and approximate latitude and longitudes of the Wifi access points – those those readings are notoriously unreliable for access points. 

It is unclear what Apple intended to do with the file, but other data is being tracked also, including when the user activated the phone’s GPS or compass applications. Recording, for example, every time the phone’s user was “lost,” Warden hypothesized. The phones are also storing geofencing data, an as-yet little used feature that allows phones to receive alerts and notifications when entering or leaving defined geographic areas.

The two researchers developed a free application that runs on devices using Apple’s Mac OSX operating system that will plot the data from the file on a map, giving iPhone users a graphical rendering of their movements since upgrading to iOS4.

Geolocation data of the type that the file stores has long been accessible to law enforcement, however, a warrant was needed to get cell phone providers to disclose it. The danger of iPhone holding the data is that it is accessible to any user and contains a much deeper well of geolocation data, including access to WiFi hotspots that the phone has been in range of since upgrading, the researchers noted. 

A video of Warden and Allan discussing their discovery is below, courtesy of O’Reilly and Where 2.0. The two have also published a FAQ that provides more details on the discovery and its implications.

Categories: Social Engineering, Web Security

Comments (4)

  1. X
    2

    Oh Steve Jobs, and Apple desings… are SO inspiring!! So brilliant! We all love you! (can be we so stupid, even now. People WAKE UP!!)

  2. eric wolbrom
    3

    Not only is this not new information but in fact the entire tech community (not just the InfoSec part of it) has known about this since the the iPhone 3G.

    The “researchers”  that seem to have “discovered” this issue must have some GREAT PR people to get on CNN and som many news stories.

    I guess if you mention Apple and a “security” issue it is BIG news…

  3. eric wolbrom
    4

     

    Not only is this not new information but in fact the entire tech community (not just the InfoSec part of it) has known about this since the the iPhone 3G.

    The “researchers”  that seem to have “discovered” this issue must have some GREAT PR people to get on CNN and som many news stories.

    I guess if you mention Apple and a “security” issue it is BIG news…

     

Comments are closed.