Saturday, April 23, 2011

Researchers: Police Already Using iPhone Tracking Data

A pair of mobile forensic researchers who independently identified a location tracking system on the iPhone 4 several months before it was publicized by O'Reilly Radar this week say that law enforcement agencies are currently using data from a hidden iOS file called "consolidated.db" in criminal investigations.







Unlimited life Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com




Evidence from the location tracking database stored on iPhones "has been used in actual criminal investigations and yes, it's led to convictions," said Alex Levinson, a Rochester Institute of Technology researcher and technical lead for iOS forensics consultant Katana Forensics.

But Levinson and Christopher Vance, a Marshall University digital forensics specialist, also contend that Apple probably included the technology in its iOS operating system to deliver location-based services like iAds rather than to create dossiers on the whereabouts of iPhone users.

A great deal of buzz has surrounded a Wednesday O'Reilly Radar blog post by researchers Pete Warden and Alasdair Allan that highlighted a hidden file on iOS devices like the iPhone and iPad which includes latitude-longitude coordinates and a timestamp to track where such devices have been geographically and when. (PCMag.com's Sascha Segan recently documented how his iPhone tracked his summer vacation without his knowledge.)

But Warden and Allan apparently weren't the first to discover the file.

Vance told PCMag.com Thursday that he came across the location tracking database shortly after running some forensics software on the iPhone 4 he purchased in the summer of 2010.

"I just happened to get an early release of a forensic product in beta and all of a sudden it pulled out this database," Vance said. He wrote about his discovery in a September 2010 blog post that erroneously stated that GPS data was being stored in the consolidated.db file.

Instead, the database collects location data on iOS devices by tracking connections to cell towers. Vance corrected his earlier post in a February update on his blog.

While he has gone back and forth over Apple's purpose in storing the location tracking data, Vance now says it's likely done to deliver the location-based services that Apple defended in a letter sent to Congress last year.

And the reason Apple uses cell tower connections rather than more precise location tracking data that could be delivered by a built-in GPS?

"If I had to guess, it's probably a matter of OS efficiency," Vance said. "The database is probably there to decrease the amount of time needed to generate GPS information for the location services or iAds built into the apps on iOS. Using assisted GPS is much faster and less of a strain on your battery life."

Vance, who is also a forensics consultant to the West Virginia State Police, said he has checked the consolidated.db file at the request of law enforcement officers but that so far no iPhone's location tracking database he has examined has produced a "smoking gun" that broke open an investigation.

"But it's been helpful," he added. "And that's not to say that we haven't found a 'smoking gun' in our forensics on iPhones or other phones, just not anything directly connected to the [location tracking] database."

The fact that the consolidated.db files have created such an uproar is a bit confusing to Vance and Levinson, who also discovered the database shortly after the iPhone's release in 2010.

(Click "Next" below to learn what mobile device data is invaluable to police in criminal investigations.)

No comments:

Post a Comment