Thursday, April 21, 2011

Researcher: iPhone Location Data Already Used By Cops



When British programmers Alasdair Allen and Pete Warden took the stage at the Where 2.0 conference to unveil their work on iPhone location tracking, it was clear they had some big news on their hands. The duo outlined what they called “the discovery that your iPhone and 3G iPad is regularly recording the position of your device into a hidden file”. Their findings started a firestorm of media coverage.

But as the details came to light, one researcher was left scratching his head — because he’d already made the same discovery last year.

Alex Levinson, 21, works at the Rochester Institute of Technology in upstate New York, and he’s been studying forensic computing and working with Katana Forensics, which makes tools for interrogating iOS devices.

In a post on his blog, he explains that the existence of the location database — which tracks the cellphone towers that your phone has connected to — has been public in security circles for some time. While it’s not widely known, that’s not the same as not being known at all. In fact, he has written and presented several papers on the subject and even contributed a chapter on the location data in a book that covers forensic analysis of the iPhone.

(One blogger reviewing the book in January mentioned the cell tower data and says “more and more you realize how much information Apple’s mobile devices could contain and how valuable this could be for your investigation”).

In his post, it’s clear that Levinson takes issue with the claim of “discovery”. In fact, he told me by email that Allan and Warden had apparently missed out a whole area of existing research conducted by forensic analysts.

“It was a shock to me when this came out labeled as a ‘discovery’,” he explains. “I watched the video and they don’t appear to be interested in the forensic side of this, which is honestly where the research lies.”

Part of it seems to be a failure of researchers across different disciplines to plug into each others’ work. As Levinson put it “they basically built a bridge without turning to the civil engineers — I’m not the only one familiar with this stuff”.

However, it’s not just bad communication among researchers that is to blame. He adds that the press missed the story first time around, and now seems more focussed on the horror of data storage than the reality (there, for example, is no evidence that the data is sent back to Apple at the moment).

“I do blame the press somewhat for sensationalizing them without recourse,” he says. “I emailed 20 of the top media outlets who covered this, linking them to my side — none of them replied, except a famous blogger who cursed me.”

Sometimes this is the case with research, and just because it’s not new to you, doesn’t mean it’s not news. Sometimes the people credited with breakthroughs are the ones who have been able to communicate their ideas to the right people. And clearly Allan and Warden’s presentation is having a lot of impact, not least because they have released the tools to make the data obvious to users.

The truth is that there may be more important things to consider than the issue of who discovered what. Levinson’s revelations are more important than that, because he explains that the location data is already being put to use. In his blog post he says (my emphasis):

    This hidden file is nether new nor secret. It’s just moved. Location services have been available to the Apple device for some time. Understand what this file is — log generated by the various radios and sensors located within the device. This file is utilized by several operations on the device that actually is what makes this device pretty “smart”.

Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices.

That’s very interesting. It’s not that the location data was only already known about in some circles, but it’s actively being used by law enforcement agencies as part of their investigations. Levinson declined to divulge the names of those agencies, but told me that he had worked with “multiple state and federal agencies both in the U.S. and internationally”.

So when Allan and Warden say “Don’t panic… there’s no immediate harm that would seem to come from the availability of this data”, you have to ask whether that’s the case. There are no court orders needed to track your location history via an iPhone, since the devices are relatively open. All the investigator needs is the device itself.



No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...