Visualisation of one user's vulnerable location data recorded by an iPhone
The Apple iPhone and iPad with 3G connectivity constantly record and store location data to a file on the user’s device according to security researchers Pete Warden and Alasdair Allan. The two uncovered the existence of a “secret” file on iOS devices complete with legacy location data and will present their findings later today at Where 2.0 in San Francisco.
The file contains periodic records of latitude and longitude points, along with time references, on iOS 4.0 devices and above. Since the iOS 4 update was first released in June 2010, it’s possible that records may contain location data for up to one year.
The researchers stated in a blog post on O’Reilly Radar that iPhones are,
“regularly recording the position of your device into a hidden file. Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps.”
The “secret” file is then backed-up to users’ computers every time they synchronise their device with iTunes in an unencrypted and freely accessible form. Allan and Warden have also built a simple application, available on GitHub, that helps users visualise their own location data.
“What makes this issue worse is that the file is unencrypted and unprotected, and it’s on any machine you’ve synched with your iOS device. It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you’ve been over the last year, since iOS 4 was released.”
It’s not yet understood why Apple has started to collect this data, although it does appear intentional. The sensitive information is constantly backed-up and even follows users across Apple device migrations like hardware upgrades.
“We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.”
The two researchers have approached Apple with their concerns but as of yet have received no official response. Further information concerning how the file was discovered and the data it contains is discussed by both Allan and Warden in the video below:
How long until the wolf sheds its sheepskin? Fabians are sleepwalking society towards the 'own…
Many people have the intuition that an LLM (Large Language Model, e.g. ChatGPT) doesn't really understand…
ARIA's opportunity space for engineering ecosystem resilience follows a global trend of public and private…
In the U.S., we’re seeing an incredible growth of the healthcare analytics market, with the…
When our loved ones pass on, it can be one of the most traumatic events…
When we hear the word pandemic, our mind is likely to jump to the events…