Visualisation of one user's vulnerable location data recorded by an iPhone
The Apple iPhone and iPad with 3G connectivity constantly record and store location data to a file on the user’s device according to security researchers Pete Warden and Alasdair Allan. The two uncovered the existence of a “secret” file on iOS devices complete with legacy location data and will present their findings later today at Where 2.0 in San Francisco.
The file contains periodic records of latitude and longitude points, along with time references, on iOS 4.0 devices and above. Since the iOS 4 update was first released in June 2010, it’s possible that records may contain location data for up to one year.
The researchers stated in a blog post on O’Reilly Radar that iPhones are,
“regularly recording the position of your device into a hidden file. Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps.”
The “secret” file is then backed-up to users’ computers every time they synchronise their device with iTunes in an unencrypted and freely accessible form. Allan and Warden have also built a simple application, available on GitHub, that helps users visualise their own location data.
“What makes this issue worse is that the file is unencrypted and unprotected, and it’s on any machine you’ve synched with your iOS device. It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you’ve been over the last year, since iOS 4 was released.”
It’s not yet understood why Apple has started to collect this data, although it does appear intentional. The sensitive information is constantly backed-up and even follows users across Apple device migrations like hardware upgrades.
“We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.”
The two researchers have approached Apple with their concerns but as of yet have received no official response. Further information concerning how the file was discovered and the data it contains is discussed by both Allan and Warden in the video below:
Despite lagging behind global space powers like the United States, Russia and China, the United…
The Intelligence Community is setting up a one-stop shop, icdata.gov, to buy access to your…
The vibrant world of tech startups has found a space carved out for growth and…
Despite the recent volatility seen in the markets, American Electric Power (AEP), one of the…
The ever-present threat of cybercrime is expected to come with an eye-watering price tag of…
Latin America's cloud adoption is surging. According to recent reports by Gartner and IDC, by…