If you are are owner of an iPhone or a 3G iPad, you’ll probably want to know that your location – along with a timestamp – is at all times recorded by the device and stored into a file called “consolidated.db,” which is then copied on the computer to which you synchronize the device.
The file and its contents were discovered by Alasdair Allan and Pete Warden, two researchers that were collaborating on some data visualization projects and were curious whether they could do a visualization of mobile data.
During their search for it, they discovered the aforementioned file and analyzed it. It turns out that the data it contained allowed them to make a rather detailed visualization of how the phone – or rather his owner – moved about during a great period of time.
The file containing the data is found only on the device and on the computer with which it is synchronized, and there is no evidence that Apple is syphoning the data remotely. But why is this information collected and stored in the first place?
The researchers that it’s unclear, but that their best guess is that Apple has some new features in mind for the future, and that they will be needing the data to work properly. “The fact that it’s transferred across devices when you restore or migrate is evidence the data-gathering isn’t accidental,” they commented.
But the biggest problem at the moment is that this file and its counterpart on the computer are not encrypted and are, thus, easily readable by third parties. “By passively logging your location without your permission, Apple have made it possible for anyone – from a jealous spouse to a private investigator – to get a detailed picture of your movements,” they said. And that’s without needing a court order.
According to their research, the data begun to be collected and stored in June 2010, with the release of iOS 4. The researchers said they contacted Apple’s Product Security team to ask them about the collected data, but received no response so far.
In the meantime, they developed an
open source application that maps the information present in the file on the mobile device or on the computer. In order to demonstrate their point, but foil potential snoopers, they artificially reduced the spacial and temporal accuracy of the data.
“You can only animate week-by-week even though the data is timed to the second, and if you zoom in you?ll see the points are constrained to a grid, so your exact location is not revealed. The underlying database has no such constraints, unfortunately.”
Related Posts
- Apple leaves iPad vulnerable after monster iPhone patch job
As part of Monday's iOS 4 upgrade, Apple patched a record 65 vulnerabilities in the iPhone, more than half of them critical. But Apple's iPad isn't slated to get the iOS 4 update until this fall.
V... - Actually, iPhone sends your location to Apple twice a day
Forensic researcher Alex Levinson has discovered a way to map out where an iPhone has been. The information comes from a location cache file found on an iPhone (Library/Caches/locationd/consolidated.d... - How to hack iPhone password in just 6 minutes?
Lost your iPhone? Got it password protected? It may not be enough to stop hackers. Researchers in Germany have discovered a way to get inside the iPhone in just six minutes--without using a password... - Apple iPhone bug – on-time to the party, late for work?
Did you have trouble getting up on New Year's Morning?
Seems that Apple iPhone users did, even if they hadn't been out partying the night before, when a bug in iPhone's clock software prevented the a... - Apple pushes iOS 4.0.2 update for iPhone and iPod touch
Apple has updated the iOS on iPhones and iPods through its iTunes service to fix two vulnerabilities, including the widely discussed .pdf security problem that made headlines earlier this month.That h... - Apple plugs critical iPhone jailbreak holes
Apple today patched the two vulnerabilities used to jailbreak Apple's newest iOS 4 operating system, bugs that security researchers warned could be used to hijack iPhones, iPod Touches or iPads.
Vi... - Germans sound iPhone attack alarm as Apple claims fix ready
Amid a warning by German authorities of possible malicious use of a critical iPhone exploit, Apple said it has a fix ready and will deliver it in the next smartphone update.
View full post on Compu... - Security Exploit Can Give Hackers Control of Your iPhone or iPad [WARNING] (Mashable)
Mashable - The same technique used in the first web-based Jailbreak for iPhone can be utilized by hackers to seize control of your phone via a program that can be delivered via PDF to any iOS device r... - Hackers could enslave iPad, iPhone: security firms (Reuters)
Reuters - A newly discovered vulnerability in the software that runs Apple Inc's iPad and iPhone could allow hackers to enslave the popular mobile devices, three security firms said on Tuesday.
Vie... - Hackers could enslave iPad and iPhone: security firm (Reuters)
Reuters - A newly discovered vulnerability in the software that runs Apple Inc's iPad and iPhone could allow hackers to remotely enslave the popular mobile devices, a security firm warned on Tuesday.
...
Posted on 21 April 2011. Tags: 3G, Apple, consolidated.db, iPad, iPhone, Open Source
The above information is reprinted from and copyrighted © by Help Net Security.
