UPDATED 11:53 EST / APRIL 20 2011

Researchers Catch iOS 4 Secretly Recording Everywhere You Go (Again)

ios4-knows-where-youve-been Our smartphones know a lot more about what’s going on and what we’re doing than we’re entirely aware. In fact, the more services that we enable the higher the chances that the information gathered could fall into the wrong hands. As users of a multitude of social networking services we already spin off huge emissions of personal data without even thinking about it.

UK researchers Pete Warden and Alasdair Allan have recently discovered that the iPhone, running iOS 4, continually records location, and spoke about this with O’Reilly (YouTUBE video.) Recently, Engadget ran with a story about how this isn’t totally unknown in all security and forensics circles, but it’s the first time that it’s getting such widespread attention:

If you didn’t already think your smartphone knows too much about you, here’s a handy reminder. A duo of UK researchers have uncovered a potentially worrying (and oddly enough, undocumented) feature in iOS 4: it asks your iPhone to record your location constantly, then timestamps that data and records it for posterity.

They add that this isn’t as big a problem as the fact that the data file that this gets stored happens to be easily accessible. The file, consoloidated.db, is merely hidden and not encrypted in any meaningful way, and worse: it’s part of the iPhone synchronization. That means that any computer that you’ve ever synchronized your iPhone with will have a copy of this file and thus entire circuits of your activities while your iPhone was on and timelines of your movements.

Above I mentioned that we personally emit a lot of this information already without thinking about it. In fact, mobile check-in already gets a great deal of heat (or chill) from people realizing that they’re basically broadcasting their movements. This “feature” of iOS 4 is interesting, but it’s the part where it’s invisible to the user that it’s storing this information that makes it most problematic. In the case of check-in and geolocation tagging with tweets or Facebook posts, at least we’re accepting that we’re adding our location to our emissions.

Fortunately, the information saved by iOS 4 is not being broadcast.

However, the fact that it’s being stored at all without our knowledge and that it goes along with synchronizations means that it would be an interesting target for bad guys. In fact, all of the information in our smartphones (and thus sync data) is a powerful temptation for data thieves. I would expect that people could protect themselves just a little bit more by syncing their smartphones into an encrypted volume when they use such a function.

I’d say this is always a necessary and useful thing to do. Most of the universe looking to penetrate our privacy isn’t personally interested in us, breaches to our privacy happen much more easily by mining our use of social networks than attempting to steal data from our phones and computers. However, data like this stored in our phones or on our computers is extremely personal and deepens the impact of the loss of a smartphone or the invasion of a computer.

The Dark Cloud and Device Internal Data Breaches

Across the vast enterprise of the Internet, the data organized and used by corporations and social media networks is dwarfed by the total amount of data moving beneath the surface. The term “the dark cloud” is one coined to speak about the use of data for nefarious purposes such as all the elements needed to pretend an identity for identity theft, credit card numbers and e-mail addresses pilfered from websites, and the like.

As more and more of our lives get stored on our smartphones, it makes them and their data a tantalizing target.

Incorrectly stored, the data about my credit card information and purchases stored on my phone (and potentially synced) puts me at just as much danger as losing my credit cards or checkbook used to. Worse, in fact, as it puts a lot more information at the fingertips of a potential criminal.

Companies like Apple and Google who produce smartphone technology really need to stay on top of making personal data on our phones and that transferred out harder for bad guys to tap into.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU