Home > exploits, iPhone, Security, Technology > iDevice tracking.

iDevice tracking.

April 27th, 2011
Reading Time: 3 minutes

I’m a little late wading into this but I thought it worth looking at based on my last post.

If you’ve been hiding under a rock; Apple tracks where you have been (regardless of your location tracking selection) in a file called consolidated.db.

Tracked!

This was originally discovered by Alex Levinson back in 2010 when he was researching the iPad.

Long story short there is s SQLite Database on both the iDevice (/private/var/root/Library/Caches/locationd/consolidated.db) and stored on your sync machine (/Users/<your user name>/Library/Application Support/MobileSync/Backup/). It uses cell tower triangulation, as opposed to GPS, to track your location (so accuracy isn’t always bang on, but pretty close in most cases).

Recently a couple of researchers from O’Reilly (Alasdair Allan and Pete Warden) wrote an OSX application that allows the visualisation of the stored data and bringing this out from the deep dark recesses of computer forensics to the mainstream, sparking outrage and cries of foul. This in turn forcing Apple to respond to these concerns.

You can see in the image “Tracked!” that it has tracked my movements throughout NSW and Canberra. So I decided to have a play myself to see what is all captured (instructions on how to find the consolidated.db file are on Pete Warden’s site). With the help of an SQLite viewer I opened up the file to see what all was there (see image below):

SQLite file opened

The second table is the interesting one that contains the location tracking data that everyone is interested in. A view into that table shows exactly what can be found in there:

CellLocation Table Contents

I’ve condensed the columns for Longitude and Latitude, mostly because I don’t want everyone knowing EXACTLY where I’ve been 😉

The interesting thing seems to be that there is also similar information being stored for WiFi locations though I’ll need some time playing about to understand how relevant the information stored is, but based on an initial pass it seems to capture any AP that my phone sees. I’ve tested this by pluging random MAC addresses into the Google to check against it’s wireless AP DB and sure enough, these are APs I’ve not connected to but are pretty close to some of the ones I do.

Given the high profile of this, now, and the ease in which the necessary scripts can be located online to grab this information. I suspect that it won’t be long before you see some exploits in the wild and high profile people start finding that their movements are published.

I hope Apple move to remedy this soon.

UPDATE: I forgot to add that Google also track phones and seem to track similar information on WiFi locations picked up by Android devices. I suspect that Apple is doing similar things with the information for their own reasons.

UPDATE2: Apple have released their latest IOS (4.3.3) that addresses some of the issues.

I’ve yet to run it up and review myself but it looks like they have made good. Now to see what happens with Google and Microsoft.

Comments are closed.