Apple to Its iPhone Users: 'We've iPhound you'

Track down others – while your smartphone tracks you
Track down others – while your smartphone tracks you
Mikko Hypponen, F-Secure
Mikko Hypponen, F-Secure
Nigel Stanley, Bloor Research
Nigel Stanley, Bloor Research

Back in the 1970s, when phone phreaking – the pre-cursor of today's hacking – was well into its adolescence, electronic experts came up with the idea of an infinity transmitter.

Also known as a harmonica bug, the transmitter was a small electronics gizmo that fit inside the handset of a landline telephone and, as soon as the phone's ring current activated, started relaying sounds in the vicinity of the handset, down the phone line.

Because it was powered by the phone line, and could be dialed from anywhere in the world, the name infinity bug was born, with law enforcement agencies using them to conduct discreet surveillance on the phone's user, family, or colleagues.

Fast forward three decades, and a growing number of people have smartphones – personalized wireless telephones – in their purses, handbags and pockets.

It was therefore a given that the idea of an infinity bug would port to a smartphone, allowing security agencies – and anyone able to install a suitable app on the handset – to monitor the audio in the vicinity of the mobile. And don't forget that on-board GPS and cellular base station triangulation can give us the location of the handset as well.

Life Imitates Art

It's the stuff of a John Le Carre novel – provided, of course, you can get physical access to the smartphone to install a covert app, which, by the way, would break all the Apple software development rules if it were to run on the iPhone.

But what if Apple were to code up such an app? Better yet, what if Apple were to include the infinity bug/tracking program code within iOS, the Apple portable device operating system?

That's not Le Carre – that's paranoia.

But wait – it's happened! In April of this year, two researchers made the astonishing discovery that Apple had been creating a location data file on all iPhones running iOS 4.x, the latest version of iOS, ever since the operating system was released last summer.

Even though the data file didn't (thankfully) record audio from the phone's microphone, it did the next best thing and stored the location of the handset at regular intervals – apparently derived from the GPS co-ordinates of the handset and/or base triangulation data from nearby cellular transmitters.

"Apple maintains a global database of the locations of WiFi networks. They use this to get an estimate of your location without using GPS"
Mikko Hypponen, F-Secure

According to Pete Warden, founder of the Data Science Toolkit and Alisdair Allan, a senior research fellow with Exeter University, the steadily updated data file was unencrypted, meaning that anyone with the right knowledge could extract the movements of the iPhone, and its user, for a lengthy period.

And since that file – along with all the contents of the iPhone – is backed up each time you ‘synch' an iPhone using iTunes with a desktop or laptop computer, it's a potentially serious invasion of privacy.

Apple’s Pear-Shaped Deniability

As the story unfolded during April, initially with Apple saying very little, it became apparent that the tracking log file was partially inaccurate, with occasional details of the phone's location being wrongly recorded.

Many users in the US, for example, found the file was tracking them as having been near Las Vegas, in the state of Nevada, when they had never been to Las Vegas or, at least, not for many years.

This isn't plausible deniability at work, Infosecurity can reveal – it's actually what happens when the GPS co-ordinate system or, more often, cellular triangulation data mapping, goes pear-shaped.

As a tidal wave of media coverage about the issue started, with national newspapers on both sides of the Atlantic joining in, it soon transpired that Google Android – and then Windows 7 Phone – devices also logged this type of data, albeit on a smaller scale.

Apple, however, bore the brunt of the media criticism, mainly because it's such a behemoth, and the media loves to give it a good bashing every now and then.

But for once, actually, Apple probably deserved to get a bashing over the issue, even when it finally released a statement on the data file logging, claiming it was crowdsourcing the location of WiFi base stations for a giant database.

Permission Granted?

According to Mikko Hypponen, F-Secure's chief research officer, the data file "cannot be accessed by third-party apps on an iPhone, as you need root rights to reach it", although like many experts, he noted in his security blog that the file is copied to a host computer every time an iTunes ‘sync' is carried out.

Even with Apple posting a detailed Q&A on its website about the location tracking data, questions were asked, all the way to the US Congress. Not surprisingly, a large number of iPhone users were still less than impressed.

The irony of this, of course, is that the iPhone already has several apps/services that track users, most notably MobileMe and Find my iPhone, and, as Apple points out, these features "require personal information for the feature to work”.

But the crucial point here is that these apps work with the iPhone user's permission. The iOS 4.x tracking data file was logged without users' explicit permission, although Apple has repeatedly pointed out that it has the rights to do this within its iTunes terms and conditions.

Nevertheless, according to F-Secure's Hypponen: "Apple maintains a global database of the locations of WiFi networks. They use this to get an estimate of your location without using GPS."

"For example, if your handset sees three hotspots which have MAC addresses that Apple knows are within a certain city block in London, it's a fair bet you're in that city block", he explains.

Conspiracy Theory

According to Nigel Stanley, IT security practice leader with Bloor Research, there are two possibilities as to why Apple has been "tracking its iPhone users", as one tabloid put it so succinctly when the news started to break.

"Either it was a huge conspiracy, or some Apple techies put it into the iPhone's operating system for information", he says, adding that the latter possibility – that it was being used for crowdsourcing the location of WiFi access points – seems the more obvious.

"Either it was a huge conspiracy, or some Apple techies put it into the iPhone's operating system for information. Whichever reason it was, however, it's still a public relations nightmare"
Nigel Stanley, Bloor Research

"Whichever reason it was, however, it's still a public relations nightmare. It's the longevity of the data [that's being logged] that is the problem", he observes.

" ‘Hoovering’ up all that data is the real issue that users are concerned about. It has not gone down at all well with [iPhone] users", he told Infosecurity.

And Then There's the Benefits...

One of the issues that many media reports have overlooked is that cell site analysis, which is used in a growing number of police investigations, is now a forensic science in its own right.

Once this type of forensic data is collated, Stanley says that it's then up to the investigators to present their evidence in court that the smartphone user was where they say he or she were, beyond all reasonable doubt.

It's a complex science, he admits, noting that the Apple location data file seems to have automated the process.

Apple, he says, has released an iOS update to solve the problem of storing location data for a lengthy period and also encrypts the relevant files on the host computer.

That's all well and good, he adds, but Stanley gently slams Apple for the fact that the process of reflashing the operating system to an iPhone is quite complex under iTunes, and involves reflashing around 660 megabytes of data into the handset.

That's another public relations disaster for Apple, he says, as the solution to the problem is seriously long-winded and not for novice IT users.

For those users that don't want to reflash their iPhones, there are a growing number of apps being released that allow the offending data file to be analyzed, zeroed and/or removed completely.

But none of them are yet on the Apple iTunes service, meaning that, in order to install them, users have to jailbreak (unlock) their smartphones.

Ah, the irony... 

What’s Hot on Infosecurity Magazine?