How Long Was the iPhone Location Vulnerability Known?

I’m very intrigued by the Guardian’s piece iPhone keeps record of everywhere you go | Technology | guardian.co.uk but I’m wondering how new this information is, and whether other less transparent folk have already been using this gaping hole. Charles Arthur writes:

Security researchers have discovered that Apple‘s iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner’s computer when the two are synchronised.

The file contains the latitude and longitude of the phone’s recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner’s movements using a simple program.

For some phones, there could be almost a year’s worth of data stored, as the recording of data seems to have started with Apple’s iOS 4 update to the phone’s operating system, released in June 2010.

But it seems that folk on a forum have already been talking about it since January: Convert Iphone 4 Consolidated.db file to Google earth:

Someone called Gangstageek asked on Jan 6:

Is there a way to, or a program (for the PC) that can read the Consolidated.db file from the Iphone 4 backup folder and accurately translate the cell locations and timestamps into Google earth?

Other forum members helped him out. Indeed, an earlier forum, from November 2010, looked at the same file. kexan wrote on Nov 26:

We are currently investigating an iphone used during a crime, and we have extracted the geopositions located within consilidated.db for analysis. During this we noticed that multiple points have the same unix datestamp. We are unsure what to make of this. Its kind of impossible to be on several locations at once, and the points are sometimes all over town.

Going back even further, Paul Courbis wrote on his site (translated from the French), including a demo:

Makes it relatively easy to draw the data on a card to get an idea of ​​places visited by the owner of the iPhone..

I don’t have an iPhone so I’ve not been able to test this. But I’m guessing that this issue may have already been known for some time by some kind of folk. Indeed, there are tools in use by police and others that may have already exploited this kind of vulnerability.

21. April 2011 by jeremy
Categories: Phones, Security | Tags: , , , , , , , , , , , , | 3 comments

Comments (3)

  1. is it really a ‘vulnerability’? isnt it all the more tools to help trace the phone should it be stolen or that (heaven forbid) i get robbed and left for dead, the authorities are able to find me or the people that left me?

  2. Hi Jeremy,

    I’ve searched the PC I backup my iPhone to, and find no such file. I’m fully up to date with iOS4 but my device is an iPhone 3G, so I wonder at which version this began.

    Roy

  3. Roy, same here, my PC shows nothing. I do not have access to an apple. Anyone?