Your iPhone can reveal your location
The secret of your fake location could be unleashed any time. Location based services are making the best of the GPS and A-GPS capabilities of modern day smartphones.
Two Security Researchers – Pete Warden, Founder of Data Science Toolkit and Alasdair Allan, Senior Research Fellow, University of Exeter, have discovered that the Apple iOS 4.x mobile operating system keeps a log of user’s location for iPhone and iPad.
Even if you haven’t been any using any of those location based services, the device still keeps a secret log of your locations along with timestamps on the device itself.
According to Warden and Allan, the iPhone and iPad keeps a secret log file inside the iOS 4.X operating system with a log of user’s location – latitude and longitiude co-ordinates along with the timestamp. According to both, the user’s location datalog is stored in a file called consolidate.db and the entire location logging started from iOS 4.X update.
What makes this issue worse is that the file is unencrypted and unprotected, and it’s on any machine you’ve synched with your iOS device. It can also be easily accessed on the device itself if it falls into the wrong hands. Anybody with access to this file knows where you’ve been over the last year, since iOS 4 was released, said Allan.
As of now, both aren’t openly speaking about how the device keeps a track of the location – using GPS or on cell-based triangulation.
Almost a Security Researcher Stefan Esser talked about the Address Space Layer Randomization to jailbroken iPhones and brought to light that jailbroken iOS devices were more prone to remote exploits than a non-jailbroken one. As Allan mentioned, the consolidated.db is unencrypted and unprotected so any nefarious hacker could get a copy of that file to track user location.
Apple iOS 4.3.2 did come with some security updates but as of now, there’s no word on whether the consolidated.db file is encrypted/protected or not. Its not sure if Apple intends to store such data on the user’s device.
It’s not just Apple because even Android by default keeps the Location API for your Android turned on whenever the device is booted.
