1. Phillip Swanson's Avatar


    In all of the fervor surrounding the latest iFiasco a small detail seems to be lost on most of the reporting public, including myself: the discovery of the tracking file is old hat. Sean Morrissey and Alex Levinson, two specialists in the field of forensics wrote a book “iOS Forensic Analysis,” wherein they describe how to view the consolidated.db file. The book was published December 5th, 2010.

    Levinson has posted a long response to the findings on his Wordpress blog. He raises three main points in his blog: 1. Apple is not collecting the data. 2. The file is neither new nor secret. 3. The discovery was published months ago.

    Levinson originally discovered the same information stored in the consolidated.db file in pre-iOS4 devices as the h-cell.plist file. The only differences between the two are multitasking and background location services, according to Levinson. These simple changes in iOS devices running iOS 4 allowed for the data to be easily acquired through extremely simple forensic techniques.

    Levinson does a fantastic job explaining what exactly the files are doing and it is somewhat revelatory in exactly how much information can be mined off an iOS device using a simple forensic program. “Third party application data including user names, passwords, and interpersonal communication data” are available according to Levinson. If all of this information has been available in a book for the last five months why is the alarm only being sounded now? Most individuals would gasp at the idea of such sensitive information being so easily available.

    However, Levinson and his peers are not most individuals. They specialize in forensics, being able to uncover information not obvious to the naked eye. Levinson now and at the time of the discovery worked for Katana Forensics. KF sells their forensic mining software (Lantern 2.0) to law enforcement, government and corporate examiners. This discovery quite possibly equated to a data gold mine for KF and its customer base. Levinson and his boss at KF, Morrissey, were not about to let the public know they found a rather profitable loophole around which they programmed their software.

    This is not to say what Levinson and Morrissey does is illegal, rather they have a legitimate and legal business. However, ethical and moral questions can be raised. If someone who was in a not-for-profit position discovered iOS devices were keeping track of locations and other information their response would not have been so mute. Even if the data is not being transmitted to apple or third parties, the simple fact it exists in such an easily attainable form would have been cause for alarm. The public outcries since the announcement yesterday of the discovery is proof enough.

    All this shows is there is a little truth to the saying “there is two sides to every coin.” And as it usually is, those sides were travesty and treasure.
    Attached Thumbnails iFiasco is a Forensic Gold Mine-gold-mine-copy.jpg  
    2011-04-21 11:32 PM
  2. vantheman169's Avatar
    with just glancing at this i thought i was on the wrong site for a second...lmao you know what i mean.... 4:20
    2011-04-21 11:34 PM
  3. Jastra's Avatar
    with just glancing at this i thought i was on the wrong site for a second...lmao you know what i mean.... 4:20
    Yup... I did the exact same thing.
    2011-04-21 11:54 PM
  4. FoneWeasel's Avatar
    We've sold a forensic tool to law enforcement offering this ability for more than 2 years now. Funny how it's big news when it's posted on Slashdot and then hits other sites but when we tried to publicize it over a year ago, no one seemed to care (slashdot and others didn't even print the story when contacted about it).
    2011-04-22 12:54 AM
  5. epignosis567's Avatar
    You're forgetting that this file would be more valuable to some people over others. Like the Chinese govt, for one example.

    Americans are the easiest people in the world to find. This file would be the last thing checked. Google twitter Facebook aim yelp etc. Americans post their location everywhere.
    2011-04-22 01:00 AM
  6. Mes's Avatar
    ...Americans are the easiest people in the world to find. This file would be the last thing checked. Google twitter Facebook aim yelp etc. Americans post their location everywhere.
    So true ... and we're such idiots !!!

    Information == knowledge. Knowledge == power.
    2011-04-22 01:15 AM
  7. djrbx's Avatar
    Hm, my old classmate Alex is making news. Interesting. I should be meeting him up in San Fran this summer. f anyone wants me to do a interview with him let me know.
    2011-04-22 01:34 AM
  8. Emaculate's Avatar
    Man Idk why I thought this was gonna be about Lupe fiasco

    But yea what's the point of getting mad with them knowing where everyone is it's not surprising in the least
    2011-04-22 02:07 AM
  9. TheDude1120's Avatar
    with just glancing at this i thought i was on the wrong site for a second...lmao you know what i mean.... 4:20
    I def got excited off that pic.. I was about to ask what do they call THAT lol
    2011-04-22 04:19 AM
  10. iStoner's Avatar
    i would smoke that thing, no doubt
    it's just a plant. Thats all it is. And if you happen to set it on fire...there are some effects...
    2011-04-22 04:31 AM
  11. vantheman169's Avatar
    i would smoke that thing, no doubt
    hahaha
    2011-04-22 04:38 AM
  12. Jahooba's Avatar
    I'm kinda getting tired of this story. It's now been debunked and dissected and now I think it's time to move on.

    Apple can legally remote-detonate jailbroken phones as long as they put it in the user agreement and you agree to it.
    2011-04-22 04:53 AM
  13. coolguy742's Avatar
    You're forgetting that this file would be more valuable to some people over others. Like the Chinese govt, for one example.

    Americans are the easiest people in the world to find. This file would be the last thing checked. Google twitter Facebook aim yelp etc. Americans post their location everywhere.
    1) I don't do that and I'm American
    2) I don't say there is anything wrong with any other nationality, please don't do it to me either
    2011-04-22 05:47 AM
  14. trentmorris's Avatar
    I think a lot of people are overreacting. We know a lot of companies (Google included) collect information to find patterns and trends in consumer life. This information is ultimately used in an effort to create more effective advertising. People jump to Big Brother, over harmless data collection.

    Stories like this just fuel the paranoia of guys living in their parent's basement.

    I will be leaving consolidated.db intact to do what it pleases. I might even post a copy on my Facebook.

    If you're still freaking out, read this.
    Last edited by trentmorris; 2011-04-22 at 06:42 AM.
    2011-04-22 06:38 AM
  15. link4403's Avatar
    1) I don't do that and I'm American
    2) I don't say there is anything wrong with any other nationality, please don't do it to me either

    I'm an American myself. I don't post on twitter at all, and I don't "check in" on facebook. That's not to say it isn't very commonplace amongst Americans. He didn't say anything negative against our populous or our culture (and I'm the first to stand up for us).
    2011-04-22 08:43 AM
  16. one1's Avatar
    If all of this information has been available in a book for the last five months why is the alarm only being sounded now
    Because nobody read your damn book. Snnnooooozzzeeeee.
    2011-04-22 08:56 AM
  17. norfskate's Avatar
    I'm actually heedin
    2011-04-22 09:30 AM
  18. Meglomaniac's Avatar
    actually you are not overreacting.
    There have been quite some topics on this forum about data collection in apps and ios that are being send to the developer or apple.

    and i will say the same here on what i had to say then.

    we should NOT want this.
    also there should be a option enabling or disabling any data collection in ios that will be standard off.
    we had people reply like people reply now everyone collects data blablabla and that makes it alright.
    does it ? maybe you don't care but i care that marketing agencies collect this data like Iad's

    I am happy to see more people start to care old news or not my hope is one day we can go to settings and turn off data collection without losing any real functionality.
    2011-04-22 09:32 AM
  19. c14rlf's Avatar
    is there an app so i can see where ive been on this file????
    2011-04-22 10:19 AM
  20. MCN's Avatar
    If you have issue with it, just download the fix from Cydia. We have more pressing issues in the country and we only thing that causes us to stand up is when we find out our cell phone keeps track of the tower we are closest to.
    Still a bit fresh at this...and will evolve to FRESH in a Bel Air type of way!
    2011-04-22 10:31 AM
26 12
LINK TO POST COPIED TO CLIPBOARD