iFiasco is a Forensic Gold Mine
In all of the fervor surrounding the latest iFiasco a small detail seems to be lost on most of the reporting public, including myself: the discovery of the tracking file is old hat. Sean Morrissey and Alex Levinson, two specialists in the field of forensics wrote a book “iOS Forensic Analysis,” wherein they describe how to view the consolidated.db file. The book was published December 5th, 2010.
Levinson has posted a long response to the findings on his Wordpress blog
. He raises three main points in his blog: 1. Apple is not collecting the data. 2. The file is neither new nor secret. 3. The discovery was published months ago.
Levinson originally discovered the same information stored in the consolidated.db file in pre-iOS4 devices as the h-cell.plist file. The only differences between the two are multitasking and background location services, according to Levinson. These simple changes in iOS devices running iOS 4 allowed for the data to be easily acquired through extremely simple forensic techniques.
Levinson does a fantastic job explaining what exactly the files are doing and it is somewhat revelatory in exactly how much information can be mined off an iOS device using a simple forensic program. “Third party application data including user names, passwords, and interpersonal communication data” are available according to Levinson. If all of this information has been available in a book for the last five months why is the alarm only being sounded now? Most individuals would gasp at the idea of such sensitive information being so easily available.
However, Levinson and his peers are not most individuals. They specialize in forensics, being able to uncover information not obvious to the naked eye. Levinson now and at the time of the discovery worked for Katana Forensics. KF sells their forensic mining software (Lantern 2.0) to law enforcement, government and corporate examiners. This discovery quite possibly equated to a data gold mine for KF and its customer base. Levinson and his boss at KF, Morrissey, were not about to let the public know they found a rather profitable loophole around which they programmed their software.
This is not to say what Levinson and Morrissey does is illegal, rather they have a legitimate and legal business. However, ethical and moral questions can be raised. If someone who was in a not-for-profit position discovered iOS devices were keeping track of locations and other information their response would not have been so mute. Even if the data is not being transmitted to apple or third parties, the simple fact it exists in such an easily attainable form would have been cause for alarm. The public outcries since the announcement yesterday of the discovery is proof enough.
All this shows is there is a little truth to the saying “there is two sides to every coin.” And as it usually is, those sides were travesty and treasure.