Jump to content

Iphone Regista Todos Os Passos Do Utilizador Sem Avisar


Mini0n
 Share

Recommended Posts

iPhone regista todos os passos do utilizador sem avisar

Dois investigadores descobriram que os iPhones têm um ficheiro secreto que regista as latitudes e longitudes, bem como hora e data de todas as deslocações efetuadas com cada aparelho.

O caso promete fazer muita tinta: dois investigadores britânicos vão dar a conhecer hoje, na conferência Where 2.0, que se realiza em São Francisco, EUA, um ficheiro desconhecido que regista todos os passos dos utilizadores e que terá sido instalado nos iPhones, durante o update do sistema operativo iOS 4 realizado em Junho.

Alasdair Allan e Pete Warden dizem que o ficheiro procede à transferência desses dados sempre que um iPhone que tenha feito esse update se sincroniza com um computador pessoal.

Através do jailbrake do iPhone ou a instalação de uma aplicação específica no computador que esteja associado a esse aparelho, qualquer pessoa pode descobrir o percurso do utilizador nos dias anteriores, referem os investigadores britânicos quando inquiridos pelo The Guardian.

"A Apple torna possível a qualquer pessoa - seja uma esposa ciumenta ou um detetive privado - que tenha acesso a um telefone ou um computador aceder a informação detalhada dos lugares em que outra pessoa esteve", denuncia Pete Warden.

Os dois investigadores acrescentam ainda que este ficheiro migra automaticamente quando um utilizador troca um iPhone antigo por um novo, ou passa a associar ao computador um iPad. Esta capacidade de migração é, de resto, apontada como a prova de que a Apple não criou por acaso este ficheiro que regista todas as latitudes e longitudes (e respetivas datas) dos utilizadores.

A Apple ainda não comentou esta investigação.

Uma coisa é certa: em Portugal tal serviço dificilmente pode ser considerado legal - até porque não permite que o utilizador o rejeite.

Tá bonito...

Also, a Apple tá em altas... processou a Samsung por causa de designs mas acho que já se arrependeram :lol:

Link to comment
Share on other sites

Por coisas destas e outras parecidas e que não serei eu a dar dinheiro a ganhar a estes

Já se presumía isto quando nas fotos tiradas no bicho, por exemplo ele guardava a localização, opção que não dava para desactivar, pelo menos na primeira actualização que trouxe esta "funcionalidade"

Link to comment
Share on other sites

É por isso que gosto Open Source.

Se houvesse algo de parecido no Android por exemplo, já a comunidade tinha descoberto isso no codigo fonte do Sistema Operativo.

Mas isto vai dar muito que falar. a ser verdade, a Apple tem acesso a tudo o que os utilizadores de um iPhone fazem, onde vão etc etc

Invasão de privacidade. Cheira-me a pesadas multas, principalmente da União Europeia, que não costumam perdoar. Que o diga a Microsoft :-..

Link to comment
Share on other sites

Outro artigo sobre isso com maior detlahe:

How Apple tracks your location without consent, and why it matters

By Jacqui Cheng | Last updated about 5 hours ago apple-eye-poster-ars-thumb-640xauto-21198.jpg

If you haven't yet enabled encrypted backups for your iPhone or iPad, now's definitely the time to start. Two security researchers have discovered a simple way to map out where you've been almost anywhere in the world—without any hacking involved. The information comes from a location cache file found within your iPhone's backups on your Mac or PC, bringing out serious privacy concerns and opening the door for a jealous spouse, thief, or even a crafty trojan to take a detailed look at your whereabouts. And it's information that no one should have access to—not even law enforcement, barring a court order.

Researchers Alasdair Allan and Pete Warden revealed their findings on Wednesday ahead of their presentation at the Where 2.0 conference taking place in San Francisco. The two discovered that the iPhone or 3G iPad—anything with 3G data access, so no iPod touch—are logging location data to a file called consolidated.db with latitude and longitude coodinates and a timestamp. The data collection appears to be associated with the launch of iOS 4 last June, meaning that many users (us at Ars included) have nearly a year's worth of stalking data collected.

In order to drive the point home, the two developed an open source application called iPhone Tracker that lets anyone with access to your computer see where you've been. For example, my log appears to start on June 23, 2010 (one day before the launch of the iPhone 4) and shows nearly every trip I've ever taken since then and when. You can see that I seem to spend most of my time in Chicago and occasionally the suburbs, with road trips down to Indianapolis, Cincinnati, Springfield, and Wichita. I also fly to New York City and San Francisco, and I have a few dots at the Tokyo Narita airport when I traveled through there in October.

iphonetracker_jacqui_ars.pngWhere in the world is Jacqui Cheng? iphonetracker_jacqui_ars2.png

Slightly more zoomed in look at my whereabouts What's not shown is a week-long trip I took to Hong Kong in October. Why? Because I left my iPhone's cellular and data connections turned off and only used GPS with WiFi while I was there. But if I know I used GPS in Hong Kong in order to make geotagged tweets and photos, shouldn't it show up in this log file? The answer is no, and the reason behind it should scare you.

Court order required—or not

From the end-user point of view, Apple only does one kind of location tracking, and it happens via GPS. The company makes sure to notify you on your iPhone or iPad every time you use an app that will grab your GPS location so that you're always informed of when you're being tracked. However, that's not all that's going on behind the scenes. Apple also triangulates your location from cell phone towers and logs that information in order to help get a faster GPS lock (or to find your location without GPS if you're getting bad GPS signal).

Allan and Warden point out in their iPhone Tracker FAQ that this is indeed the method Apple is using in the consolidated.db file, and this is also the reason users might see strange iPhone Tracker dots in places they haven't been.

"As far as we can tell, the location is determined by triangulating against the nearest cell-phone towers. This isn't as accurate as GPS, but presumably takes less power," they wrote. "In some cases it can get very confused and temporarily think you're several miles from your actual location, but these tend to be intermittent glitches."

Users don't get to decide whether their locations are tracked via cell towers or not—unlike GPS, there is no setting that lets users turn it off, there's no explicit consent every time it happens, and there's no way to block the logging. (Nitpickers will point out that you do give your consent to iTunes when you download and install iOS 4, but this is not treated the same way as the consent given to the iPhone every time an app wants to use GPS.) So, whether or not you're using GPS, if you're using your iPhone as a cell phone, you are being tracked and logged constantly without your knowledge. This is why my trip to Hong Kong wasn't logged (because I had all cell connections turned off while GPS was on), but my stop-over in Tokyo Narita on the same trip was logged (I had turned on my phone to make a quick call, but did not use GPS).

Of course, the fact that this data exists somewhere is nothing new. Cell companies have been tracking this triangulation information for their own purposes for years. In the US, however, regular people cannot access that data—law enforcement must obtain a court order before they can get it for an investigation, and your jealous spouse can't get it from the wireless company at all.

What the cellco has on you is now basically being mirrored in a file on your iPhone or iPad without any kind of encryption, and is also being copied to your computer. (Allan and Warden say that, according to their research, no other phones log triangulated cell locations in this way, including Android phones.) And, if you leave iTunes on the default syncing settings, your iPhone backups aren't being encrypted on the computer either, making tools like iPhone Tracker possible.

Who has access now?

So your iPhone—and probably your computer—now both have a file that mirrors data that was previously limited to law enforcement, which itself was only able to obtain it from a court order. Without encrypted backups, someone who has access to your computer can see your whereabouts. "By passively logging your location without your permission, Apple have made it possible for anyone from a jealous spouse to a private investigator to get a detailed picture of your movements," the team wrote.

But even if you check the box to encrypt your iPhone backups on the computer, the file is still unencrypted on your iPhone, and it wouldn't be hard for someone with ill intentions to access it.

"Anyone with a good jailbreaking tool could get it off the phone too. And of course my forensics tools," iPhone hacker and forensics expert Jonathan Zdziarski told Ars. "In fact even the old SSH worms (which are still effective on a large number of handsets) could be modified to collect this. It's part of the Core Location cache on the phone. So, it's not a covert, evil, Big Brother secret invisible file, but Apple has been administratively lazy in their programming, which is the root cause of most data leaks on the iPhone."

Security expert and repeat Pwn2Own champion Charlie Miller was slightly less pessimistic about who can access the file, but agreed that it wouldn't be trivial for an experienced iPhone tinkerer.

"This file is only readable by root. That means that a rogue App Store app won't be able to read it. Even a bad guy who hacks into your browser won't be able to read it," Miller told Ars. However, remote hackers can make use of two separate exploits—a code execution exploit and a privilege escalation exploit—which Miller points out have been available before in the form of jailbreakme.com (a tool that allowed users to jailbreak their devices through a Web page on the Internet).

Although Apple makes an effort to patch security holes as they come up, the jailbreak community is constantly working on new ways to gain access to previously forbidden files—if something like Jailbreakme existed before, it could exist again.

"It is bad for privacy this file exists, especially when it doesn't seem to be linked to any particular feature that provides any benefit," Miller said. "[T]here is no easy way to wipe the data from it."

Implications for Apple

Zdziarski says the iPhone has actually been logging this location data for longer than a year, but it wasn't so easily accessible before the launch of iOS 4 in mid-2010.

"The iPhone has been keeping caches of user location data for quite some time now. iOS 4 made it a little easier to get to, but law enforcement has been using data like this since around 2009 to build evidence against criminals using the iPhone," Zdziarski told Ars. "Similar data has been cached in different files prior to iOS 4. [The cache revealed today] is a bit more aggressive and centralized, making it easier to access by normal folks."

Apple did not respond to our questions about how long it has been logging the location data, but it's clear that the reason the issue is coming to light now is because of this easy access. Zdziarski added that the iPhone in general "leaks like a sieve," and warned that consumers should consider the possible implications to their personal privacy with today's discovery.

Privacy advocates are taking things a step further by calling out Apple for abusing user trust. "Apple has some explaining to do. iPhone owners place a great deal of trust in Apple, and Apple has a responsibility not to abuse that trust," Princeton University Center for Information Technology Policy researcher and regular Ars contributor Timothy B. Lee said.

"This incident raises questions about whether Apple is serious about user privacy," Lee continued. "If this was an accident, Apple needs to fix the problem and put in place procedures to make sure it doesn't happen again. If the data is being collected deliberately, perhaps in preparation for a future product, Apple should have clearly notified users and given them an opportunity to opt out."

Apple told Congress last July that all location data collected by the iPhone remains private. According to Apple lead counsel Bruce Sewell, Apple does collect anonymous location data from iPhones in an effort to improve its own database of cell tower and WiFi hotspot locations, but that it only does this with user consent. The discovery made by Allan and Warden clearly shows that this is happening constantly without explicit consent like Apple treats GPS, however, and it sure isn't anonymous when it's accessible directly from the user's device.

So, is there anywhere you've been in the last year that you don't want anyone to know about?

Edited by Lancer
Link to comment
Share on other sites

We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.

Isto é o que diz naqueles textos muitos grandes que todos aceitamos sem ler patavina do que lá tá escrito, nos termos legais do iTunes.

Ou seja, afinal a Apple avisa que quem quer usar o seus produtos, tem que aceitar ser espiado :-..

Case Closed, a Apple propôs isso, as pessoas aceitaram. Logo não se pode culpar a Apple. Eles é que são os inteligentes, e nesse aspecto ninguém lhes pode tirar o mérito.

Link to comment
Share on other sites

Já agora, o Android tem um sistema igual a esse do iPhone.

Tem é uma pequena diferença. Vem desactivado por Default, e se por ventura o utilizador quiser activar isso, ainda aparece uma caixa de aviso a explicar o que acontece e se concordamos ou não. Por exemplo no meu caso nunca activei esse serviço, a Google não precisa de saber por onde ando.

google-location-data-screen_610x393.jpg

Link to comment
Share on other sites

Falta aqui os bitaites de um user iPhone :D

Ora bem.

1º ponto que eu vejo aqui. O ficheiro em causa está associado ao registo das posições de imagem via GPS. Registo este que fica no iPhone resguardado e só sai com sincronizações via Itunes, ou seja, backup de dados.

Violação de privacidade? Sem dúvida, não estou nada satisfeito que isso aconteça.

Mas... pensem lá como deve ser e metam esse ódio pela Apple um bocado de lado. Qualquer operadora tem exactamente os mesmos dados devido a triangulações de antena, algo que os equipamentos de hoje em dia classificam como A-GPS.

Vejo como mais grave uma operadora que eu não conheço de lado nenhum ter estes dados do que um ficheiro que não sai do meu bolso.

É claro que os Apple Haters adoram estas noticias...

Link to comment
Share on other sites

Vejo como mais grave uma operadora que eu não conheço de lado nenhum ter estes dados do que um ficheiro que não sai do meu bolso.

Por exemplo, a apple não tem acesso ao ficheiro?

Edited by Perks
Link to comment
Share on other sites

Qualquer operadora tem exactamente os mesmos dados devido a triangulações de antena, algo que os equipamentos de hoje em dia classificam como A-GPS.

Isso das triangulações de antena não é a mesma coisa que saber latitude e longitude... certo? A cada passo as triangulações de antena me colocam substancialmente afastado do local onde realmente estou...

Vejo como mais grave uma operadora que eu não conheço de lado nenhum ter estes dados do que um ficheiro que não sai do meu bolso.

Confesso que não percebi isto: Como não conheces se é a tua operadora de sempre?... arrisco a dizer que 'conheces' melhor a tua operadora, que até fala a mesma língua, do que a empresa que produz esse aparelho.

Link to comment
Share on other sites

@Perks - Porque haveria de ter? Lá porque está num ficheiro que é criado com o backup do meu iPhone (para futuro restauro), não quer dizer que Apple tenho acesso ao dito.

Qualquer operadora tem exactamente os mesmos dados devido a triangulações de antena, algo que os equipamentos de hoje em dia classificam como A-GPS.

Isso das triangulações de antena não é a mesma coisa que saber latitude e longitude... certo? A cada passo as triangulações de antena me colocam substancialmente afastado do local onde realmente estou...

Como se ter uma variante de uns metros já tornasse isso "normal"...

Vejo como mais grave uma operadora que eu não conheço de lado nenhum ter estes dados do que um ficheiro que não sai do meu bolso.

Confesso que não percebi isto: Como não conheces se é a tua operadora de sempre?... arrisco a dizer que 'conheces' melhor a tua operadora, que até fala a mesma língua, do que a empresa que produz esse aparelho.

Operadora: Fora do meu iPhone e PC ;)

Se leres as entrelinhas todas da notícia não fala que os dados sejam enviados para a Apple.

Edited by JP--
Link to comment
Share on other sites

@Perks - Porque haveria de ter? Lá porque está num ficheiro que é criado com o backup do meu iPhone (para futuro restauro), não quer dizer que Apple tenho acesso ao dito.

No artigo em cima a apple admitiu que tinha acesso a ele ;)

also

There is a brand new solution to handle this.

Your phone does have to be jailbroken.

Simply go to Cydia and search for and install the app called Untrackerd, this will prevent your iPhone from being tracked by clearing out the secret database file that records this information so it does not get stored anywhere on your phone!

Problem solved

O problema é que na próxima actualização, outra merdita qualquer virá

Edited by Perks
Link to comment
Share on other sites

@Perks - Porque haveria de ter? Lá porque está num ficheiro que é criado com o backup do meu iPhone (para futuro restauro), não quer dizer que Apple tenho acesso ao dito.

No artigo em cima a apple admitiu que tinha acesso a ele ;)

also

There is a brand new solution to handle this.

Your phone does have to be jailbroken.

Simply go to Cydia and search for and install the app called Untrackerd, this will prevent your iPhone from being tracked by clearing out the secret database file that records this information so it does not get stored anywhere on your phone!

Problem solved

O problema é que na próxima actualização, outra merdita qualquer virá

Vê em bold ;)

Mas thanks pela info, vou instalar isso.

@Spak Alguma notícia credível que afirmavam que não o faziam? ;)

Se conseguem ter acesso aos dados? Of course, é assim que a rede GSM trabalha.

Link to comment
Share on other sites

Perks isso é uma solução do Cydia, para quem tem Jailbreak.

Verdadeira solução é se a própria Apple dissesse que não fazer mais isso. E com este alarido todo, ate acredito que na próxima versão, tenham uma opção para desactivar isso. E só activa quem quiser. Tal como acontece no Android.

Link to comment
Share on other sites

@JP--

Apple says that when location services are activated on a device and an app requests location data, Apple will anonymously collect data which includes GPS coordinates, any cell towers or WiFi hotspots that the device can see, and what kind of signal strength the device is reporting.

It can also collect information about locations for when calls are made, and other situations which Apple uses to "improve service."

Edited by Perks
Link to comment
Share on other sites

LOL, se fosse so isso :-..

iPhone 4 reportedly capturing images at random using front camera

In an issue that will have privacy advocates up in arms, iPhone 4 owners are claiming their devices are, in effect, spying on them using the phone's front-facing camera.

In a thread on Apple's support forums, Virginia-based user ''kar0786'' claimed that on several occasions when using the FaceTime video calling feature, both she and her boyfriend had been presented with photos apparently taken by the phone without their knowledge.

''It brought up photos of both of us at work, where I have used FaceTime a few times but he never has. We're just wondering how/why this is happening, and if there is a fix. It's not terribly inconvenient, but it's definitely unsettling, where is seems that even if we haven't taken a picture or used FaceTime, the camera is keeping images,'' she said.

Her story was corroborated by several other users, all of whom claimed to have had similar experiences.

''My Bf and I both have the [iPhone] 4 but I have the newest OS update and he doesn't. I am the only one whose phone does this. I will try to facetime him and a "picture" of my from the last facetime call I made shows up and sometimes it does it several times in a row,'' wrote maddad.

User Detroit313 said their phone appeared to have captured an image without having had the FaceTime app open at all.

''I had left the phone in the car when I ran in to get my sandwich. This was at a strip mall that I had never visited before and never connected to any WiFi...Ran [to] it, got my food, hopped back in the car. I hit the button to see if anyone called me (no one did) and drove off. After I got in to where I was working and ate my sandwich, I tried to use FaceTime and saw a frozen image of me in the car from 20-30 minutes prior!'' they said.

Apple has yet to comment on the issue and it seems far from widespread at this point. If user reports are accurate, however, iPhone 4 owners may want to keep an eye on their device, because it could be keeping an eye on you.

link

Olha a apple a ter informacao confidencial sobre todo e qualquer um de nos e um dia usar isso para chantagem (nao necessariamente ao nivel do ze da esquina, mas a quem tem funcoes de maior relevo em dirigir um pais por exemplo...) ;)

Edited by panayotopoulos
Link to comment
Share on other sites

47 mil Milhões não chega o ideal era ser em qualquer coisa como 80 a 100 Mil milhões :-..

Olha a apple a ter informacao confidencial sobre todo e qualquer um de nos e um dia usar isso para chantagem (nao necessariamente ao nivel do ze da esquina, mas a quem tem funcoes de maior relevo em dirigir um pais por exemplo...) ;)

tás na tanga mas imagina aqueles deputados europeus todos que receberam os ipad's e iphones o ano passado

A ser verdade isso

A apple agora deve ter imagens de grande parte deles no Red Light District em Amesterdão, à conta daquelas reuniões que existiram

Link to comment
Share on other sites

47 mil Milhões não chega o ideal era ser em qualquer coisa como 80 a 100 Mil milhões :-..

Olha a apple a ter informacao confidencial sobre todo e qualquer um de nos e um dia usar isso para chantagem (nao necessariamente ao nivel do ze da esquina, mas a quem tem funcoes de maior relevo em dirigir um pais por exemplo...) ;)

tás na tanga mas imagina aqueles deputados europeus todos que receberam os ipad's e iphones o ano passado

A ser verdade isso

A apple agora deve ter imagens de grande parte deles no Red Light District em Amesterdão, à conta daquelas reuniões que existiram

estou na tanga se pensar que isto e uma medida obscura do governo norte americano para controlar toda e qualquer pessoa do mundo e assim, se for possivel, "elimina.los" acidentalmente, estudando os padroes de comportamento dessa pessoa. Isso seria tanga :D

Mais a serio e o facto de isto poder mesmo estar a acontecer, e a utilizarem estes metodos para acederem a informacao confidencial de determinados individuos com poder, que posso comprometer a seguranca dessa pessoa, empresa ou pais (nem que seja apenas ao nivel de espionagem comercial)

Ou ate pode n ser nada, e somos nos todos a expecular sem sentido. O Steve Jobs e um bacano que andou nas drogas e teve uma licenca sabatica para ter um retiro monasterial. Pq e q ele nos deveria querer controlar :-..

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.