Skip to content

Posts tagged ‘location’

5
May

iPhone/iPad iOS 4.3.3 Fixes Location Tracking Bugs

Following the recent over-hyped “location tracking scandal“, Apple has released iOS 4.3.3 which fixes bugs in the Location Services on iPhone and iPad devices that caused them to store excessive location information. As detailed by Apple’s Q&A on Location Data, the location data stored on iOS devices (and backed up by iTunes) are merely a subset of Apple’s crowd-sourced location database of Wifi hotspots and cell towers, used to facilitate Location Services when GPS is unavailable or unreliable. The bugs were causing iOS to download this location cache even if Location Services were turned off, and to store the cache indefinitely, instead of being regularly purged.

This update contains changes to the iOS crowd-sourced location database cache including:

  • Reduces the size of the cache
  • No longer backs the cache up to iTunes
  • Deletes the cache entirely when Location Services is turned off

It’s nice to see Apple resolve this issue so swiftly, and these changes will help improve the privacy of iPhone and iPad users, regardless of whether they use Location Services. The only thing I would have added if I were Apple, is the ability for the user to clear the location cache in the device settings. It’s a button that could be easily added in Settings > Location Services.  Just sayin’!

26
Apr

Everything You Need to Know About the iPhone Tracking ‘Scandal’ [Updated]

Seeing as I cover OSX/iOS security and privacy, I figured it’s about time I weighed in on this whole iPhone/iPad tracking ‘scandal’. I have to admit I was surprised when I first heard of the iPhone storing location data, especially that it does so with Location Services turned off. This issue is not new, however, and was described in a fair amount of depth by Alex Levinson several months ago. What has made it so popular this month is the release of the iPhoneTracker app, developed by Pete Warden and Alasdair Allan, that creates a visual map of your visited locations. I promptly tested iPhoneTracker, and sure enough it showed a bunch of areas that I’d visited. Upon closer inspection, however, I noticed that it didn’t specifically geolocate me in two places where I’d spent a lot of time; namely home and work. On top of that, there were a number of locations I’d never even been to.

[Updated] According to the info recently published by Apple, this stored location data is not the location of the iPhone itself, but rather a subset of crowd-sourced location information for local cell towers and wifi networks, which is only used to rapidly provide the user with location information. Full details at the bottom of this post. Read moreRead more

22
Aug

Disable Facebook Places – or – Location-Stalking for Fun and Profit

In a direct strategic offensive on Foursquare’s service and a long-term plan for world domination, Facebook recently introduced their own service dubbed Places. These two services allow users to ‘check-in’ to virtually any venue/event, thus sharing their location with friends (or the world). This introduced an awesome new sport known as Foursquare stalking where one could follow the check-ins of known or random people (eg. by searching for 4sq.com on Twitter Search), call up the venue they are currently at, and ask to speak to the person… and then doing this for every location they check-in to. Tremendous fun. The guys at PLA Radio had fun prank-calling people using this, with amusing results.

Apparently the bald fat guy below just got home. Since he is kind enough to post the actual location of his domicile, all a thief has to do is wait until he checks-in somewhere far away, and then proceed to leisurely rob him of all his stuff. Sorry baldfatguy… didn’t mean to pick on you but you were at the top of the list.

Foursquare Tweet

Surely Facebook’s entry into this domain will allow for more stalking goodness. Another interesting perspective is using Places to create an alibi by spoofing one’s GeoLocation. Anyway, onto the essentials. At least most of us can just avoid using services like Foursquare… but if you have a Facebook account, it’s yet another privacy setting you will have to set yourself.

To Disable Places: Log in to Facebook and go to the Privacy Settings. Click on Customize Settings at the bottom, and then modify the Things I Share settings (you will need to select Custom from the dropdown menu in order to choose Only Me). These settings are only important if you do actually use Places.

Facebook Places Settings

Next go down to Things Others Share, and uncheck Friends can check me in to Places.

This one is particularly important as it prevents trigger-happy privacy-ignorant friends (you know, the ones who take photos of everything at a party only to upload them the next day and tagging everyone) from checking you into every location you ever go to in their presence.
Friends can check me in to Places
Facebook have provided a video which explains how to control your Places settings.
19
Aug

Hack Uses Geolocation to Pinpoint Your Location

In one of the more simple yet clever attacks I’ve seen this year, at BlackHat and Defcon, Samy Kamkar (author of the 2005 Samy MySpace worm) showed how javascript and geolocation could be used to more or less pinpoint a user’s location. An attack Samy dubbed ‘XXXSS‘.

The attack works by using javascript to obtain the MAC address (a unique hardware identifier) of the victim’s network router or gateway, and then submitting it to Google’s Geolocation service to obtain the coordinates. Read moreRead more

css.php