iPhone iSpy? Hacker says device captures it all
The iPhone is recording everything users see and do on their devices for caching purposes, an iPhone hacker says.
The device records screenshots of a user's most recent action so that it can achieve that cool effect of applications fading away when the home button is clicked, according to Jonathan Zdziarski, who wrote the forthcoming book iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets.
The screenshots are presumably deleted after the application is closed, but they can be recovered with forensics techniques just like data deleted from most any storage device can be reconstructed for purposes of law enforcement, he said in a Webcast on Thursday in which he demonstrated how to break into password-protected iPhones.
"There's no way to prevent it," Zdziarski said of the screenshot caching, according to a Wired report. "I'm kind of divided on it. I hope Apple fixes it because it's a significant privacy leak, but at the same time it's been useful for investigating criminals."
Meantime, breaking into a passcode-locked phone took him nearly an hour to demonstrate and required creating a custom firmware bundle, the report said. The issue is different from a security hole discovered last month that allowed people to get access to e-mail, text, and voice messages on password-protected phones.
Apple representatives did not respond to an e-mail seeking comment for this story.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.






That is the fundamental of the OSX/iPhone programming. I cannot believe it becomes news on CNET.
And no, the "cache" is in RAM, not on storage. Get over it, if a hacker can access the image, he can access the raw text data, which would be much more useful.
So, I suggest him to publish a report that Word load the document in memory and can be hacked, and suggest Microsoft not to load a document when loading a document....I am sure CNET will make it a front page story.
In other words - physical access ruled and still rules! :)
Eric Hanson was convicted for murdering his parents, largely on the evidence collected from his car GPS system which placed his vehicle near the scene of his parent?s murder at the time they were killed. This is going to be more and more common.
Heck even googling the issue brings up an article from the National Institute of Health talking about how GPS enabled phones can be used to track adolescent behavior and ?perhaps intervene to change health behavior?.
The benefits of technology cut both ways. Everyone should be wary of the fact that with great connective comes enhanced accountability .
Ben Bowers
Contributing Editor for Gear Patrol.
(www.gearpatrol.com)
1. this is no different than any Windows, Linux or Mac ... when files are deleted from storage (HD or SSD), they're only 'marked' as deleted; the data is still available until that part of the storage is written to again with different data
2. if storage _didn't_ work this way, users would _hate_ it -- they wouldn't be able to recover files they accidentally deleted with utility programs that do this
3. the iPhone SDK allows the developer to take a screen shot of the app, but the reason is so that users can launch the app and be brought right to where they were before if possible -- the app loads the screenshot it took while setting up the data structures to match it, so the user doesn't have to start over. Again -- if the SDK didn't allow this, users would complain.
4. the iPhone is not "recording everything users see and do on their devices" ... that's just sensationalist reporting. The camera is not always on, snapping away, the mic is not always recording, and the iPhone is not constantly sending all of your actions and results to some server in Cupertino somewhere.
I think that it is important to keep things in perspective. There is another device that almost everyone carries with them, that contains _loads_ of personal info, is usually _completely_ unsecured, and does not require any sort of hacking at all. It's called your wallet / purse. Would you blame the manufacturer of said wallet / purse if it was stolen and the thief accessed all of the data within it? Would you claim that said wallet / purse was 'insecure' and demand that the manufacturer fix the 'problem'?
We are all responsible for ourselves.
Regards,
John
-
by Dr_Manhattan
April 8, 2009 10:12 PM PDT
- CNet is worse than ladies gossiping about what Paris Hilton did the other day and who's going to win on Dancing With The Stars! And they know just about as much!
-
Reply to this comment
-
(9 Comments)