Exhibit A, Your iPhone (Updated)

Greg George at  GTI Advisors  asked yesterday whether  this happens in New York.

Michigan State Police have been using data extraction devices to collect information from the cell phones of motorists detained for minor traffic infractions.

The mobile forensics units made by CelleBrite have the ability to download the data stored on more than 3000 models of cell phone, and are capable of defeating password protection.

“Complete extraction of existing, hidden, and deleted phone data, including call history, text messages, contacts, images, and geotags. The Physical Analyzer allows visualization of both existing and deleted locations on Google Earth. In addition, location information from GPS devices and image geotags can be mapped on Google Maps,” a CelleBrite brochure claims.

Say what?  What possible legitimate basis could exist to “extract” cellphone data from motorists stopped for a traffic infraction.  If it’s happening in New York, I know nothing about it.  If it’s happening anywhere, it’s totally nuts.

The article Greg offered, from  Infosec Island, provides no information about the basis for Michigan cops to gain access to a motorists cellphone.  Clearly, stopping somebody for speeding confers no authority to seize a cellphone, no less extract data from it.  My assumption is that the cop asks, “mind if I take a look at your cellphone for a minute,” putting the motorist in the position of either acquiescing in this bizarre request or appearing to have something to hide.  People hate giving cops the impression they have something to hide, and will do pretty much anything to dispel it. The wrong tact to take, but it happens constantly.

The ACLU is challenging the Michigan conduct.

The American Civil Liberties Union (ACLU) first learned of the Michigan State Police program back in 2008, and filed official requests for documentation on the standards for using the CelleBrite devices.

The Michigan State Police replied they would be happy to release the information provided the ACLU pays a fee of more than $544,000 for the data, an amount the ACLU finds to be unreasonable.

Aside from the absurdity of this situation on all ends, what possible purpose could there be in seeking the “documentation on the standards?”  That such documentation could cost more than half a mil to reproduce is a joke, but what difference does it make.  Are there any standards that could make sense of this conduct?

But what’s the big deal, you ask?  Maybe you have some questionable pics in that phone, or the telephone numbers of your wide circle of friends.  So what?

How about a record of every place, every single place, that phone has ever been.  As my buddy, former FBI spybuster,  Eric O’Neill, notes, your iPhone does more than you think.

British security researchers have figured out that iPhones keep track of where their owners go, saving data to the device and uploading it to a user’s computer when the phone is synced with iTunes. The data includes the phone’s latitude and longitude and is timestamped to the second, all of which is recorded in a hidden file–which is very much not secure.

This could theoretically be useful for anyone interested in knowing where an iPhone owner spends his or her time — advertisers, employers, spouses, parents.

Michigan state police?

To be clear, such a snoop would need access to your phone or computer and a way to extract and refine the data. It is not sent to Apple nor any third parties, as far as the researchers can tell — it’s just stored on an individual user’s devices. But it is apparently not very difficult to extract the location data from a user’s computer.

Like, say, using the CelleBrite data extractor?

And nobody wants to appear uncooperative with the police, as if they have something to hide.  In Michigan, New York or anywhere else they sell iPhones.

Update:  And because the internet abhors a vacuum, meet the Untrackerd, designed to continuously delete your location history from your iPhone.  H/T to Ed. at Blawg Review, who moves around the continent with sufficient frequency that his iPhone had to add an extra half G just to keep up.

2 comments on “Exhibit A, Your iPhone (Updated)

  1. Joshua Langen

    I’d be interested in seeing the list of cell phone and GPS models that this thing works on. Makes me think harder about installing a remote-backup and wipe app on my phone.

Comments are closed.