Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone Takes Screenshots of Everything You Do

Posted by kdawson on from the watchbird-is-watching-you dept.

The_AV8R writes "Jonathan Zdziarski showed that every time you press the Home button on your iPhone, a screen capture is taken in order to produce a visual effect. This image is then cached and later deleted. Zdziarski says that there have been cases of law enforcement looking up sex offenders' old data and checking recovered screenshots." This revelation occurred in the midst of a webcast on iPhone forensics, demonstrating how to bypass the iPhone's password security (not trivial, but doable). Video from the talk is not online yet but is promised soon over at O'Reilly.

6 of 225 comments (clear)

  1. Re:Pragmatic by Em+Ellel · · Score: 3, Informative

    It's pragmatic to not press the home button when doing home invasions or killing people, I guess.

    Although you are probably technically right, unless you are killing them with a scathing email, or nasty AC troll post - it is not likely that the home button will matter. It captures the screenshot of what is on your screen - not from the camera. (unless you happend to have the camera app on at the moment of course)

    -Em

    --
    RelevantElephants: A Somatic WebComic...
  2. Even the Author Doesn't Think It's News by Nuclear+Elephant · · Score: 5, Informative

    I _am_ Jonathan Zdziarski and even I don't understand why this is news.

    This was a side note I mentioned the other day, and has been something I've been grousing about for over a year. It's unnecessary, and a bit of a privacy leak that can be exploited by forensic examiners, but hardly news for the reasons already stated in the comments.

    1. Re:Even the Author Doesn't Think It's News by Nuclear+Elephant · · Score: 5, Informative

      To add one more comment to this, though, it's been inaccurately reported that this process takes an hour to complete. Well, the passcode breaking piece of the demonstration technically takes maybe 15-20 minutes for a trained pro to prepare, but once you've prepared the custom firmware payload, you can re-use it over and over again on different iPhones. The actual payload installation takes only 60 seconds, so someone who came along prepared would be able to break your passcode in 60 seconds - not an hour. With that said though, you still need to transmit the raw disk image to a desktop machine to access this data. That transfer can easily take 2-3 hours. This means that you're not going to have your personal data hijacked by simply placing the phone down for a moment, but if it were stolen or seized, it's most certainly easy to recover.

  3. Re:FUD by Nathrael · · Score: 3, Informative

    TFA = The f**king article. Comes from "RTFM"; usually, if someone tells you to RTFA, he means that you should read the Slashdot article as well as the off-site articles mentioned in it before posting something that is self-explanatory if you RTFA.

    --
    A good education is a bit like a STD - it makes you unsuitable for a lot of jobs and gives you a desire to spread it.
  4. Re:I've seen this... by brainiac+ghost1991 · · Score: 2, Informative

    no, that's the screenshot function the phone has, press power + home button and it takes a screenshot

  5. So what? by jrothwell97 · · Score: 3, Informative

    The phone swaps an image to the disk so it can later be used in compositing. It's nothing new you know. Virtual memory's been around for aeons, and looking through an unencrypted swapfile to find incriminating information isn't exactly new either.

    --
    Those using pirated Tinysoft signatures(TM) are a real threat to society and should all be thrown in jail.