Slashdot Mirror
iPhone Takes Screenshots of Everything You Do
The_AV8R writes "Jonathan Zdziarski showed that every time you press the Home button on your iPhone, a screen capture is taken in order to produce a visual effect. This image is then cached and later deleted. Zdziarski says that there have been cases of law enforcement looking up sex offenders' old data and checking recovered screenshots." This revelation occurred in the midst of a webcast on iPhone forensics, demonstrating how to bypass the iPhone's password security (not trivial, but doable). Video from the talk is not online yet but is promised soon over at O'Reilly.
Therefore, forensics experts have used this security flaw to successfully nab criminals who have been accused of rape, murder or drug deals, Zdziarski said.
iPhone: the tool of choice for rapists, murders, and drug dealers!
Joking aside, the article is puzzling and it reeks of FUD: if the iCrooks were bad enough to get the authorities to actively track and sieze their data then they deserve to be caught for being too stoopid to buy disposable phones in cash from 7-11. Even Johnny dormroom pot- dealer knows that!
Item 1:
Smart crooks use dumb (disposable) phones.
Dumb crooks use smart phones.
Faster! Faster! Faster would be better!
What type of incriminating things are sex ofenders doing with their iPhones.
If it's dead, you killed it.
Errr, it's not phoning these screenshots home. You must have a problem with .bash_history too, right? Caching your keystrokes! OMG!
-mkb
Sorry to diverge from the screenshot topic but does anyone know if Mr. Zdziarski will demonstrating how to hack the just released 2.1 firmware? Or is a previous version that (may have) been patched? This seems much more significant than being able to see (via a screenshot) what the last user action was.
As for the screenshot, hmm... well at least it doesn't seem to be a deliberate attempt by Apple to get more info on the user. Also, it seems pretty difficult to get these screenshots (since they are automatically deleted according to the article you have to find and undelete them). Doesn't sound like a trivial or reliable way to snoop on people. Still I guess a security flaw is a flaw so be aware!
It's pragmatic to not press the home button when doing home invasions or killing people, I guess.
The dangers of knowledge trigger emotional distress in human beings.
Give the concerned users an option of turning off the "shrinking screenshot" animation that occurs when the Home button is pressed (which is why the screenshot is cached in the first place).
So it takes a screenshot for some effect? Is there even a way to do this without taking a screenshot? A way that is easy enough to be performed on a smartphone?
And what did you expect from Apple? That every bit of data that was discarded is overwritten ten times? Jeez, I enjoy bashing big companies as much as the other guy but now they're looking too far. Remember, it also saves your web history, every picture you took, every file you opened everything you did somewhere...
As long as there are slaughterhouses, there will be battlefields.
It turns out that you browser will store all the information needed to recreate the web pages you visit! Not just a screenshot! This critical flaw appears to have present for years in all known browsers! The end is near!
Seriously? Come on. I know ./ likes to post anything related to the iPhone, especially if it involves "spying", but this is pretty uninteresting. Security is traded for speed and features on a daily basis, including places where do so presents a major risk (*cough*Outlook). This is really not too surprising since it trades at most a little privacy in exchange for a neat effect; what would you expect Apple's iCandy to do?
Well, apparently, from TFA it is cached on disk (flash, whatever). That's my question, hy not just create it directly into RAM and release it after the effect? What purpose is there to saving the screenshot beyond the second or so it takes to show the animation?
It's trivial to disable logging to .bash_history. What about for this?
Tag this article as fud, because that's what it is. Any excuse to bash apple and/or iphone.. Really, if we're going to get upset about this, let's get upset about browser caching, cookies, history.. etc etc
Errr, it's not phoning these screenshots home. You must have a problem with .bash_history too, right? Caching your keystrokes! OMG!
In all fairness, if his account password "alpine" is posted all over the internet, looking into his .bash_history IS a pretty damn good way of spying on him. (Granted, there are bigger issues in this scenario.)
-Em
RelevantElephants: A Somatic WebComic...
Don't forget the page file. The horror; your computer is constantly taking screen shots of your applications ram and storing them on the hard drive!
it makes me wonder why there is no 'badtitle' tag.
It doesn't take a screenshot of everything you do, just when you hit the home button.
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
It makes me wonder what parental unit is stupid enough to give their kid an iPhone
"Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
Sure, if you overwrite your firmware (jailbreak), enable SSH access to the phone, and then NOT change your root password. Quite frankly, you deserve it at that point.
Sounds like yet another sensationalist (and completely inaccurate) headline pointing to a non-story. Unless some pervert is hits the home button while trying to take a (crappy, borderline-useless unless it's being done in full daylight) picture of himself raping a kid, AND law enforcement not only knows to look for this cached file, I don't really see this being an issue. I suppose it could possibly be used as supplemental evidence when a case is being built up, but the actual AIM chat logs, sent emails, phone call history (all of which are far more accessible) and such would be far more potentially incriminating.
How are sites slashdotted when nobody reads TFAs?
I _am_ Jonathan Zdziarski and even I don't understand why this is news.
This was a side note I mentioned the other day, and has been something I've been grousing about for over a year. It's unnecessary, and a bit of a privacy leak that can be exploited by forensic examiners, but hardly news for the reasons already stated in the comments.
You must have a problem with .bash_history too, right? Caching your keystrokes! OMG!
I don't much like .bash_history, so I usually do this:
$ rm .bash_history /dev/null .bash_history
$ ln -s
Can I do something similar with the iPhone? Better not to have to think about it, even if it isn't incriminating.
Benjamin Franklin was talking about exactly this when he said:
"They who can give up essential privacy to obtain a little temporary eye-candy, deserve neither privacy nor eye-candy."
That man was way ahead of his time.
-V-
Who can decide a priori? Nobody.
-Sartre
I had a glitch occur that put one of these screen shots in my photos collection. I was wondering what kind of glitch would have generated a screenshot. Now that is partially explained.
It really is no surprise that someone with the screename "lysergic acid" takes issue with being a crook because of illegal drug possession, but how the fuck did this get modded up?
YES possessing illegal drugs makes one a crook. Deal with it, because it's reality. I really don't see how an intelligent person could openly wonder how doing the very thing that makes one a crook could cause one to be called a crook.
Now, you can argue over whether you should be a crook, but that's not what was done here.
Second, save the vacuous "alcohol" argument. I'll wager anything you want that in a random survey, the majority of respondents will indeed say alcohol is a drug, so I don't know who you think is deluding themselves besides you.
Next, why are you even bringing up alcohol? If you want to decriminalize drugs, then make the case. Aim for what you want, and save the attempts at drawing equivalence. Saying "a drug that is easily and readily available does more damamge than drugs that are much more rare and difficult to obtain" isn't much of a point outside of a smoke filled dorm room.
To quote LongNoi "QZTR was right and won't leave me alone because I called him a moron when I was wrong" FYS
If I lived in a house with all of that screaming, I'd probably be violent, too.....
Layne
I wrote a little app to fill the cache with screenshots of the IRS web pages. Anyone tries to investigate me, they'll have to carefully examine Publication 936, the instructions for Schedule F1, the guidelines for reporting "nanny" wages, and the like. Even if they aren't literally bored to death, they definitely won't want to look any further.
You can with the iBeer app.
(sorry, I tried to find the link)
No. Not more trivial than walking down to the store.
In fact, it would take a particularly ignorant, intentionally disingenuous person to argue that getting pot is anywhere near as easy as getting booze.
Next, the reason people think pot is a gateway drug is the same reason people think running around in the cold causes the flu (I SAID FLU THERE PEDANTS, SO FUCK OFF). they're ignorant and are repeating bullshit they've had drilled into them.
It of course never occurs to you people that it may in fact have nothing to do with the drug and simply be a consequence of well ingrained patterns of behavior that lead to drug taking.
No way!
Last, I don't need to "know where to look" for booze, as they have whole stores devoted to it. I could even ask someone I don't know while I'm passing them on the street.
In short, everything you said is wrong.
To quote LongNoi "QZTR was right and won't leave me alone because I called him a moron when I was wrong" FYS
OSX also does that little shrinking animation when you minimize a window. I wonder if the same flaw is in OSX?
Young kids tend to love the built in camera, especially using it with the Photobooth application. The Grandparents love video-chat with the grandkids. Everybody in-between in age thinks it's a waste of money.
I've used the built-in camera in my Macbook exactly once so far.
Or iPint which is a free app
EA David Gardner -"... but the consumers have proven that actually what they want is fun."
The phone swaps an image to the disk so it can later be used in compositing. It's nothing new you know. Virtual memory's been around for aeons, and looking through an unencrypted swapfile to find incriminating information isn't exactly new either.
Those using pirated Tinysoft signatures(TM) are a real threat to society and should all be thrown in jail.
Just curious...why would you think it stupid for a parent to get a kid an iPhone? That way they'd be giving them an iPod and phone in one fell swoop.
Hell, when I was a teen.....I was working, and if they had them in my day...I'd have bought my own.
But really....are you saying buying a phone in general for a kid is stupid or just if it is an iPhone that is stupid?
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
You'll no doubt be shocked to learn that even though you might empty your Recycle Bin there are some thing that anyone with physical access to your computer MAY be able to recover.
Thank you, that's the point. I DO know that about files *I* create and *I* delete and I can delete them securely if I choose to. What I did NOT know is that something is capturing screenshots of what I am doing and saving them without my knowledge. Generally this sort of a behavior is reserved for spyware, rootkits and other malware. I realize it is not intended as such, but neither was the Sony DRM rootkit a while back.
I would guess most people would have an issue to have a keylogger installed on their computers. This is no different..
(the word may is in all caps for the imbeciles reading, and because some of us are unable to detect when we are being patronizing)
Ok, but there MAY be something vaguely self-referential about that....
-Em
RelevantElephants: A Somatic WebComic...
This fool doesn't even present any evidence that this 'screenshot' is -ever- even written to storage. Sure, it has to be in RAM to be shown zooming away, but the same thing applies to showing anything on the screen at all. Just because it saves processing power to capture an image instead of zooming the live app like OS X does, doesn't imply that the image ever leaves volatile RAM.
- written from my iphone.
I can see a situation in which a phone *might* make sense (kid works a late shift, has an unreliable car, etc... But I cant see the wisdom in getting a kid the iPhone or any other upper level phone. If a kid works and uses their own money thats all well and good but its way to much to give a kid because 'they need one'.
"Ahh! Arrogance and stupidity in the same package, how efficient of you!" --Londo Molari
Jealous of what, exactly? Kids sending SMS text at 100s the cost of an email, or simple IM? People paying hundreds of bucks to set themselves up for locked-in contracts?
I've been an Apple client since 1979. You want to know what pisses me off? Apple turning into a fucking toy company, and incrementally destroying NeXTSTEP. Apple spending time on bullshit iPhone screenshot shit, and hanging on to the HFS+ file system, which is actually incompatible with their lousy OS. Leopard is nothing but a resource-hungry POS.
I ride the bus and Light Rail, here in Minneapolis. I hear the ringtones and sometimes I glance around and every kid and person of color on the whole bus is playing Tetris, or fiddling with their fucking phones. When I see the voting returns, the top 10 TV shows by viewership and the voracious appetite in America for 'subjective' dispute of scientific facts, it's no wonder the country has reached a point where every successive 'decision' brings them closer to their own private armageddon. These people are wasting their fucking time on bullshit. Apple knows this, so yes, they pander to people with more money than brains.
And just so there's no mistake, my last four PowerBooks, and three Apple desktops, were gifts from my happy clients. Apple hasn't seen a nickel (outside of ONE recently-purchased keyboard), from me, since '94. And if Adobe ever ports to Linux, that's it for me, sayonara toy company, and back to work.
Trolling much?