Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone Takes Screenshots of Everything You Do

Posted by kdawson on from the watchbird-is-watching-you dept.

The_AV8R writes "Jonathan Zdziarski showed that every time you press the Home button on your iPhone, a screen capture is taken in order to produce a visual effect. This image is then cached and later deleted. Zdziarski says that there have been cases of law enforcement looking up sex offenders' old data and checking recovered screenshots." This revelation occurred in the midst of a webcast on iPhone forensics, demonstrating how to bypass the iPhone's password security (not trivial, but doable). Video from the talk is not online yet but is promised soon over at O'Reilly.

20 of 225 comments (clear)

  1. FUD by Ethanol-fueled · · Score: 4, Funny
    From TFA:

    Therefore, forensics experts have used this security flaw to successfully nab criminals who have been accused of rape, murder or drug deals, Zdziarski said.

    iPhone: the tool of choice for rapists, murders, and drug dealers!

    Joking aside, the article is puzzling and it reeks of FUD: if the iCrooks were bad enough to get the authorities to actively track and sieze their data then they deserve to be caught for being too stoopid to buy disposable phones in cash from 7-11. Even Johnny dormroom pot- dealer knows that!

    1. Re:FUD by wild_quinine · · Score: 4, Funny

      Joking aside, the article is puzzling and it reeks of FUD:

      Apple FUD on slashdot? Maybe the LHC is gearing up for armageddon after all.

    2. Re:FUD by djh101010 · · Score: 4, Funny

      Sorry, LSD, this is the apple-hating thread, not the rant-about-wasting-jail-space-on-potheads thread.

    3. Re:FUD by Hognoxious · · Score: 4, Funny

      Off-topic but yes, possessing drugs does make you a crook

      Or a pharmacist.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    4. Re:FUD by neoform · · Score: 4, Funny

      Alls I heard was "I love apple" and "I'm a huge fanboy"..

      --
      MABASPLOOM!
  2. Malfeasance handbook by ColdWetDog · · Score: 4, Insightful

    Item 1:

    Smart crooks use dumb (disposable) phones.
    Dumb crooks use smart phones.

    --
    Faster! Faster! Faster would be better!
  3. Just out of curiosity... by AndyG314 · · Score: 4, Funny

    What type of incriminating things are sex ofenders doing with their iPhones.

    --
    If it's dead, you killed it.
    1. Re:Just out of curiosity... by Fx.Dr · · Score: 5, Funny

      I believe it has something to do with multi-touch.

  4. Re:It's nice to know by mmkkbb · · Score: 5, Interesting

    Errr, it's not phoning these screenshots home. You must have a problem with .bash_history too, right? Caching your keystrokes! OMG!

    --
    -mkb
  5. Pragmatic by mfh · · Score: 4, Funny

    It's pragmatic to not press the home button when doing home invasions or killing people, I guess.

    --
    The dangers of knowledge trigger emotional distress in human beings.
  6. What's the problem by KasperMeerts · · Score: 5, Interesting

    So it takes a screenshot for some effect? Is there even a way to do this without taking a screenshot? A way that is easy enough to be performed on a smartphone?

    And what did you expect from Apple? That every bit of data that was discarded is overwritten ten times? Jeez, I enjoy bashing big companies as much as the other guy but now they're looking too far. Remember, it also saves your web history, every picture you took, every file you opened everything you did somewhere...

    --
    As long as there are slaughterhouses, there will be battlefields.
  7. And this just in! by Artraze · · Score: 5, Funny

    It turns out that you browser will store all the information needed to recreate the web pages you visit! Not just a screenshot! This critical flaw appears to have present for years in all known browsers! The end is near!

    Seriously? Come on. I know ./ likes to post anything related to the iPhone, especially if it involves "spying", but this is pretty uninteresting. Security is traded for speed and features on a daily basis, including places where do so presents a major risk (*cough*Outlook). This is really not too surprising since it trades at most a little privacy in exchange for a neat effect; what would you expect Apple's iCandy to do?

    1. Re:And this just in! by venicebeach · · Score: 5, Funny

      It's even worse than that, the iPhone keeps copies of all your emails, and records phone numbers you have called as well as keeping a database of all your personal contacts!!! The thing is a 5 ounce privacy invasion machine!

  8. Re:It's nice to know by Subliminalbits · · Score: 5, Funny

    Don't forget the page file. The horror; your computer is constantly taking screen shots of your applications ram and storing them on the hard drive!

  9. Re:Makes you wonder.... by ByOhTek · · Score: 5, Insightful

    it makes me wonder why there is no 'badtitle' tag.

    It doesn't take a screenshot of everything you do, just when you hit the home button.

    --
    Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
  10. Re:It's nice to know by Firehed · · Score: 4, Insightful

    Sure, if you overwrite your firmware (jailbreak), enable SSH access to the phone, and then NOT change your root password. Quite frankly, you deserve it at that point.

    Sounds like yet another sensationalist (and completely inaccurate) headline pointing to a non-story. Unless some pervert is hits the home button while trying to take a (crappy, borderline-useless unless it's being done in full daylight) picture of himself raping a kid, AND law enforcement not only knows to look for this cached file, I don't really see this being an issue. I suppose it could possibly be used as supplemental evidence when a case is being built up, but the actual AIM chat logs, sent emails, phone call history (all of which are far more accessible) and such would be far more potentially incriminating.

    --
    How are sites slashdotted when nobody reads TFAs?
  11. Even the Author Doesn't Think It's News by Nuclear+Elephant · · Score: 5, Informative

    I _am_ Jonathan Zdziarski and even I don't understand why this is news.

    This was a side note I mentioned the other day, and has been something I've been grousing about for over a year. It's unnecessary, and a bit of a privacy leak that can be exploited by forensic examiners, but hardly news for the reasons already stated in the comments.

    1. Re:Even the Author Doesn't Think It's News by Rob+T+Firefly · · Score: 4, Funny

      I _am_ Jonathan Zdziarski

      No, I'm Jonathan Zdziarski!

      --
      Slashdot Burying Stories About Slashdot Media Owned
    2. Re:Even the Author Doesn't Think It's News by Inda · · Score: 4, Funny

      No, I am Jonathan Zdziarski.

      --
      This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
    3. Re:Even the Author Doesn't Think It's News by Nuclear+Elephant · · Score: 5, Informative

      To add one more comment to this, though, it's been inaccurately reported that this process takes an hour to complete. Well, the passcode breaking piece of the demonstration technically takes maybe 15-20 minutes for a trained pro to prepare, but once you've prepared the custom firmware payload, you can re-use it over and over again on different iPhones. The actual payload installation takes only 60 seconds, so someone who came along prepared would be able to break your passcode in 60 seconds - not an hour. With that said though, you still need to transmit the raw disk image to a desktop machine to access this data. That transfer can easily take 2-3 hours. This means that you're not going to have your personal data hijacked by simply placing the phone down for a moment, but if it were stolen or seized, it's most certainly easy to recover.