Hacker Teaches iPhone Forensics To Police

Ponca City, We love you writes "The Mercury News reports that former hacker Jonathan Zdziarski has been tapped by law-enforcement agencies nationwide to teach them just how much information is stored in iPhones — and how to get it. 'These devices are people's companions today,' says Zdziarski. 'They're not mobile phones anymore. They organize people's lives. And if you're doing something criminal, something about it is probably going to go through that phone.' For example, every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it. Savvy law-enforcement agents armed with search warrants can use those snapshots to see if a suspect is lying about whereabouts during a crime."

Re:iPhone secret screenshots?

[Ethanol-fueled]

Haw. If you're gonna rob a bank or burglarize a home, why not do it in style?

Envision a crook trying to scream at the clerk to empty out the register while pausing to say, "Hold up, I gotta take this call..." Or instructing his getaway driver, "Turn left here....um, right here...oh, Mike just broke up with Jen...turn left here, exit 95..."

Compartmentalize, crooks. Compartmentalize.

your own personal lo-jack

[romanval]

You would think most criminals would know not to carry a cell phone at all, since the cell towers tracks and record their location at every moment.

Re:your own personal lo-jack

[MobileTatsu-NJG]

You would think most criminals would know not to carry a cell phone at all, since the cell towers tracks and record their location at every moment.

Criminals still get busted by leaving fingerprints.

Re:iPhone secret screenshots?

[auntieNeo]

"For example, every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it." - TFS What?

I'm guessing it does that because when it opens it wants to look just as spiffy as it looked when the user closed it, and it can't do that if it has to re-render the map from scratch.

Criminals usually aren't very smart

[Sycraft-fu]

Most smart people find other work for two reasons:

1) When you are smart, you have options. Smart is a talent people want, particularly practical smarts of the problem solving nature. So you find that when you have that, you have options of where to work and what to do. Makes crime less attractive.

2) Smart people can better understand the consequences for crime, and the likelihood of getting caught especially on repeated attempts. So even if crime is tempting, they don't do it because they are smart enough to think ahead and realize it isn't worth the risk over all.

Most criminals are just not that bright. A friend of mine has worked with the public defender's office and the stories he has of the stupid criminals they try to defend and just amazing. They get caught and busted by their own stupidity more than anything else. They love to run their mouths to the police, they never plan their crimes, etc, etc. More or less the only time they were able to get someone off the hook was when the police made a mistake. Otherwise, the criminals sunk themselves.

Re:Criminals usually aren't very smart

The really smart criminals just bribe the cops or even better just bribe the politicians to make what they are doing not illegal.

No, the really smart criminals are all WEARING the suits.

Re:Criminals usually aren't very smart

[Scrameustache]

Most criminals who get caught are just not that bright.

ftfy

Re:Criminals usually aren't very smart

[Sycraft-fu]

The problem is that when you do things over and over, you WILL get caught. Everyone fucks up every day, we all make mistakes. What this means is that when you keep committing crimes, the chances you will do something that will give you away approaches certainty. It is just near impossible to keep committing crimes and not get caught.

So sure, I suppose a smart person might commit a single crime and get away with it. However hard to get enough money from a single crime to make it worth doing as the only thing for your life.

Also the bigger the crime, the most heat it draws, the more it is scrutinized and the smaller the fuckup that can lead to you getting caught.

Re:Criminals usually aren't very smart

[shaitand]

"Most criminals are just not that bright. A friend of mine has worked with the public defender's office and the stories he has of the stupid criminals they try to defend and just amazing. They get caught and busted by their own stupidity more than anything else."

Most people are not that bright so it stands to reason most crooks aren't either. That said, has it ever occurred to you that your friend and most others in the justice system aren't catching many smart crooks because smart crooks aren't getting caught?

"So you find that when you have that, you have options of where to work and what to do. Makes crime less attractive."

Crime pays better than legit work. That makes crime more attractive. Most smart people choosing legit work today simply haven't found a smart opportunity for crime or don't have the guts. With a big enough payoff, small enough risk, and small enough amount of effort most people would be all over it.

"especially on repeated attempts"

That's a given. But there is no particular reason there needs to be repeated attempts.

Re:Criminals usually aren't very smart

[Sycraft-fu]

The more crimes you commit, the more people look for you. Despite your best efforts, you'll leave a signature and this'll get noticed. It may take time, but if you keep committing crimes you'll wind up on bigger and bigger radars, more people, at a higher level, will be looking for you.

Also there's no such thing as no risk crime. So you say ok just stick to property crime. Then it turns out your break in to a house that's wired. A silent alarm goes off, security company sees you on video. Before you know it, there are cops are private security guards outside. Or you break in to a supposedly empty house, but the home owner is home sick. He gets scared and shoots you. Or hell you just break in to a house and happen to wind up getting recorded by a webcam that some guy has set up to watch his cat. All that aside, there's the problem of monetizing what you steal, and then dealing with the money. Money can be tracked, and of course trying to avoid the people who might do the tracking (like the IRS) can also be tracked.

The more often you do it, the more likely. As I said, we all make mistakes. If you make a mistake when committing a crime, it may be your last.

Now if you want to try it, well go right ahead. However You'll get no sympathy out of me when it turns out that you weren't quite as clever as you thought, and some slip up finally was your undoing.

If you don't want to do it, well then that just kinda goes to my point doesn't it?

I think geeks romanticize the notion of a smart criminal because they like to think they could beat the cops. They think they are clever enough that, if they wanted to, they could be a mastermind criminal who never got caught. In response to that I'll point you to Hans Reiser, who was not nearly as clever as he wanted to think he was.

You are right, that your average traffic cop is probably not that intelligent. However that isn't all you face. There ARE plenty of very clever people in law enforcement. What's more, they are clever in the right areas. They know all about how to look for clues, how to spot patterns in behaviour, and how to trip someone up. Their profession is catching criminals and that leads to knowing a lot about it.

You also have the additional risk, that even if you are successful in something where it is difficult for the authorities to get at you, like say the drug lords (though if you follow such things they get arrested more often than you'd think), that is attractive to competition. Being that you are talking criminals, your competition may choose the expedient method of dealing with you by killing you. This happens in the drug trade often.

All in all it turns out to be a lot of risk for rewards that, if you are smart, are usually not that much better than what you can get legally. Hence, not so many smart crooks.

Re:Criminals usually aren't very smart

[Sycraft-fu]

My favourite was a guy who got busted stealing change out of newspaper machines. This was maybe 10 years ago. While more people bought the paper then as opposed to now, it still isn't what you'd call real brisk business, especially since they are cheap. What's more, those things are rather solidly built to withstand the rigors of being outside all the time. It took this guy a good amount of effort to get in to one, and he'd get a few bucks for his troubles. The cops said he literally could have made more per hour of work at McDonalds than doing this.

Re:Criminals usually aren't very smart

[Sycraft-fu]

Guess what? We've got a pretty good idea how many crimes are committed where people aren't caught. People tend to report crimes, especially big ones. Turns out there are not tons of profitable crimes begin committed where nobody is caught for it. Most of the stuff that goes unsolved is minor things, because it doesn't get much attention, and one off things, like crimes of passion. Go look it up, the US DOJ has all the stats you could want.

Also crime does not pay better than legit work in any significant way. A popular myth, but a myth. Steven Levitt did a great analysis on this that I encourage you to read. What people also think about when they talk about that is drug lords. You are right, the top drug lords make a lot of money... But then so do the top business executives and there are a LOT of those. The people at the top make a lot, this is true regardless of what you are talking about. However it also turns out the people at the bottom don't make much. The low skill people slinging drugs on the corner make shit.

There actually is a reason that there needs to be repeated attempts. Unless you commit a really profitable crime, you are going to need more money at some point. I mean suppose you want to maintain a lower middle class lifestyle. You say you want to be able to live like someone who makes $40,000 a year. To pull that off, you'd need to net about $2-2.5 million dollars to be able to pay your taxes on it (and you'd better pay taxes, lifestyle that doesn't match with taxes is a prime way people get caught) and save enough to live off of for the rest of your life. Well that's a hell of a lot to steal in one go, and you then have to be frugal. You have to live that $40k/year lifestyle, no living like a rich person. This is also assuming you could invest the money so that inflation didn't eat it up.

You want to live a high class lifestyle? Well that figure increases rather sharply. Turns out it just isn't easy to get that much money in a single incident. Goes double since most things you might think of would require multiple people, all of who want a piece of the action and each which is an additional risk.

Robbing a house or a bank won't do the trick, don't even talk about kidnapping for ransom (the FBI has closed 100% of kidnapping for ransom cases), drugs are a continuing operation, etc. Not easy to find that big haul that you can get at, get away with, and then live off of.

Re:Criminals usually aren't very smart

[shaitand]

"Guess what? We've got a pretty good idea how many crimes are committed where people aren't caught. People tend to report crimes, especially big ones."

That a rather large assertion without any support. I can't speak of all areas of crime, only 'cybercrime'. I can assure that most of this type of crime DOES NOT go reported regardless of size.

The reason is very simple. At this level both the robbed and the insurance company both have a great interest in making sure the event doesn't go public. That interest is greater than whatever help the police might provide. The insurance company has other clients who are likely vulnerable to the same thing. It is usually better to prevent others from finding out how to copycat than to stop this one guy. Especially if the guy is reported and not caught! The company robbed doesn't want to see a story about how they were attacked on MSNBC the next day. Their stock would plummet! Forget the company getting robbed, that would cost the CEO, VP's, and the board a lot of money on a personal level.

Your numbers about crime not being profitable run counter to common sense. The bulk of the things we outlaw are only called bad because they shift a large amount of wealth from one to another easily, consistently, and rapidly.

Also you pose this false dichotomy where one has to repeatedly take the same chance or else be able to live off a single event.

Five years ago it took 3hrs worth of work (but not time since you have to wait for mailings and such) to fake an identity get a few thousand in credit extended and convert that credit into cash. A reasonably intelligent person could figure out how to perform this task and make tracing and catching him meet the 'hard enough' threshold within an afternoon. That person could walk away with $5000. That is a pretty large chunk of cash for most of us.

The credit card company not only wouldn't report this but would fight with law enforcement in every way they legally could if law enforcement tried to investigate. Because of this if the 'victim' tries to report the crime the local police would say that interstate banking is the FBI problem. The FBI would tell her not to file the report because the card companies won't cooperate!

How do I know? I saw it first hand many times. If you did this enough the card companies would see a pattern and report you. They would cooperate. But if you were bright enough to stop at one or two times you could make $5k-$10k pretty much risk free.* Afterward you could continue your life the same as before but with a pretty substantial chunk, perhaps to invest for retirement. Perhaps for a child's college fund. Or maybe just to blow, it was free and easy money after all. As for taxes, $5k-$10k doesn't change a lifestyle and can easily be absorbed without having to pay the taxes as long as you don't deposit it all at once (or even at the same bank within a 3 month period, banks have to report large cash transactions over $5k or a suspicious combination of them).

* This is no longer the case. So many bright and unreported criminals did this that identity theft laws were lobbied for and put into place to make this more difficult.

Mobile phones have always been trackable.

[0x25]

This is just making it even easier than it already was.

If it was really necessary, it is possible to triangulate the location of your phone by determining which towers your phone was communicating with.

If your phone has a location feature, you'll notice that when you try to disable it you will be presented with the options "Location On" or "911 Only". There doesn't seem to be any way to completely disable this feature. At least this is the case on Motorola and Blackberry phones.

If you are concerned about someone being able to track your location via your cell phone, the safest way to ensure it won't happen is to pull the battery.

Gadgets are not trustworthy..

[xtal]

Nobody would ever be clever enough to generate false data.. for an iAlibi? ..or clever enough to hack into and plant incriminating evidence? (not that there's ever been a security breach!)

Re:iPhone secret screenshots?

[PNutts]

This is for the animation of screens opening and closing. This news is about two years old. It doesn't specifically call out the iPhone model so it may not apply to the newer ones with hardware encryption unless the book's been updated since 2008.

Re:More good resons for not buying a iPhone (iSpy)

[99BottlesOfBeerInMyF]

It is also illegal when your electronics spy on you. So in fact apple software breaks the law by taking a screen shot of the map application and storing it.

As far as I know, caching an image by the OS is not illegal in any jurisdiction. Taking an image and transmitting it to someone who is not the owner of the device, without their permission would be a problem in some jurisdictions. But then, that's not what anyone is claiming is happening.

Re:iPhone secret screenshots?

[Graff]

"For example, every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it." - TFS What?

It's called caching. When an iPhone application switches to another application it can quickly store an image of the app's current state. When the user switches back it displays that image while the real view is being built. That way the user gets an immediate view of the last state of the app rather than having to wait around for that state to be re-built.

Your desktop computer's web browser (and many other programs and devices) does the same thing, it stores data for quick access and responsiveness. You'd be surprised at just how many devices use this technique, the iPhone is far from the only device to cache data.

It's a smart technique but yeah, if you're committing crimes then too bad for you. I'd suggest that maybe you shouldn't be using ANY electronic device during a crime that you don't completely understand what data it sends and stores and how to deal with it before it becomes evidence.

WTF?

[Runaway1956]

Just WTF is a "former hacker"? That's like a "former scientist" or a "former student" or - - I suppose if you accept "hacking" to mean "criminal cretin living in his mother's basement breaks into email accounts and spreads bots around the internt" - then someone COULD be a "former hacker". A real hacker never stops hacking. It's more than a way of life - it's a way of thinking!

Re:WTF?

[Sycraft-fu]

The meanings of words change, deal with it. In popular usage, hacker means someone who does illegal things with computers. I don't care if that wasn't what it was supposed to me, that is what it means. You have to deal with that in terms of common usage.

Some other examples would be interference or acceleration. In the scientific context, interference just means something that changes a system. There is no positive or negative to it. However in popular usage, interference means messing with something to cause a bad result. Likewise acceleration is the process of changing speed or direction. You accelerate to a stop, or in a turn. However in popular usage it means to go faster, you decelerate to a stop.

It is silly to get all overly pedantic about it because it accomplishes nothing. You have to accept that languages are living things, and usages change.

Re:WTF?

[u17]

No, I think you mean GNU/Linus Torvalds!

Re:WTF?

[ScrewMaster]

The meanings of words change, deal with it. In popular usage, hacker means someone who does illegal things with computers. I don't care if that wasn't what it was supposed to me, that is what it means. You have to deal with that in terms of common usage.

The Hell I do. Every sub-group in a complex culture has its own terminology, its own private vocabulary, its own jargon. Doctors do, lawyers do, mechanics do, soldiers do, programmers do ... and I feel perfectly free to use the term "hacker" as it was originally intended when communicating with a group of largely like-minded individuals (like here, on Slashdot.) You either learn to communicate on our terms, or find another site that habitually uses the more common usage.

It is silly to get all overly pedantic about it because it accomplishes nothing. You have to accept that languages are living things, and usages change.

Sure it does, it accomplishes quite a lot, in fact. When people who regularly interact use certain words to mean certain things, to use as verbal shortcuts, it can enhance their communication. An outsider may find that confusing, but that's irrelevant ... either that person learns the jargon, or stays confused. In this case, you comprehend the true meaning of "hacker", but you just want all of us to use the corrupted popular term, one that you find more appealing.

Thing is, there's no reason whatsoever that we should. I will continue to use the term "hacker" to mean someone who lives, eats, and breathes technology, and is always trying to push the limit, to see if he can make another hacker who is at least as good as he himself is say, "Whoa. Now that is cool."

The popular media can go on about "evil" hackers trying to breaking into banks and classified military installations, but those of us who know better call such people what they are: criminals.

Re:More good resons for not buying a iPhone (iSpy)

[acedotcom]

one thing i have noticed is that google maps stores the voice cache right at the top of the SD card in its own folder. so anyone with an SD card reader can plug in your phone and listen to the voice prompts for your route. i am sure that it using the same kind of caching for screens....but you dont need to be a "hacker" to find the voice prompts.

Re:More good resons for not buying a iPhone (iSpy)

[phantomfive]

I'm not a lawyer, but as far as I can tell, those laws apply to remote data gathering, not storage on your own computing device. Otherwise every program that caches something would be illegal.

Statistics, motherfucker. Can you do it?

[Hognoxious]

.. he discusses the story of Christopher Langan, a man who ended up working on a horse farm in rural Missouri despite having an IQ of 195 (Einstein's was 150).[2] Gladwell points out that Langan has not reached a high level of success because of the environment he grew up in.

Do ALL people who work on horse farms have an IQ higher than Einstein's? Or is it just most of them? Or is he just basically a freak case that proves nothing?

I guess you grandfather smoked 80 cigarettes a day since he was 12 and he got run over by a truck one day short of his 120th birthday while training for a marathon.

Re:Real criminals use pre-paid phones

[SydShamino]

The people that were smashing car windows in our neighborhood were seen, and followed running back to their house in our neighborhood.

In my opinion learning to not hit your own neighborhood where you'll be recognized and followed on foot to our house is the first, basic thing to learn as a new criminal. Apparently that's too much for some people. Planning ahead so far as to coordinate your efforts with a throw-away phone is several steps down that list.

The iPhone is Not Your Friend

[Nom+du+Keyboard]

Your iPhone is clearly not your friend, and this isn't the only story about why today. It's the fink waiting to rat you out at the first opportunity. Go look up the new Safari html 5 database tracking that uniquely identifies you to advertisers. Until the phone comes with strong enough encryption to defeat this hacker in addition to remote wipe that truly wipes the phone, you shouldn't be sleeping too well at night, courtesy of Mr. Steve Jobs.

Re:The iPhone is Not Your Friend

[Super_Z]

Yes, because caching app data, inserting exif data in pictures, offering location service API to applications, storing SMS messages and storing browser history are unique to the iOS. As for "the new Safari html 5 database" storing unique IDs in Web SQL databases, this is a W3C specification also currently supported by Opera and Google Chrome. Not to forget that other browsers also stores unique IDs through flash-cookies.
Why do you think that other mobile OSs like Android does not suffer from the same "problems"? Perhaps it is your obvious Apple hate that clouds your reasoning?

Re:The iPhone is Not Your Friend

[CharlyFoxtrot]

So your Droid has whole disk encryption ? What makes you think you're invulnerable to this kind forensics ?

Re:The iPhone is Not Your Friend

[lordDallan]

Yes. And then you go to Settings->Safari->Databases and erase any databases you don't want to keep. Just like you clear out cookies you don't want. Cookies that allow "cookie tracking" that "uniquely identifies you to advertisers". From a "managing my private data on my iPhone" perspective, I happen to prefer the databases so far, because they are easier to identify and delete than cookies are.

Also, as far as I can see, the databases are based on sqlite, making it really nice for web developers to keep well-organized data client-side that they can retrieve using standard SQL queries embedded in javascript. I for one would rather have more of my data on my local device where I can easily(see above) delete it than stored out in the cloud. If having a good way to store more data in an organized fashion encourages developers (yes even "evil" ad developers) to store more of my data locally by making local storage more convenient and powerful for those developers, I'm all for that.

If you want to complain about something, complain that mobile Safari doesn't have a private browsing mode, meaning you have to manually delete cache/history/cookies/databases after any browsing you'd prefer to keep anonymous. That stinks IMHO.

Re:iPhone secret screenshots?

[BasilBrush]

You're both right. It only keeps one image - it's called Default.png. Yet it's possible multiple versions could be retrieved if the file's data blocks on the flash disk have not yet been overwritten by another file.

Point is: iPhone is doing nothing nefarious, secretive or underhand, as some here would love to imagine. Yet forensics could discover more than a person might first imagine.

Re:iPhone secret screenshots?

[w0mprat]

Crook: "Hold up, I gotta take this call..." *answers*... "Hello? I can't hear you you're breaking up. HELLO?"

Clerk: "You're not holding it right.. here let me show you"

Zombie Flash cookies and going deep

[AHuxley]

http://arstechnica.com/apple/news/2010/09/rldguid-tracking-cookies-in-safari-database-form.ars
I wonder how many will soon be tracked via Flash-based cookies and deep stored history options.
The Safari database seems to be an open and safe way to track a user via a normal 'ad' after a site visit.
Stop giving state task forces and feds signals intelligence via a next generation of toys in your pocket.
Go simple and swap any used device out asap.
Try a collection of dumb devices with no networking or life long databases.
Recall the Malcolm X script... "Don't never write nothing down ....
Cause if they can't find no [iphone] they ain't got no proof..."
The serial numbers, hidden databases, location services ect, almost makes you think someone really put thought into tracking.
Any ex CIA director's investment banks seed money linked to funding this stuff?

Re:iPhone secret screenshots?

[BasilBrush]

It's not an early morning and a lack of coffee that's not allowing you to explain yourself. It's the fact that you are voicing your hatred rather than a rational viewpoint. There absolutely nothing related to a walled garden here. It's a cache, pure and simple, and it's documented. Even free software uses caches.

Re:iPhone secret screenshots?

[Jeremi]

If he doesn't, then he deserves to get caught.

He deserves to get caught in any case, because he's a f*cking criminal.