iPhone makes great snitch for savvy cops

September 1, 2010 By Amber Hunt

Got an iPhone in your pocket? Then you might be storing even more personal information than you realize. And some of it could be used against you if you're ever charged with a crime.

A burgeoning field of forensic study deals with iPhones specifically because of their popularity, the demographics of those who own them and what the phone's technology records during its use.

experts said technology records a wealth of information that can be tapped more easily than BlackBerry and devices to help police learn where you've been, what you were doing there and whether you've got something to hide.

"Very, very few people have any idea how to actually remove data from their phone," said Sam Brothers, a cell-phone forensic researcher with U.S. Customs and Border Protection who teaches law-enforcement agents how to retrieve information from iPhones in criminal cases.

"It may look like everything's gone," he said. "But for anybody who's got a clue, retrieving that information is easy."

Two years ago, as iPhone sales skyrocketed, former hacker Jonathan Zdziarski decided law-enforcement agencies might need help retrieving data from the devices.

So he set out to write a 15-page, how-to manual that turned into a 144-page book ("iPhone Forensics," O'Reilly Media). That, in turn, led to Zdziarski being tapped by law-enforcement agencies nationwide to teach them just how much information is stored in iPhones -- and how that data can be gathered for evidence in criminal cases.

"These devices are people's companions today," said Zdziarski, 34, who lives in Maine. "They're not mobile phones anymore. They organize people's lives. And if you're doing something criminal, something about it is probably going to go through that phone."

It's an area of that's just beginning to explode, law-enforcement and cell phone experts said. Zdziarski said the focus of forensics recovery has been on the iPhone over other smartphones in large part because of its popularity.

An estimated 1.7 million people rushed to buy the latest iPhone version released in June. Before that, Apple had sold more than 50 million iPhones, according to company figures.

Although some high-stakes criminal cases have used cell phone towers to estimate a suspect or victim's whereabouts, few have laid out the information that iPhones have to offer. For example:

• Every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it. Savvy law-enforcement agents armed with search warrants could use those snapshots to see if a suspect is lying about whereabouts during a crime.

• iPhone photos are embedded with GEO tags and identifying information, meaning that photos posted online might not only include GPS coordinates of where the picture was taken, but also the serial number of the phone that took it.

• Even more information is stored by the applications themselves, including the user's browser history. That data is meant in part to direct custom-tailored advertisements to the user, but experts said that some of it could prove useful to police.

Clearing out user histories isn't enough to clean the device of that data, said John B. Minor, a communications expert and member of the International Society of Forensic Computer Examiners who has written articles for law enforcement about iPhone evidence.

"With the iPhone, even if it's in the deleted bin, it may still be in the database," Minor said. "Much is contained deep within the phone."

Some of that usable data is in screenshots.

Just as users can take and store a picture of their iPhone's screen, the phone itself automatically shoots and stores hundreds of such images as people close out one application to use another.

"Those screen snapshots can contain images of e-mails or proof of activities that might be inculpatory, or exculpatory," Minor said.

Most iPhone users agree to let the device locate them so they can use fully the phone's mapping functions, as well as various global positioning system applications.

The free application Urbanspoon is primarily designed to help users locate nearby restaurants. Yet the data stored there might not only help police pinpoint where a victim was shortly before dying, but it also might lead to the restaurant that served the victim's last meal.

"Most people enable the location services because they want the benefits of the applications," Minor said. "What they don't know is that it's recording your GPS coordinates."

Bill Cataldo, an assistant Macomb County, Mich., prosecutor who heads the office's homicide unit, said iPhones are treated more like small computers than mobile phones.

"People are keeping a tremendous amount of information on there," he said.

Cataldo said he has found phone call histories and text messages most useful in homicide cases. But Zdziarski, who has helped federal and state law-enforcement agencies gather evidence, said those elements are just scratching the surface when it comes to the information police and prosecutors soon will start pulling from iPhones.

"There are some terrorists out there who obtained some information about a network from an iPhone," he said.

Sam Brothers, who works for U.S. Customs and Border Protection and helps train law-enforcement agencies about cell phone forensics, said he also has testified in state and federal cases about data he has retrieved from iPhones.

Although he can't comment about specific cases, he provided a hypothetical case:

"Let's say you have a gang and somebody's killed a gang member on the street," he said. "The killer takes a picture on his iPhone. ... We as law enforcement may retrieve that image and might have proof not only of the death, but the time of death."

Even people who don't take pictures or leave GPS coordinates behind often unwittingly leave other trails, Zdziarski said.

"Like the keyboard cache," he said. "The iPhone logs everything that you type in to learn autocorrect" so that it can correct a user's typing mistakes.

Apple doesn't store that cache very securely, Zdziarski contended, so someone with know-how could recover months of typing in the order in which it was typed, even if the e-mail or text it was part of has long since been deleted.

Apple did not return phone calls or an e-mail seeking comment for this story.

Adam Gershowitz, who teaches criminal procedure at the University of Houston Law Center, said the new technology brings with it concerns about privacy -- especially when it comes to whether investigators have the right to search someone's iPhone after an arrest.

So far, the courts have treated mobile phones like a within-reach container that police can search the same way they can check items in a glove box or cigarette pack, Gershowitz said, though the Ohio Supreme Court in 2009 ruled to bar warrantless searches of data.

That case is being appealed to the U.S. Supreme Court.

"Phones are regular tools of the drug trade," Gershowitz said. As police become more familiar with iPhones, they become more adept at flipping through photos, map searches and text messages as they look for evidence.

Zdziarski said some examiners are afraid to touch iPhones because of privacy concerns.

"I personally will never work on civil cases," he said, adding that when he advises law-enforcement agencies about obtaining search warrants for iPhones, he instructs them to add iPhone-specific language to the warrant.

But, he said, as iPhones appear to keep selling in record numbers, law enforcement appears poised to keep up.

"It's no longer about a list of phone numbers and maybe a couple of pictures," Zdziarski said. "You're talking about data that can travel back a year or longer. That's useful to law enforcement."

Explore further: Vodafone to sell iPhone in Britain

2 shares

Related Stories

Vodafone to sell iPhone in Britain

September 28, 2009

Vodafone on Tuesday became the latest mobile phone operator to announce it will begin selling iPhones in Britain following the expiry of O2's exclusive deal with Apple.

Apple 'stunned' to find iPhones show too many bars

July 2, 2010

(AP) -- Apple Inc. said Friday that it was "stunned" to find that its iPhones have for years been using a "totally wrong" formula to determine how many bars of signal strength they are getting.

No guy-in-a-bar iPhone story in Vietnam

May 13, 2010

(AP) -- This time it's not a crazy story about a guy who left a phone in a Silicon Valley bar. The latest clamor over a possible next-generation iPhone prototype has erupted in an unlikely place - Vietnam.

Recommended for you

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

9 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

Arikin
5 / 5 (1) Sep 01, 2010
Investigators should also be required to retrieve the data in a pre-determined method that ensures validity of where and when the data was taken from. Otherwise, I could fake any of that data.

So, does this mean that criminals will carry a clean phone before doing a "job"? A phone used in another part of the city and just power it off (shutdown) before heading off?
trekgeek1
5 / 5 (2) Sep 02, 2010
You can bet someone will develop a "core dump" app or something like that. One touch, delete everything on the phone and reset to factory defaults. At least for the Android systems, Apple may not approve it.
alq131
not rated yet Sep 02, 2010
could the difference between the iPhone and Blackberry be that Apple is a US company subject to different laws than RIM? Encryption has typically been an export controlled item which limits US developers on how much encryption they can use if a product has the potential of being shipped overseas. RIM is Canadian and would be subject to different laws. Does anyone know if and why BB might be more secure?
Arkaleus
1.8 / 5 (5) Sep 02, 2010
So we see the evolving symbiosis between corporate profits and government prosecution grow even greater. Soon the two will fuse into a new order of power, where government force is used to insure corporate profits, and vica versa. Your life, from the very beginning, will be for the purposes of the state and the profits of the governing corporations. Civil rights will become "consumer rights" and your identity will be defined by your economic properties.

Instead of the people creating a representative government, the people will "consume" government services, which will not be refundable if defective. There will be private profits for the governors of the corporations, but the costs of capital will be born by the public.
gurloc
3.8 / 5 (5) Sep 02, 2010
The Blackberry was designed as a secure device from the ground up, with business and government being the original target users. The iPhone was designed as a consumer product where security wasn't a real consideration.

Apple also couldn't create a secure device if their lives depended on it, they are years behind Microsoft when it comes to security issues. The only thing that has kept them safe is that they havn't had a large enough market share to make it worthwhile for organized crime to target Apple products.
Slim934
3.7 / 5 (3) Sep 02, 2010
To Arkaleus:

Where have you been? Governments have been doing that for centuries.

We also have had this "consumption" of government services as you call it. They are called public-private partnerships. Just look at Fannie Mae & Freddie Mac; Privatized profits and socialized losses.
otto1932
5 / 5 (1) Sep 02, 2010
Your life, from the very beginning, will be for the purposes of the state and the profits of the governing corporations.
Correct. And the Purpose of the state and the corporation profits are to ensure the overall Stability and Progress of the civilization which they participate in.

This is what they were Designed for; this is how they were intended to Function. Without them in their current Forms, civilization would stagnate and collapse as it so often has in the distant past.

You think the Equation is brutal, but the alternative would be far far worse.
Your life
-and the lives of all individuals have always been constrained; by wholly natural external forces, by the collective needs of the community, by the ravages of time, and by the physical requirements of the container you inhabit. You can attempt to ignore any of these in order to be 'free', at your own peril.

Technology, provided by the System, is gradually freeing individuals from all of them. Cant wait?
otto1932
5 / 5 (1) Sep 02, 2010
Instead of the people creating a representative government, the people will "consume" government services
If the people were ever allowed to govern by representation, they would end up consuming themselves and imperiling civilization, as they always have. Better to settle for the illusion.
pubwvj
5 / 5 (1) Sep 05, 2010
Marry your iPhone so it can't testify against you.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.