NSA spies reportedly exploited iPhone location bug not fixed until 2011

The latest revelation about the National Security Agency's (NSA) expansive surveillance program isn't really a revelation at all. It comes from Germany's Der Spiegel magazine, which reports that smartphones powered by Apple's iOS, Google's Android, and Blackberry's operating systems are among the devices government spies exploit when they want to intercept a target's communications.

Buried in Monday's ho-hum report, however, is this intriguing nugget:

The NSA analysts are especially enthusiastic about the geolocation data stored in smartphones and many of their apps, data that enables them to determine a user's whereabouts at a given time.

According to one presentation, it was even possible to track a person's whereabouts over extended periods of time, until Apple eliminated this "error" with version 4.3.3 of its mobile operating system and restricted the memory to seven days.

The lack of specifics in the article makes it hard identify the iOS bug, but it sure sounds like the one a pair of researchers reported in April 2011. It allowed anyone with physical access to an iPhone or iPad, or potentially a data backup of the device, to reconstruct a detailed account of the user's comings and goings, often down to the second, over an extended period of time. The geolocation data was stored in an easy-to-read file that was updated in real time, putting users at increased risk should their devices, computers, or backups ever fall into the hands of a hacker or government snoop who knew about the undocumented behavior.

Read 4 remaining paragraphs | Comments