iPhone Takes Screenshots of Everything You Do

The_AV8R writes "Jonathan Zdziarski showed that every time you press the Home button on your iPhone, a screen capture is taken in order to produce a visual effect. This image is then cached and later deleted. Zdziarski says that there have been cases of law enforcement looking up sex offenders' old data and checking recovered screenshots." This revelation occurred in the midst of a webcast on iPhone forensics, demonstrating how to bypass the iPhone's password security (not trivial, but doable). Video from the talk is not online yet but is promised soon over at O'Reilly.

FUD

[Ethanol-fueled (1125189)]

From TFA:

Therefore, forensics experts have used this security flaw to successfully nab criminals who have been accused of rape, murder or drug deals, Zdziarski said.

iPhone: the tool of choice for rapists, murders, and drug dealers!

Joking aside, the article is puzzling and it reeks of FUD: if the iCrooks were bad enough to get the authorities to actively track and sieze their data then they deserve to be caught for being too stoopid to buy disposable phones in cash from 7-11. Even Johnny dormroom pot- dealer knows that!

Malfeasance handbook

[ColdWetDog (752185)]

Item 1:

Smart crooks use dumb (disposable) phones.
Dumb crooks use smart phones.

Re:FUD

[wild_quinine (998562)]

Joking aside, the article is puzzling and it reeks of FUD:

Apple FUD on slashdot? Maybe the LHC is gearing up for armageddon after all.

Re:FUD

[neoform (551705)]

Alls I heard was "I love apple" and "I'm a huge fanboy"..

Re:

[Otter (3800)]

I'm skeptical that real crimes, particularly murders, have been solved that way, with evidence presented in court, and it's never made the news.

Re:

[Colonel Korn (1258968)]

From TFA:

Therefore, forensics experts have used this security flaw to successfully

nab criminals who have been accused of rape, murder or drug deals, Zdziarski said.

iPhone: the tool of choice for rapists, murders, and drug dealers!

Joking aside, the article is puzzling and it reeks of FUD: if the iCrooks were bad enough to

get the authorities to actively track and sieze their data then they deserve to be caught

for being too stoopid to buy disposable phones in cash from 7-11. Even Johnny dormroom pot-

dealer knows that!

FUD doesn't mean what you think it means.

Re:FUD

[djh101010 (656795)]

Sorry, LSD, this is the apple-hating thread, not the rant-about-wasting-jail-space-on-potheads thread.

Re:FUD

[Hognoxious (631665)]

Off-topic but yes, possessing drugs does make you a crook

Or a pharmacist.

Re:

[Mister Whirly (964219)]

Not as delusional as "These addictive drugs are legal because johnny law-man says so, but johnny law-man doesn't get money from lobbyists for this drug so therefore it is illegal." and using that as an absolute argument. The fact a law exists doesn't make a discussion about it irrelevant, especially when it is a stupid law proven to fail.

And BTW the dictionary.com definition of "crook" says nothing about simple law breakers. The closest it comes is "a dishonest person, esp. a sharper, swindler, or thief."

Re:

[amRadioHed (463061)]

And since by that reasoning the only reason cannabis acts as a gateway is because it's illegal. Legalize it and there goes your supposed gateway drug effect.

Re:

[stewbacca (1033764)]

Yes, caffeine. The recreation drug of choice. I can't wait for my next caffeine party. Maybe I'll go tailgating at the football game today and get hepped up on coffee!

Re:

[Nathrael (1251426)]

TFA = The f**king article. Comes from "RTFM"; usually, if someone tells you to RTFA, he means that you should read the Slashdot article as well as the off-site articles mentioned in it before posting something that is self-explanatory if you RTFA.

Just out of curiosity...

[AndyG314 (760442)]

What type of incriminating things are sex ofenders doing with their iPhones.

Re:Just out of curiosity...

[Fx.Dr (915071)]

I believe it has something to do with multi-touch.

Anybody know if he was hacking 2.1?

[wisebabo (638845)]

Sorry to diverge from the screenshot topic but does anyone know if Mr. Zdziarski will demonstrating how to hack the just released 2.1 firmware? Or is a previous version that (may have) been patched? This seems much more significant than being able to see (via a screenshot) what the last user action was.

As for the screenshot, hmm... well at least it doesn't seem to be a deliberate attempt by Apple to get more info on the user. Also, it seems pretty difficult to get these screenshots (since they are automatically deleted according to the article you have to find and undelete them). Doesn't sound like a trivial or reliable way to snoop on people. Still I guess a security flaw is a flaw so be aware!

Pragmatic

[mfh (56)]

It's pragmatic to not press the home button when doing home invasions or killing people, I guess.

Re:Pragmatic

[Em Ellel (523581)]

It's pragmatic to not press the home button when doing home invasions or killing people, I guess.

Although you are probably technically right, unless you are killing them with a scathing email, or nasty AC troll post - it is not likely that the home button will matter. It captures the screenshot of what is on your screen - not from the camera. (unless you happend to have the camera app on at the moment of course)

-Em

simple fix for Apple

[RJBeery (956252)]

Give the concerned users an option of turning off the "shrinking screenshot" animation that occurs when the Home button is pressed (which is why the screenshot is cached in the first place).

Re:

[D'Sphitz (699604)]

Well, apparently, from TFA it is cached on disk (flash, whatever). That's my question, hy not just create it directly into RAM and release it after the effect? What purpose is there to saving the screenshot beyond the second or so it takes to show the animation?

What's the problem

[KasperMeerts (1305097)]

So it takes a screenshot for some effect? Is there even a way to do this without taking a screenshot? A way that is easy enough to be performed on a smartphone?

And what did you expect from Apple? That every bit of data that was discarded is overwritten ten times? Jeez, I enjoy bashing big companies as much as the other guy but now they're looking too far. Remember, it also saves your web history, every picture you took, every file you opened everything you did somewhere...

Re:What's the problem

[fermion (181285)]

Sometimes it is just interesting to think about security, and security choices that are made. Certainly the security incompetence of most manufactures does not reach the level of homeland security, but neither does the security issues. It still is interesting to think about. For instance, the iPhone shows one letter of the password for usability, and this is likely worth the security compromise. Many web browser automatically cache a large number of previous web pages, and a large amount of history, so any minimally competent sleuth can determine everything you have done for the past week. This has security implications, yet when Firefox implemented the very reasonable privacy feature, they get ridiculed with installing a porn filter. In fact such history and cache can be argued to be a unnecessary security risk that should not be turned on by default, but the compromise has been made.

In this case, a potential security issue has been introduced for the purpose of look and feel. While the headline is sensational and seems to be written by a person with no technical background or understanding fo the iPhone, the point remains. Pictures of what you are doing prior to pressing the home button are taken, and stored for some indeterminate amount of time. This is like the browser issue, likely not a big problem. OTOH, there does not seem to be an option under the general/home button menu to turn off this effect, so there is no way for persons worried about the issue to turn it off. It is an interesting problem.

Re:

[Anonymous Coward]

It's crap like this that makes me feel just fine having my little fugly Palm Centro. I don't have to have yet another security hole because Apple felt taking a screenshot would make for a cool bit of eye-candy.

Admit it. You're letting envy cloud your judgement.

Think about what you're saying. "Yeah, my device is ugly and stupid, but YOURS HAS YOUR PERSONAL INFORMATION ON IT".

Seriously. Someone gets my phone, my *LAST* concern is potentially recoverable screenshots of what I was doing on it when I closed an application. What about all the personal data it stores through the very nature of its function?!

lame

And this just in!

[Artraze (600366)]

It turns out that you browser will store all the information needed to recreate the web pages you visit! Not just a screenshot! This critical flaw appears to have present for years in all known browsers! The end is near!

Seriously? Come on. I know ./ likes to post anything related to the iPhone, especially if it involves "spying", but this is pretty uninteresting. Security is traded for speed and features on a daily basis, including places where do so presents a major risk (*cough*Outlook). This is really not too surprising since it trades at most a little privacy in exchange for a neat effect; what would you expect Apple's iCandy to do?

Re:And this just in!

[venicebeach (702856)]

It's even worse than that, the iPhone keeps copies of all your emails, and records phone numbers you have called as well as keeping a database of all your personal contacts!!! The thing is a 5 ounce privacy invasion machine!

fud

[sam_paris (919837)]

Tag this article as fud, because that's what it is. Any excuse to bash apple and/or iphone.. Really, if we're going to get upset about this, let's get upset about browser caching, cookies, history.. etc etc

Only the guilty have something to hide!

[TibbonZero (571809)]

Think of the children!

Even the Author Doesn't Think It's News

[Nuclear Elephant (700938)]

I _am_ Jonathan Zdziarski and even I don't understand why this is news.

This was a side note I mentioned the other day, and has been something I've been grousing about for over a year. It's unnecessary, and a bit of a privacy leak that can be exploited by forensic examiners, but hardly news for the reasons already stated in the comments.

Re:Even the Author Doesn't Think It's News

[Rob T Firefly (844560)]

I _am_ Jonathan Zdziarski

No, I'm Jonathan Zdziarski!

Re:Even the Author Doesn't Think It's News

[Inda (580031)]

No, I am Jonathan Zdziarski.

Re:Even the Author Doesn't Think It's News

[Nuclear Elephant (700938)]

To add one more comment to this, though, it's been inaccurately reported that this process takes an hour to complete. Well, the passcode breaking piece of the demonstration technically takes maybe 15-20 minutes for a trained pro to prepare, but once you've prepared the custom firmware payload, you can re-use it over and over again on different iPhones. The actual payload installation takes only 60 seconds, so someone who came along prepared would be able to break your passcode in 60 seconds - not an hour. With that said though, you still need to transmit the raw disk image to a desktop machine to access this data. That transfer can easily take 2-3 hours. This means that you're not going to have your personal data hijacked by simply placing the phone down for a moment, but if it were stolen or seized, it's most certainly easy to recover.

Re:Even the Author Doesn't Think It's News

[fo0bar (261207)]

I _am_ Jonathan Zdziarski and even I don't understand why this is news.

Welcome to Slashdot. Here's your oversized novelty foam finger.

I've seen this...

[zosa (261289)]

I had a glitch occur that put one of these screen shots in my photos collection. I was wondering what kind of glitch would have generated a screenshot. Now that is partially explained.

I'll show them...

[russotto (537200)]

I wrote a little app to fill the cache with screenshots of the IRS web pages. Anyone tries to investigate me, they'll have to carefully examine Publication 936, the instructions for Schedule F1, the guidelines for reporting "nanny" wages, and the like. Even if they aren't literally bored to death, they definitely won't want to look any further.

So what?

[jrothwell97 (968062)]

The phone swaps an image to the disk so it can later be used in compositing. It's nothing new you know. Virtual memory's been around for aeons, and looking through an unencrypted swapfile to find incriminating information isn't exactly new either.

no foundation

[dynamo (6127)]

This fool doesn't even present any evidence that this 'screenshot' is -ever- even written to storage. Sure, it has to be in RAM to be shown zooming away, but the same thing applies to showing anything on the screen at all. Just because it saves processing power to capture an image instead of zooming the live app like OS X does, doesn't imply that the image ever leaves volatile RAM.

- written from my iphone.

Re:It's nice to know

[mmkkbb (816035)]

Errr, it's not phoning these screenshots home. You must have a problem with .bash_history too, right? Caching your keystrokes! OMG!

Re:It's nice to know

[Hyppy (74366)]

It's trivial to disable logging to .bash_history. What about for this?

Re:

[Em Ellel (523581)]

Errr, it's not phoning these screenshots home. You must have a problem with .bash_history too, right? Caching your keystrokes! OMG!

In all fairness, if his account password "alpine" is posted all over the internet, looking into his .bash_history IS a pretty damn good way of spying on him. (Granted, there are bigger issues in this scenario.)

-Em

Re:It's nice to know

[Firehed (942385)]

Sure, if you overwrite your firmware (jailbreak), enable SSH access to the phone, and then NOT change your root password. Quite frankly, you deserve it at that point.

Sounds like yet another sensationalist (and completely inaccurate) headline pointing to a non-story. Unless some pervert is hits the home button while trying to take a (crappy, borderline-useless unless it's being done in full daylight) picture of himself raping a kid, AND law enforcement not only knows to look for this cached file, I don't really see this being an issue. I suppose it could possibly be used as supplemental evidence when a case is being built up, but the actual AIM chat logs, sent emails, phone call history (all of which are far more accessible) and such would be far more potentially incriminating.

Re:It's nice to know

[Em Ellel (523581)]

You'll no doubt be shocked to learn that even though you might empty your Recycle Bin there are some thing that anyone with physical access to your computer MAY be able to recover.

Thank you, that's the point. I DO know that about files *I* create and *I* delete and I can delete them securely if I choose to. What I did NOT know is that something is capturing screenshots of what I am doing and saving them without my knowledge. Generally this sort of a behavior is reserved for spyware, rootkits and other malware. I realize it is not intended as such, but neither was the Sony DRM rootkit a while back.
I would guess most people would have an issue to have a keylogger installed on their computers. This is no different..

(the word may is in all caps for the imbeciles reading, and because some of us are unable to detect when we are being patronizing)

Ok, but there MAY be something vaguely self-referential about that....

-Em

Re:It's nice to know

[Subliminalbits (998434)]

Don't forget the page file. The horror; your computer is constantly taking screen shots of your applications ram and storing them on the hard drive!

Re:Makes you wonder....

[ByOhTek (1181381)]

it makes me wonder why there is no 'badtitle' tag.

It doesn't take a screenshot of everything you do, just when you hit the home button.

Re:Makes you wonder....

[frosty_tsm (933163)]

You can with the iBeer app.

(sorry, I tried to find the link)

Re:

[BagOBones (574735)]

Or iPint which is a free app

Re:

[FireStormZ (1315639)]

It makes me wonder what parental unit is stupid enough to give their kid an iPhone

Re:

[cayenne8 (626475)]

"It makes me wonder what parental unit is stupid enough to give their kid an iPhone"

Just curious...why would you think it stupid for a parent to get a kid an iPhone? That way they'd be giving them an iPod and phone in one fell swoop.

Hell, when I was a teen.....I was working, and if they had them in my day...I'd have bought my own.

But really....are you saying buying a phone in general for a kid is stupid or just if it is an iPhone that is stupid?

Re:Makes you wonder....

[FireStormZ (1315639)]

I can see a situation in which a phone *might* make sense (kid works a late shift, has an unreliable car, etc... But I cant see the wisdom in getting a kid the iPhone or any other upper level phone. If a kid works and uses their own money thats all well and good but its way to much to give a kid because 'they need one'.

Re:

[SQLGuru (980662)]

If I lived in a house with all of that screaming, I'd probably be violent, too.....

Layne

Re:

[Lord Flipper (627481)]

Jealous much?

Jealous of what, exactly? Kids sending SMS text at 100s the cost of an email, or simple IM? People paying hundreds of bucks to set themselves up for locked-in contracts?

I've been an Apple client since 1979. You want to know what pisses me off? Apple turning into a fucking toy company, and incrementally destroying NeXTSTEP. Apple spending time on bullshit iPhone screenshot shit, and hanging on to the HFS+ file system, which is actually incompatible with their lousy OS. Leopard is nothing but a r

Seems most popular at opposite extremes of age

[mbessey (304651)]

Young kids tend to love the built in camera, especially using it with the Photobooth application. The Grandparents love video-chat with the grandkids. Everybody in-between in age thinks it's a waste of money.

I've used the built-in camera in my Macbook exactly once so far.