Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Businesses Cellphones Apple

iPhone Takes Screenshots of Everything You Do 225

The_AV8R writes "Jonathan Zdziarski showed that every time you press the Home button on your iPhone, a screen capture is taken in order to produce a visual effect. This image is then cached and later deleted. Zdziarski says that there have been cases of law enforcement looking up sex offenders' old data and checking recovered screenshots." This revelation occurred in the midst of a webcast on iPhone forensics, demonstrating how to bypass the iPhone's password security (not trivial, but doable). Video from the talk is not online yet but is promised soon over at O'Reilly.
This discussion has been archived. No new comments can be posted.

iPhone Takes Screenshots of Everything You Do

Comments Filter:
  • FUD (Score:4, Funny)

    by Ethanol-fueled ( 1125189 ) * on Friday September 12, 2008 @12:14PM (#24980929) Homepage Journal
    From TFA:

    Therefore, forensics experts have used this security flaw to successfully nab criminals who have been accused of rape, murder or drug deals, Zdziarski said.

    iPhone: the tool of choice for rapists, murders, and drug dealers!

    Joking aside, the article is puzzling and it reeks of FUD: if the iCrooks were bad enough to get the authorities to actively track and sieze their data then they deserve to be caught for being too stoopid to buy disposable phones in cash from 7-11. Even Johnny dormroom pot- dealer knows that!

    • by ColdWetDog ( 752185 ) * on Friday September 12, 2008 @12:17PM (#24980975) Homepage
      Item 1:

      Smart crooks use dumb (disposable) phones.
      Dumb crooks use smart phones.
    • Re:FUD (Score:5, Funny)

      by wild_quinine ( 998562 ) on Friday September 12, 2008 @12:38PM (#24981377)

      Joking aside, the article is puzzling and it reeks of FUD:

      Apple FUD on slashdot? Maybe the LHC is gearing up for armageddon after all.

      • Re: (Score:2, Insightful)

        Apple FUD on slashdot? Maybe the LHC is gearing up for armageddon after all.

        Are you kidding? Ever since that line of people mysteriously turned up at an Apple Store, iPhone stories have become hate-fests on Slashdot. I'm not kidding. Somebody says they like the iPhone's web-browser and they're a 'fanboy'. But if somebody says the iPhone is 'useless', they're objective and rational.

        It has gotten rather obnoxious lately.

    • by Otter ( 3800 )
      I'm skeptical that real crimes, particularly murders, have been solved that way, with evidence presented in court, and it's never made the news.
    • Re: (Score:3, Insightful)

      From TFA:

      Therefore, forensics experts have used this security flaw to successfully

      nab criminals who have been accused of rape, murder or drug deals, Zdziarski said.

      iPhone: the tool of choice for rapists, murders, and drug dealers!

      Joking aside, the article is puzzling and it reeks of FUD: if the iCrooks were bad enough to

      get the authorities to actively track and sieze their data then they deserve to be caught

      for being too stoopid to buy disposable phones in cash from 7-11. Even Johnny dormroom pot-

      dealer knows that!

      FUD doesn't mean what you think it means.

  • by AndyG314 ( 760442 ) on Friday September 12, 2008 @12:22PM (#24981073) Homepage
    What type of incriminating things are sex ofenders doing with their iPhones.
  • by wisebabo ( 638845 ) on Friday September 12, 2008 @12:22PM (#24981079) Journal

    Sorry to diverge from the screenshot topic but does anyone know if Mr. Zdziarski will demonstrating how to hack the just released 2.1 firmware? Or is a previous version that (may have) been patched? This seems much more significant than being able to see (via a screenshot) what the last user action was.

    As for the screenshot, hmm... well at least it doesn't seem to be a deliberate attempt by Apple to get more info on the user. Also, it seems pretty difficult to get these screenshots (since they are automatically deleted according to the article you have to find and undelete them). Doesn't sound like a trivial or reliable way to snoop on people. Still I guess a security flaw is a flaw so be aware!

  • Pragmatic (Score:4, Funny)

    by mfh ( 56 ) on Friday September 12, 2008 @12:23PM (#24981089) Homepage Journal

    It's pragmatic to not press the home button when doing home invasions or killing people, I guess.

    • Re:Pragmatic (Score:4, Informative)

      by Em Ellel ( 523581 ) on Friday September 12, 2008 @12:34PM (#24981313)

      It's pragmatic to not press the home button when doing home invasions or killing people, I guess.

      Although you are probably technically right, unless you are killing them with a scathing email, or nasty AC troll post - it is not likely that the home button will matter. It captures the screenshot of what is on your screen - not from the camera. (unless you happend to have the camera app on at the moment of course)

      -Em

    • "Videoaping this crime spree was the best idea we ever had!"

  • by RJBeery ( 956252 ) <rjbeery@@@gmail...com> on Friday September 12, 2008 @12:25PM (#24981143)
    Give the concerned users an option of turning off the "shrinking screenshot" animation that occurs when the Home button is pressed (which is why the screenshot is cached in the first place).
  • What's the problem (Score:5, Interesting)

    by KasperMeerts ( 1305097 ) on Friday September 12, 2008 @12:26PM (#24981161)
    So it takes a screenshot for some effect? Is there even a way to do this without taking a screenshot? A way that is easy enough to be performed on a smartphone?

    And what did you expect from Apple? That every bit of data that was discarded is overwritten ten times? Jeez, I enjoy bashing big companies as much as the other guy but now they're looking too far. Remember, it also saves your web history, every picture you took, every file you opened everything you did somewhere...
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Those files are hidden away. This image should live in /tmp/, it doesn't. Apple decided you'd like it to appear in your photos list, which is clearly ridiculous. It does it on the ipod touch too.

      2.1 is a mess, apple's forums are full of bugs already, stupidly obvious ones that are found as soon as you use an updated device. Some seem to be problems with what itunes is doing to your files, others are bugs on the device itself. Clearly they didn't do enough testing, and the beta testers should be fired from t

      • You're thinking of Power+Home, not just Home.

        Power+Home takes screenshots explicitly, and is very useful. Home takes a screenshot to scale in/out on program open and close

    • Re: (Score:2, Insightful)

      by zullnero ( 833754 )
      This logic is just so rad. It's like saying "My firewall already has 20 ports open, what's so bad about having another few seemingly insignificant ports open for no reason at all?"

      The reason it's bad is because it's another way for someone to harvest personal information off your phone for apparently no real reason at all. It's crap like this that makes me feel just fine having my little fugly Palm Centro. I don't have to have yet another security hole because Apple felt taking a screenshot would make
      • Re: (Score:3, Insightful)

        by Anonymous Coward

        It's crap like this that makes me feel just fine having my little fugly Palm Centro. I don't have to have yet another security hole because Apple felt taking a screenshot would make for a cool bit of eye-candy.

        Admit it. You're letting envy cloud your judgement.

        Think about what you're saying. "Yeah, my device is ugly and stupid, but YOURS HAS YOUR PERSONAL INFORMATION ON IT".

        Seriously. Someone gets my phone, my *LAST* concern is potentially recoverable screenshots of what I was doing on it when I closed an application. What about all the personal data it stores through the very nature of its function?!

        lame

      • by geekoid ( 135745 )

        "..harvest personal information off your phone for apparently no real reason at all."
        how?

    • by fermion ( 181285 ) on Friday September 12, 2008 @01:11PM (#24981933) Homepage Journal
      Sometimes it is just interesting to think about security, and security choices that are made. Certainly the security incompetence of most manufactures does not reach the level of homeland security, but neither does the security issues. It still is interesting to think about. For instance, the iPhone shows one letter of the password for usability, and this is likely worth the security compromise. Many web browser automatically cache a large number of previous web pages, and a large amount of history, so any minimally competent sleuth can determine everything you have done for the past week. This has security implications, yet when Firefox implemented the very reasonable privacy feature, they get ridiculed with installing a porn filter. In fact such history and cache can be argued to be a unnecessary security risk that should not be turned on by default, but the compromise has been made.

      In this case, a potential security issue has been introduced for the purpose of look and feel. While the headline is sensational and seems to be written by a person with no technical background or understanding fo the iPhone, the point remains. Pictures of what you are doing prior to pressing the home button are taken, and stored for some indeterminate amount of time. This is like the browser issue, likely not a big problem. OTOH, there does not seem to be an option under the general/home button menu to turn off this effect, so there is no way for persons worried about the issue to turn it off. It is an interesting problem.

  • by Artraze ( 600366 ) on Friday September 12, 2008 @12:33PM (#24981291)

    It turns out that you browser will store all the information needed to recreate the web pages you visit! Not just a screenshot! This critical flaw appears to have present for years in all known browsers! The end is near!

    Seriously? Come on. I know ./ likes to post anything related to the iPhone, especially if it involves "spying", but this is pretty uninteresting. Security is traded for speed and features on a daily basis, including places where do so presents a major risk (*cough*Outlook). This is really not too surprising since it trades at most a little privacy in exchange for a neat effect; what would you expect Apple's iCandy to do?

  • fud (Score:4, Insightful)

    by sam_paris ( 919837 ) on Friday September 12, 2008 @12:38PM (#24981375)
    Tag this article as fud, because that's what it is. Any excuse to bash apple and/or iphone.. Really, if we're going to get upset about this, let's get upset about browser caching, cookies, history.. etc etc
    • We've had plenty of real reasons to bash the iphone. Look up Apple logo of death on google :) The entire iphone thing has been a huge buggy disaster.

      2.1 just came out... we'll see how well it does but... it better be a fucking miracle.

      • I have v1 iphone and i've never had a problem with it, or apple (they've replaced it twice for free for accidental damage on my part).

        I've had slight issues after the version 2 software but apparently less than 3g owners. Download 2.1 today and well yes we'll see. There are real problems with phones (3g mainly) but this isn't one of them :)
  • Think of the children!
  • The iPhone takes a screenshot, but they never said in the FA whether its actually written to flash or not!

    Given the limited write cycles of Flash, I would hope that Apple just keeps it in RAM.

  • by Nuclear Elephant ( 700938 ) on Friday September 12, 2008 @12:54PM (#24981637) Homepage
    I _am_ Jonathan Zdziarski and even I don't understand why this is news.

    This was a side note I mentioned the other day, and has been something I've been grousing about for over a year. It's unnecessary, and a bit of a privacy leak that can be exploited by forensic examiners, but hardly news for the reasons already stated in the comments.
  • Imagine using an iPhone for phone sex? I see it now:
    iPhone: it watches you masturbate.
  • I've seen this... (Score:3, Interesting)

    by zosa ( 261289 ) on Friday September 12, 2008 @01:10PM (#24981927)

    I had a glitch occur that put one of these screen shots in my photos collection. I was wondering what kind of glitch would have generated a screenshot. Now that is partially explained.

  • This reminds me of the OLD days when there were DOS utils which dumped the current contents of RAM immediately after a reboot with the intention of recovering passwords from the previous user.

    I can't watch the video, however are the screenshots just left in RAM? Or are there actual files saved somewhere?

  • by russotto ( 537200 ) on Friday September 12, 2008 @02:33PM (#24983083) Journal

    I wrote a little app to fill the cache with screenshots of the IRS web pages. Anyone tries to investigate me, they'll have to carefully examine Publication 936, the instructions for Schedule F1, the guidelines for reporting "nanny" wages, and the like. Even if they aren't literally bored to death, they definitely won't want to look any further.

  • iPhone protector/cover thingy ... with a lens cap!

  • wait a minute (Score:2, Insightful)

    by GregNorc ( 801858 )

    OSX also does that little shrinking animation when you minimize a window. I wonder if the same flaw is in OSX?

  • So what? (Score:4, Informative)

    by jrothwell97 ( 968062 ) <jonathan@not r o s w e l l.com> on Friday September 12, 2008 @06:09PM (#24985231) Homepage Journal
    The phone swaps an image to the disk so it can later be used in compositing. It's nothing new you know. Virtual memory's been around for aeons, and looking through an unencrypted swapfile to find incriminating information isn't exactly new either.
  • no foundation (Score:4, Interesting)

    by dynamo ( 6127 ) on Friday September 12, 2008 @07:58PM (#24986077) Journal

    This fool doesn't even present any evidence that this 'screenshot' is -ever- even written to storage. Sure, it has to be in RAM to be shown zooming away, but the same thing applies to showing anything on the screen at all. Just because it saves processing power to capture an image instead of zooming the live app like OS X does, doesn't imply that the image ever leaves volatile RAM.

    - written from my iphone.

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...