Micro Web Servers
GPS and Wifi Geo Tracking - Suspicious Files
Copyright 2011 Technoids.com
/private/var/root/Library/Caches/locationd/clients.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CachedAutomaticTimeStatus</key>
<integer>2</integer>
<key>CachedSystemTime</key>
<dict>
<key>referenceTimeStamp</key>
<real>325058687.04903185</real>
<key>rtctime</key>
<real>24897457.5</real>
<key>source</key>
<integer>4</integer>
<key>time</key>
<real>325058679</real>
</dict>
<key>CachedSystemTimeSet</key>
<true/>
<key>CleanShutdown</key>
<false/>
<key>FileUpdate.http://configuration.apple.com/configurations/pep/cl/WMM.dat</key>
<real>324931099</real>
<key>FileUpdate.http://iphone-wu.apple.com/7day/v2/latest/lto2.dat</key>
<real>325207170</real>
<key>IgnoredCells</key>
<dict/>
<key>LastCellUpload</key>
<real>0.0</real>
<key>LastLocationUpload</key>
<real>321688901.78805602</real>
<key>LastWifiUpload</key>
<real>324931593.47473902</real>
<key>NetworkTimeZone</key>
<dict>
<key>dstActive</key>
<true/>
<key>tzOffset</key>
<integer>-240</integer>
</dict>
<key>PreviousLocation</key>
<dict>
<key>Altitude</key>
<real>0.0</real>
<key>HorizontalAccuracy</key>
<real>100</real>
<key>Latitude</key>
<real>45.367931540000001</real>
<key>Lifespan</key>
<real>104.75341904163361</real>
<key>Longitude</key>
<real>-75.681164800000005</real>
<key>Timestamp</key>
<real>324932288.12809497</real>
<key>Type</key>
<integer>4</integer>
<key>VerticalAccuracy</key>
<real>-1</real>
</dict>
<key>PreviousTimeZone</key>
<string>America/Toronto</string>
<key>RtcTimeOffset</key>
<real>300161217.5</real>
<key>RtcTimeOffsetError</key>
<real>0.10000000000000001</real>
<key>RtcTimeOffsetTimestamp</key>
<real>24965183.5</real>
<key>TimeSource</key>
<integer>1</integer>
<key>TimeZoneBorderDistance</key>
<real>7018.4998950754261</real>
<key>TimeZoneBorderDistanceTimestamp</key>
<real>324931094.14994001</real>
<key>WifiLocationNearby</key>
<dict>
<key>Altitude</key>
<real>0.0</real>
<key>HorizontalAccuracy</key>
<real>100</real>
<key>Latitude</key>
<real>45.367980119999999</real>
<key>Lifespan</key>
<real>90</real>
<key>Longitude</key>
<real>-75.680729920000005</real>
<key>Timestamp</key>
<real>321663758.94263899</real>
<key>Type</key>
<integer>4</integer>
<key>VerticalAccuracy</key>
<real>-1</real>
</dict>
</dict>
</plist>
/private/var/root/Library/Caches/locationd/stats.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Eph-update</key>
<string>4/21/11 6:17 PM</string>
<key>GPS-fix</key>
<string>4/21/11 9:36 PM</string>
</dict>
</plist>
http://iphone-wu.apple.com/7day/v2/ (updated daily?)
Appears to be downloading daily
lto2.dat and WMM.dat
These are extremely accurate co-ordinates
The timestamp shows the time in seconds since January 1st 2001
Time logged is excessively accurate note 321688901.78805602
Your iPhone, iPod Touch, iPad and Mac Computer is Tracking You
Quck Forensics on an iPad re Geo Logging
This is enough to raise red flags re privacy issues. A full test would take days using TCPdump and or Wireshark
iPad 1st gen iOS 4.2.1 3G - Jailbreak with Location Services Disabled
Test conditions 3G turned off Location Services & WiFi enabled for 10 minutes
Suspicious Files
/private/var/root/Library/Caches/locationd/consolidated.db
/System/Library/Frameworks/CoreLocation.framework/Support/consolidated.db
Seems to be installed when installing the iOS. Could be date of the iOS relelease ?
WMM.dat
WMM (World Magnetic Model) data originates from NOAA's National Geophysical Data Center (NGDC)
The World Magnetic Model is a joint product of the United States and the United Kingdom
lto2.dat
LTO (Long-Term Orbit ) technology originates from from Global Locate now owned by Broadcom
as part of their Location-Based Services products
Appendix
