Hasta La Gadget!

It’s easy to mock the little guy when he takes a handful of giant corporations to court. Such litigious overzealousness usually gets tangled up or tossed out altogether — Klausner Technologies, however, is laughing all the way to the bank, with a stellar track record taking on some of tech’s biggest names over the past few years. To date, the company has scored wins in visual voicemail patent battles with Apple, Google, Verizon, LG, and Vonage — the company also struck a deal with Sprint, though presumably with less teeth-pulling. This week, Klausner added four more big wins to the list, inking deals with Panasonic, Yahoo, Qwest Communications, and Avaya in the wake of suits against the tech firms. The company still has ongoing battles with RIM and Cisco that will hopefully stay civil. We’d hate to see someone send a visual voicemail they’d regret later.

Panasonic, Yahoo, more admit defeat, sign deal with Klausner originally appeared on Engadget on Fri, 29 Apr 2011 13:13:00 EDT. Please see our terms for use of feeds.

Permalink   |  Reuters  | Email this | Comments

An East Texas jury recently awarded a relatively small computer firm patent troll a pretty hefty settlement (in you and me dollars) in a patent infringement suit that named Google, Yahoo, Amazon, AOL, and Myspace as defendants. The jury awarded Bedrock Computer Technologies LLC $5 million for a patent concerning the Linux kernel found in the software behind Google’s servers. The patent in question is described as a “method and apparatus for information storage and retrieval using a hashing technique with external chaining and on-the-fly removal of expired data.” It appears Google is the first of the defendants to face a judgement, but we have a feeling this decision might have set a precedent. Of course, no infringement suit would be complete without a healthy helping of appeals — and considering the decision came from a district court, we can almost guarantee this case is no exception. You didn’t expect the big guys to stay down for the count, did you?

Update: As it turns out, the plaintiff in question here, Bedrock Computer Technologies, is actually owned by David Garrod, a lawyer and patent reform activist. Ars Technica profiled Garrod following the initial suit, pointing to the clear contradiction between his trolling and reform efforts. What’s more, Bedrock sued Google and the rest of the defendants in June 2009. Just six months later, Bedrock was back in the courtroom, but this time it was on the receiving end. Red Hat, the company supplying the OS behind Google’s search engine services, was suing Bedrock for patent invalidity.

Google ordered to pay $5 million in Linux patent infringement suit (updated) originally appeared on Engadget on Thu, 21 Apr 2011 22:43:00 EDT. Please see our terms for use of feeds.

Permalink   |  Foss Patents  | Email this | Comments

Apple claims turning Location Services to "Off" will cease all transmission of geodata from a device to Apple. Photo: Jon Snyder/Wired.com

iPhone and iPad customers were spooked Wednesday to find out that their devices have recorded a detailed history of their geographical locations for the past year in an unprotected file. But it turns out that Apple already explained its location-collection practices in a detailed letter — almost a year ago.

And even though Apple has provided an explanation, there’s still a problem — the fact that this file containing the data is so easily accessible to anyone, and the fact that this data is stored in such an intricate manner that doesn’t seem to benefit the customer.

“I’m guessing someone screwed up,” said David Navalho, a pHD student specializing in location services on mobile devices with advanced sensors. “It’s basically bad for users. If someone steals the phone they have access to a lot of data.”

The privacy scare stems from a discovery by two data scientists, who revealed Wednesday that iPhones and iPads contain an unencrypted file called “consolidated.db,” which has been tracking and recording your location data in a log accompanied with time stamps for the past 10 months.

Apple’s general counsel Bruce Sewell in July 2010 sent a 13-page letter (.pdf) explaining its location-data-collection techniques in response to a request from Congressmen Joe Barton and Edward Markey asking for Apple to disclose such practices (.pdf). (Incidentally, Markey authored the “Do Not Track” bill to stop online companies from tracking children.)

Apple doesn’t specifically note the “consolidated.db” file in the letter, but the letter explains how and why Apple keeps such a detailed log of location data from mobile devices.

How is Apple collecting geodata?

According to Apple’s letter, geodata is being tracked and transmitted to Apple only if a customer toggles the Location Services option in the settings menu to “On.” If it’s off, no location-based information will be collected.

If the Location Services setting is flipped on, the iPhone, 3G iPad and, to a more limited extent, the iPod Touch and the Wi-Fi iPad, are transmitting geodata to Apple under different circumstances.

Apple is collecting information about nearby cell towers and Wi-Fi access points whenever you request current location information. Sometimes it will also do this automatically when you’re using a location-based service, such as a GPS app.

As for GPS information, Apple is collecting GPS location data only when a customer uses an application requiring GPS capabilities.

Apple claims the collected geodata is stored on the iOS device, then anonymized with a random identification number generated every 24 hours by the iOS device, and finally transmitted over an encrypted Wi-Fi network every 12 hours (or later if there’s no Wi-Fi available) to Apple. That means Apple and its partners can’t use this collected geodata to personally identify a user.

At Apple, the data gets stored in a database “accessible only by Apple,” the letter says.

“When a customer requests current location information, the device encrypts and transmits Cell Tower and Wi-Fi Access Point Information and the device’s GPS coordinates (if available) over a secure Wi-Fi Internet connection to Apple,” Apple wrote in the letter.

Why is Apple collecting geodata?

The purpose of all this, according to Apple, is to maintain a comprehensive location database, which in turn provides quicker and more precise location services.

“Apple must be able to determine quickly and precisely where a device is located,” Apple said in its letter. “To do this, Apple maintains a secure database containing information regarding known locations of cell towers and Wi-Fi access points.”

In older versions of Apple’s mobile OS (1.1.3 to 3.1), Apple relied on Google and Skyhook Wireless to provide location-based services — so Apple left data collection to them. But ever since April 2010, starting with iPhone OS 3.2 and continuing into the current iOS 4 software, Apple has started using its own databases to provide location-based services to iOS devices.

“These databases must be updated continuously to account for, among other things, the ever-changing physical landscape, more innovative uses of mobile technology, and the increasing number of Apple’s users,” Apple said in its letter.

Navalho explained that mobile location services work like this: To get your location, first the iPhone or iPad pulls from Apple’s database containing previously stored information about nearby cell towers and Wi-Fi spots to quickly triangulate your location, and then finally the GPS chip analyzes how long it takes satellite signals to reach the device in order to pinpoint location.

In short, Apple’s stored location database is intended to assist and quicken location processes on iOS mobile devices.

The problems

However, one problem here is that after this information is sent to Apple, there’s no customer benefit for that geodata to be stored on your iPhone or iPad for any longer, Navalho said.

In other words, after that data is transmitted to Apple “every 12 hours,” Apple’s database should already have the data needed to improve your location services, and there’s no reason for it to stick around on your device — especially after 10 months.

Plus, Apple explicitly said this database is “accessible only to Apple” — but in actuality the database of your approximate locations is accessible to anyone with physical or remote access to your iPhone or iPad. Again, that’s a security issue.

“There’s really no reason for the information to be there,” Navalho said. “I’ll just assume they didn’t erase it and that it’s a security issue, and hopefully they’ll fix it.”

Therefore, the core issue reported Wednesday remains the same: A hacker or thief gaining access to your iPhone or iPad can easily dig into the consolidated.db file and figure out where you live, or other places you’ve frequented. Apple uses rich geodata to assist your location services, but it doesn’t need to be stored on your device permanently.

“What Apple is doing actually puts users very much at risk,” said Sharon Nissim, consumer privacy counsel of the Electronic Privacy Information Center. “If one of these devices is stolen, [the thief] could easily discover details about the owner’s movements.”

Apple has not responded to Wired.com’s request for comment on this story.

An unencrypted file stored in iPhones and iPads constantly records a user's location data. An open source application was used to plot the location data from an iPhone belonging to a Wired.com reporter.

Your iPhone or 3G-equipped iPad has been secretly recording your location for the past 10 months.

Wired.com can confirm that fact: The screengrab above shows a map containing drop pins of everywhere yours truly has been in the past year.

Software hackers Peter Warden and Alasdair Allen discovered an unencrypted file inside Apple’s iOS 4 software, storing a long list of locations accompanied with time stamps. The file is labeled “consolidated.db.”

“Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps,” Warden and Allen wrote. “We’re not sure why Apple is gathering this data, but it’s clearly intentional, as the database is being restored across backups, and even device migrations.”

Warden is providing an open source program “iPhone Tracker” for iPhone and 3G iPad customers to output their location file into an interactive map, like the one above, so they can see for themselves. All you have to do is plug in your iDevice through USB and run Warden’s application. The software requires OS X 10.6 (Snow Leopard).

The iPhoneTracker application features a sliding bar for users to see where they were in specific times of the year.

Apple did not immediately respond to a request for a comment. Apple has not previously disclosed that iPhones and iPads are constantly tracking and storing user location.

The discovery is the latest in a series of alarming incidents that serve as cautionary tales about privacy in the always-connected mobile era.

Recently, German politician and privacy advocate Malte Spitz sued his phone carrier Deutsche Telekom to get every piece of information it had about him. The carrier delivered to him a gigantic file containing 35,000 data points of his location for six months. Later, a German publication plotted Spitz’s data onto an interactive map.

This iPhone and iPad privacy leak is eerily similar, and creepier, considering that Apple has sold over 100 million iPhones and 15 million iPads.

The location data stored inside “consolidated.db” cannot be accessed by Safari or any apps, said Charlie Miller, a security researcher known for discovering vulnerabilities in the iPhone. However, the data file is sensitive because a thief who gains physical access to an iPhone or iPad could look at the file and see everywhere a customer has been, or a hacker could remotely break in and read the file, Miller said.

It’s not simple for a hacker to remotely access an iPhone to get to that file. But in the past, Miller found an exploit that would allow a hacker to hijack an iPhone just by sending a text message to it containing malicious code. Apple later patched that exploit, but security researchers say there are plenty of vulnerabilities in the wild left unaddressed.

Sharon Nissim, consumer privacy counsel of the Electronic Privacy Information Center, said it is possible Apple is violating the Wireless Communications and Public Safety Act, which allows telecom carriers to provide call information only in emergency situations.

“By asking for permission to collect location data, Apple may be trying to get around its legal obligations, by asking people to give up privacy rights they don’t even know they have,” Nissim said.

She added that a potential privacy concern is that law enforcement would be able to subpoena these types of records from people’s iPhones or iPads.

See Also:

• IPhone Can Take Screenshots of Anything You Do
• iPhone or iSpy? Feds, Lawyers Tackle Mobile Privacy
• Hacker Resolves iPhone Screenshot Security Issue

Want some numerical context to last night’s revelation that Apple is suing Samsung Electronics for copying the iPhone and iPad? How does $5.7 billion sound? That’s how much Apple spent on buying up parts from Samsung last year, according to the AFP, which cites the Cupertino company as Samsung’s second-biggest client after Sony. Given the breadth of Samsung’s component manufacturing, these expenditures can and probably do span everything from flash storage and RAM to processing chips to displays. What’s fascinating here — and illustrative of the psychopathic nature of corporations — is that in spite of this massive interdependency, Apple’s lodged a broadly worded patent assault on a major prong of Samsung’s business (smartphones and tablets) and now Samsung’s been quoted as saying it has “no choice but [to] respond strongly.” A company official has apparently expressed the belief that Apple may be infringing on some of Samsung’s wireless patents, which means we can probably look forward to another fat batch of papers being submitted to the Northern District of California court. Lovely.

Apple spent nearly $5.7b on Samsung parts in 2010, faces ‘strong’ response to its patent suit originally appeared on Engadget on Tue, 19 Apr 2011 04:06:00 EDT. Please see our terms for use of feeds.

Permalink   |  AFP (Yahoo! News)  | Email this | Comments