Archive for ‘Sci/Tech’

May 23, 2013

Asia Pacific: Proposed high-speed rail network a high investment for Laos?

This story was from channelnewsasia.com

Channel News Asia

Proposed high-speed rail network a high investment for Laos?

Click on the link to get more news and video from original source: http://www.channelnewsasia.com/news/asiapacific/proposed-high-speed-rail-network-a-high-/682812.html

  • By Anasuya Sanyal
  • POSTED: 21 May 2013 4:54 PM

High-speed railway lines connecting Thailand, Laos and China might soon become a reality after the Thai cabinet met with its Lao counterparts in Chiang Mai earlier this week.

File photo: Laotian boys ride on a motorcycle with a sidecar attached in Luang Prabang, Laos. (AFP/Roslan Rahman)

THAILAND: High-speed railway lines connecting Thailand, Laos and China might soon become a reality after the Thai cabinet met with its Lao counterparts in Chiang Mai earlier this week.

The proposal would have a major impact on the region as there is currently only vehicle crossing from ASEAN countries into China.

Both governments are planning to spend billions on countrywide railroad infrastructure.

But in Laos, the plan will be nothing short of radical as the country’s rail networks are practically non-existent.

The proposed massive rail projects will require loans totalling over half of the country’s GDP, which was US$8.3 billion in 2011, according to the World Bank.

Chadchart Sittipunt, Thailand’s transport minister, said: “I think the key message for Laos will be how to create value for this high-speed train for Laos. I think we need to talk because I think there will be a lot of investment for Laos. But how will they create value from this big investment? If they can do it, it will be a good connection between Kunming (China), Laos, and Thailand.”

Rail links are not a surefire benefit to Laos’ economy.

Nevertheless, Vientiane’s ambition to transform the landlocked country into an integrated regional player is gaining support from its neighbours.

Last year the Thai government agreed to finance a US$55 million project to build a short railway line bridging Laos’ capital with Thailand’s Nong Khai province, while it plans its own railway overhaul to be completed in 2020 at a cost of US$69.6 billion.

- CNA/xq

June 4, 2011

Hotmail, Yahoo Mail users also targets in attacks

View Original Source:  http://technolog.msnbc.msn.com/_news/2011/06/03/6772299-hotmail-yahoo-mail-users-also-targets-in-attacks

Trend Micro
By Suzanne Choney

Gmail hasn’t been the only Web-based email program under attack; some users of Hotmail and Yahoo Mail are also having the same problem. While Google said it believes its attacks emanated from China, that’s not necessarily the case with Hotmail and Yahoo Mail; still, there are “significant similarities” in the attacks themselves, says Trend Micro.

“The objective of the attackers appears to be to gain access to the target’s Webmail accounts in order to monitor his/her communications and, possibly, to stage future attacks,” says Nart Villeneuve, senior threat researcher for the software security firm, in a blog posting. “In the recent case revealed by Google, the attackers used a phishing attack to gain access to the target’s Gmail account then proceeded to add their own email addresses to the “forwarding and delegation settings,” allowing them to send and receive email messages via the compromised accounts.”

Problems with Microsoft’s Hotmail security were noted by Trend Micro a few weeks ago in this report. But Trend Micro spokesman Michael Sweeny said in an email to msnbc.com that Microsoft “already patched last week the vulnerability that we identified.” (Msnbc.com is a joint venture of Microsoft and NBC Universal.)

Villeneuve says that the new phishing effort is particularly pernicious. “Rather than clicking a malicious link, even the simple act of previewing the malicious email message can compromise a user’s account,” he wrote, citing an example of a phishing email that “pretended to be from the Facebook security team.”

And, in addition to Gmail and Hotmail users, Yahoo Mail users “have also been targeted,” he said:

We recently alerted Yahoo of an attempt to exploit Yahoo Mail by stealing users’ cookies in order to gain access to their email accounts. While this attempt appeared to fail, it does signify that attackers are attempting to attack Yahoo Mail users as well.”

The same email address that attempted to exploit Yahoo! Mail was used in targeted attacks featuring malicious Mirosoft Excel spreadsheets in March. This demonstrates the diversity of exploits that are available to attackers.

These events demonstrate that in addition to targeted attacks that encourage users to open malicious attachments, usually .PDF and .DOC files, attackers are also attempting to exploit vulnerabilities in popular Webmail services in order to compromise Webmail accounts, to monitor communications, and to gain information in order to stage future attacks.

Once the attackers know what software are installed on a target’s computer, including antivirus products, they can craft a precise attack targeting any vulnerable software. Such an attack will then have a high probability of success.   

There are some signposts to help you identify phishing emails, including spelling and grammar errors “that help indicate that it did not originate from the expected source,” Villeneuve writes. To learn more about targeted attacks, he points to a Trend Micro article, “How Sophisticated Are Targeted Malware Attacks?”  McAfee also has more information on phishing here. Yahoo has information here, as well as at its Security Center.

It’s not clear how much of an issue the problem is for Yahoo or Hotmail customers.

Microsoft, via a spokesperson, said it is “not aware of any broad phishing attacks targeting our Hotmail customers. We take the security and privacy of our customers very seriously; phishing attacks are a persistent industry challenge.”

The company recommends users check its online privacy and safety site, as well as this Windows Live page, but also offers this advice to those who think they have been the victim of a phishing scheme:

People who think that they have responded to a phishing scam with personal or financial information or entered this information into a fake website should take four key steps: (1) report the incident to the proper authorities, (2) change the passwords on all your online accounts, (3) review your credit reports and your bank and credit card statements, and (4) make sure you are using the latest technologies to help protect yourself from future scams.

If you have given out your credit card information, contact your credit company right away. The sooner a company knows your account may have been compromised, the easier it will be for them to help protect you.

Next, contact the company that you believe was forged. Remember to contact the organization directly, not through the e-mail message you received. Or call the organization’s toll-free number and speak to a customer service representative. For Microsoft, call the PC Safety hotline at 1-866-PCSAFETY.

Then, report the incident to the proper authorities. Send an e-mail to spam@uce.gov to report it to the Federal Trade Commission and to reportphishing@antiphishing.org  to report it to the Anti-Phishing Working Group.

The second step is to change the passwords on all your online accounts. The reason for this is that a lot of people use the same password for multiple accounts. Start with passwords that are related to financial institutions or personal information. If you think someone has accessed your e-mail account, change your password immediately.

The third step is to review your bank and credit card statements and your credit report monthly for unexplained charges, inquiries or activity that you didn’t initiate.

Finally, make sure you use the latest products, such as anti-spam and anti-phishing capabilities in e-mail services, phishing filters in Web browsers and other services to help warn and protect you from online scams.

One Hotmail user, Christopher Polasek, said he found out about the malware attempt on Monday afternoon when he got a call from his grandmother “asking if I emailed her. I had not and she advised she got an email from me with just a link.”

She thought the link was photos of her great-grandchildren, and clicked on what turned out to be “not an appropriate” site, Polasek said. And he quickly learned that “somehow everyone on my contact list had been sent this same information via my contact list.”

He followed up with an email to his contacts letting them know “my account had been hijacked and not to trust links sent by my email account.” And he said he also deleted his contact list and changed his password. It was all a lot of work and aggravation — but it’s now a reality in our Web-based world.

Related stories:

Check out Technolog, Gadgetbox, Digital Life and In-Game on Facebook, and on Twitter, follow Suzanne Choney.

Tags:
June 4, 2011

Opinion: Shock – Windows 8 optimized for desktop tablets

Why the default user interface for desktop Windows 8 looks a lot like Microsoft’s Windows Phone 7

View Original Source:  http://www.computerworld.com/s/article/9217296/Shock_Windows_8_optimized_for_desktop_tablets?taxonomyId=15&pageNumber=1

By Mike Elgan

June 4, 2011 08:00 AM ET

Computerworld – Microsoft demonstrated the next version of Windows this week, and the operating system has an interface almost nobody expected or predicted.

The default interface for Windows 8 will look almost nothing like Windows 7, but will look and feel a heck of a lot like Microsoft‘s cell-phone operating system, Windows Phone 7.

What’s going on here?

Way back in February 2007, I told you about the coming era of touch-screen desktop computing — “an iPhone the size of a big-screen TV.” I asked: “Will the desktop version of this third-generation UI come from Apple, or Microsoft?”

After four years, we still don’t know the answer to that question. Apple could still beat Microsoft to the punch.

But this week we learned that Microsoft intends to ship the first desktop touch tablet version of Windows next year. More importantly, we know how Microsoft is going to manage the jarring transition from second-generation WIMP (windows, icons, menus and pointing devices) computing to third-generation MPG (multi-touch, physics and gestures ) computing.

To gently-but-aggressively transition the Windows world to the next generation of computing, Microsoft is going to do something I hadn’t even thought of: Microsoft will get millions of users to interact with their touch interface without touching. Windows 8 will combine the gestures and eye candy of tomorrow’s touch tablets with the clunky mice and keyboards of yesterday’s PCs.

A proven strategy

When Microsoft transitioned users from DOS to Windows back in the early 1990s, they made Windows a “shell” on top of DOS, but made the Windows UI the default. (Note that the less aggressive, legacy-friendly alternative to that would have been to ship DOS with the Windows shell as an optional application.) Microsoft didn’t force everyone to suddenly abandon DOS and the DOS applications they had invested in. Anyone who wanted to launch and run a DOS program could do so, but in a DOS window within the Windows shell. Microsoft’s strategy paid off, and Windows adoption happened quickly.

Microsoft plans to do exactly the same thing with Windows 8. The new operating system will default to the next-generation shell — the Metro UI, which first showed up in the Windows Media Center, then the Zune, then Windows Phone 7.

That’s right. When you install Windows 8, you’ll be greeted not by a “desktop” with icons, but to a “personal mosaic of tiles,” according to Microsoft’s demo video. These are like icons in functionality — when you click or tap them, they launch the associated applications. But unlike icons, they display data from the applications. In Microsoft’s example, the e-mail tile shows new messages. The calendar tile shows today’s appointments. A “My Investments” tile displays live stock prices. A Twitter tile shows a recent tweet.

The interface is so new that applications will have to be re-written for it from the ground up, just like DOS applications had to be re-written for Windows. These new applications will have interesting qualities. For example, they’ll be written in either HTML5 or JavaScript. They’ll launch full-screen, just like apps on an Apple iPad tablet, but will also optionally run two at a time, side-by-side. And even if you’re using an old mouse-and-keyboard style desktop PC, the apps you’ll use will be “designed for touch.” You can cycle through multitasking applications with a simple swipe-from-the-left gesture.

But don’t worry. Your old Windows applications will still run. Like in the earliest versions of Windows that ran DOS software in a special DOS mode, Windows applications will run in a “Desktop” or “Windows 7” mode. Best of all, you’ll be able to run old Windows applications side-by-side with the Metro UI app of your choice.

Interestingly, the Metro UI handles files like the iPad — documents and data files are associated with the application, and will be managed only from within applications. But in the Windows 7 window, you’ll still have old-fashioned file management, where your data file locations are not associated with specific applications and can be moved copied, deleted or modified without reference to specific applications.

Note that these two generations of user interface will exist side-by-side only on PCs. Windows 8 will also run on devices powered by ARM chips made by a company called ARM Holdings. Traditionally, these chips power smartphones and tablets, and the slim operating systems designed for these mobile gadgets. Windows 8 will run on ARM devices, but the old interface will not be supported. ARM devices will run only the Metro UI, and the apps written for that platform.

So both your PC and tablet will run Windows 8, but only your PC will be able to run your current version of Office or QuickBooks. On the tablet, you’ll have to wait for new, Metro-specific versions to be created.

Why Microsoft is doing this

People resist change. It’s just human nature.

Users are going to love the touch-centric computing interfaces of tomorrow. But today, many Windows users just don’t like the sound of it.

Whenever I predict desktop tablets, I get a lot of e-mail from the resistance. Touch is too limited, they say. An iPad-like interface is cramped and limiting. The arm position necessary to use a touch screen even at an angle is uncomforable. I need a real keyboard. I’ve grown attached to my mouse. I need hardcore multi-tasking.

Apple’s strategy for overcoming resistance was to launch an entirely new device, rather than immediately replace an existing platform with a new one. Apple’s MPG (multitouch, physics and gestures) interface was first used on Apple’s first-ever cell phone. Because the entire device category was brand new to Apple, the company didn’t ask users of existing Apple products to do things differently. The company’s strategy is to start small and move up the food chain – first phones, then tablets, then multi-touch laptop and desktop touchpads, then desktops, which we’ll see no doubt this year or next.

What we learned this week is that Microsoft has come up with an entirely different solution to the problem of user resistance to change: Microsoft intends to get us all using a touch interface with mice and keyboards first.

By the time we get used to doing that, we’ll be happy to get rid of the peripheral hardware and just use our desktops like iPads, touching the screen directly. It will be the same interface, but much better because we’ll be able to use multi-finger gestures and because we’ll enjoy the innate psychological payoff of using an MPG device.

I think Microsoft’s strategy is brilliant. I had all but written off Microsoft as clueless about the future of touch computing. But the company’s latest demo changes everything.

Mike Elgan writes about technology and tech culture. Contact and learn more about Mike at Elgan.com, or subscribe to his free e-mail newsletter, Mike’s List.

Read more about Windows in Computerworld’s Windows Topic Center.

Tags:
May 6, 2011

Apple could adopt ARM for laptops, but why would it?

View Original Source:  http://arstechnica.com/apple/news/2011/05/apple-could-adopt-arm-for-laptops-but-why-would-it.ars

By Chris Foresman

The Apple/ARM rumor du jour is that Apple will transition its entire portable Mac line to ARM-based CPUs, dropping Intel altogether. Sources speaking to Semi Accurate claim this is a “done deal,” and the move should happen by 2013, when a 64-bit ARM A15 core becomes available. While a future generation of Apple’s A5 processor could make some sense for something akin to the MacBook Air, the claim that Apple will ditch Intel wholesale for ARM just doesn’t add up.

Semi Accurate’s sources say Apple is already working on this transition. From an OS point of view, it wouldn’t be that difficult—iOS and Mac OS X are both based on more or less the same code base, and iOS already runs on ARM.

“So short story, x86 is history on Apple laptops, or will be in 2-3 years,” claimed Semi Accurate, based on its sources’ information. “In any case, it is a done deal, Intel is out, and Apple chips are in.”

Semi Accurate boosts this by saying its “moles” were right about Apple moving away from NVIDIA GPUs, keeping some laptops on Core2 Duo processors, and that Apple would be the first to adopt Thunderbolt (aka Light Peak). While that might be a good track record, those predictions were pretty safe, obvious bets. Apple has moved away from NVIDI GPUs before, and we noted that moving to Intel’s Core iX series processors (Nehalem and now Sandy Bridge) would mean ditching the NVIDIA 9400M and 320M controllers Apple had used for a few generations of Core2 Duo-based machines. We also explained why last year Apple couldn’t yet upgrade its most compact laptops—the 13″ MacBook Pro and MacBook Air—from Core2 Duo processors, mostly due to space and power concerns, as well as limitations in Intel’s product line. And since Apple was heavily involved in the development of Light Peak, it’s no surprise the company was the first to integrate the tech into its products.

Here’s what’s wrong with the prediction. A processor using four 64-bit A15 ARM cores running at 2.5GHz in 2013 is expected to have performance on par with a 2GHz Core2 Duo available today. Apple has already moved its MacBook Pro line to Sandy Bridge chips, and should be moving the MacBook Air to Sandy Bridge later this summer. Those chips already outperform Core2 Duo chips by a quantum leap at similar clock speeds.

In the next year or so, Intel will release an update to Sandy Bridge called Ivy Bridge. This new generation of processors will utilize Intel’s new 3D transistor technology on a 22nm process, bringing either significant power savings in low voltage designs, speed improvements at higher voltages, or some combination of the two. Effectively, Intel could make a 22nm clone of Sandy Bridge processors with identical performance at close to 50 percent of the power requirements. Imagine the performance of today’s MacBook Pro with something like double the battery life—there’s a lot more to it than just the CPU power requirements, but you get the idea.

A major benefit in ARM’s favor over x86 processors is that they currently provide mobile devices with ample performance combined with extremely long battery life. So from this perspective, a laptop running current generation low-power ARM processors would get amazing battery life in exchange for constrained performance. On iPhones and iPads, which only one run application at a time, we accept this trade off. It doesn’t seem likely that users are ready to make that sacrifice when using Mac OS X (at least, not yet). Conversely, pushing ARM processors to Core2 Duo-like performance would erase most, if not all, of ARM’s low-power benefits, and would suck juice from a laptop’s battery about as quickly as comparable x86 processors.

With no clear performance or efficiency benefit derived from moving to ARM, it doesn’t seem likely Apple will be ditching Intel wholesale for its notebooks, even two years from now. However unlikely, though, that doesn’t necessarily mean that Apple won’t use ARM processors for future Mac-like computers.

Steve Jobs has a history of preferring custom hardware. Consider the high-density 3.5″ floppy disk drives that the original Macintosh used, which weren’t widely adopted by DOS PCs until 1988. At Next, Jobs continued his preference for unique, custom hardware with the distinct Next Cube, which used Motorola processors like the Mac instead of the x86 processors used in PC clones. IT also relied on special graphics cards which supported Display PostScript, a version of Adobe’s page description language for high-resolution printing. When Jobs returned to Apple, the company sold the universally reviled USB “puck” mouse that debuted with the original iMac in 1998. And, Jobs clung to the PowerPC platform (which Apple originally had a hand in designing) for years after Intel-based PCs had far surpassed Macs in raw performance.

Apple was also originally involved early on in the design of what became known as the ARM6 architecture, used in the Newton PDAs of the early 90s, so Apple has a long history with ARM. Apple also in recent years acquired two processor design companies known for their aptitude for low-power chip designs. One is PA Semi, whose top engineers are now running the “ARM CPU architecture team” within Apple. The other is Intrinsity, known for its low-power Hummingbird ARM variants. With all this internal knowledge and skill, it is entirely likely Apple could engineer a custom ARM processor geared towards MacBook-like performance with iPad-like battery life. That capability could prove tempting to Jobs, who could then say that “Apple’s notebooks have something no one else has.”

The other factor which could lead to ARM-based portable Macs is the gradual melding of iOS and Mac OS X. Developers have seen Apple moving in that direction for some time, but Apple explicitly said it was doing so when it unveiled Mac OS X Lion last October. Jobs described Lion as “Mac OS X meets the iPad,” noting that it would incorporate a number of iOS-like technologies including Launchpad, auto-saving files, auto-resuming applications, full-screen apps, and the Mac App Store.

One reason that makes iOS seem so fast on modest hardware are the constraints presented to the user. Only one application is active at any one time. Background processes are limited to certain power-optimized functions (like music playback or push notifications). iOS is clearly the future of Apple’s operating system efforts, so if iOS slowly overtakes Mac OS X, and users become accustomed to some of these constraints, it seems entirely possible that Apple could build a MacBook Air using a higher-performance A5 descendant that works less like what we’re used to today and perhaps more like the iPads of the future—with a keyboard attached. (The current MacBook Air isn’t far off from this description as it is.) Such a device could satisfy the computing needs—Web browsing, e-mail, Netflix streaming, instant messaging—for a large portion of people already acclimating to tablet use.

Finally, it’s also possible that Apple could realize some cost savings by using its own ARM-based designs. Apple’s low end starts at $1000, so if there are enough savings going the ARM route to push those prices down to $800 or so, it’s possible Apple could make significant gains in its already growing Mac sales.

With Intel’s current roadmap in mind, though, it just doesn’t seem wise for Apple to dump x86 for ARM anytime soon. Perhaps Apple could combine its low-power ARM know-how with Intel’s 22nm process technology to result is some super amazing ARM-based chip that could outdo Intel’s mobile processors on a performance-per-watt basis, but that is a big stretch. All the information available indicates that Ivy Bridge would wipe the floor with a “performance” ARM-based processor for the foreseeable future, and we have a hard time believing users would willingly downgrade from an Ivy Bridge-based laptop to an ARM-based laptop all other things being equal. There are factors that combined could push Apple in the direction of ARM, especially at the low end, but those factors rely on a lot of big ifs.

April 24, 2011

Yes, your iPhone is tracking you — the question’s why. It could be a bug, a mistake or something to do with ‘geofencing’

View Original Source:  http://www.computerworld.com/s/article/9216082/Yes_your_iPhone_is_tracking_you_the_question_s_why?taxonomyId=15&pageNumber=1

By Ryan Faas
April 23, 2011 06:02 AM ET

Computerworld – Overshadowing Apple’s earnings news this past week was the publicity surrounding the discovery that iPhones and 3G iPads track users’ locations and store the data in an unencrypted file. The discovery was made by O’Reilly researchers Alasdair Allan and Pete Warden, and it caused quite an uproar.

The file, named “consolidated.db,” is an unencrypted SQLite database that can be found in the devices’ file systems and in the iOS backup files created and updated by iTunes every time an iPhone or 3G iPad is synced. Although the file isn’t immediately accessible on the device itself, it can be accessed on a jailbroken device via the iTunes-generated backup file. It also could potentially be accessed using other tools that allow you to explore an iOS device’s file system while it’s attached to a computer.

The file contains location data about cell towers the device accessed and Wi-Fi networks that it was within range of, plus other information, like the direction a device was facing as determined by the digital compass that became standard on the iPhone 3GS. Other data points appear to be supported by the database file but don’t appear to be used in its current iteration.

One type of data included in the file noted by Allan and Warden is related to so-called geofencing. Geofencing allows a business or organization to create a virtual “fence” around a location that can provide information to mobile devices. A coffee shop could use a geofence technology to broadcast daily specials, or a school could use it to create a perimeter that would allow a phone to indicate that a child has safely arrived for class or is headed home.

Allan and Warden created a proof-of-concept Mac OS X app that can pull information from the database of a user’s iPhone backup and display it on a map — clearly showing where a device has been used.

It’s worth noting that an iPhone’s position isn’t being continuously tracked. When I ran the app, for example, it showed a number of sporadic entries between upstate N.Y. where I live and the location in Virginia where two of my friends got married last August. If my iPhone had been recording my location constantly, there would’ve been a solid line of entries through New Jersey, Delaware, and Maryland. The only entries along the route I drove, however, were at places where I used a location-related feature or app — to look up directions, to check the distance to the next rest area, to snap photos in D.C., or to check in at restaurants.

This clearly implies that the file records data when and where the iOS location services are used (although all manner of apps use location services, potentially generating a lot of entries).

It’s also important to realize that this file doesn’t have actual GPS data. It contains location data based on other, less accurate, sources — like cell tower triangulation and a database of known Wi-Fi hot spots.

While this week’s news about the location-tracking file generated a lot of angst — and prompted members of Congress to ask Apple what’s going on — this isn’t really new information. Data forensics specialists have known about this file for some time, along with a file called h-cells.plist that stored similar location data in previous iOS versions. It was much more difficult to extract that file or its data, however.

O'Reilly researchers Alasdair Allan and Pete Warden created an app that creates a map showing where an iPhone has been, based on the data in the consolidated.db file. (The information displayed here is from an iPhone owner living in New England.)

Not surprisingly, the consolidated.db file and the earlier version of it have been used in data forensic investigations by law enforcement agencies. Although that may raise the hackles of some privacy advocates, similar information can be retrieved from cell carriers by court order during an investigation.

Just what is this file for?

So what is consolidated.db doing on the iPhone? This is the probably the biggest unanswered question. Not being an Apple iOS engineer, I have no inside knowledge, but I’m fairly confident that Apple’s goal is not to maliciously spy on the whereabouts of every iPhone owner. Apple has more important things to do with its time and resources. Also, it appears that this file itself is never actually transmitted back to Apple, though information about a phone’s location apparently is, according to the Wall Street Journal.

My assumption is that the file is related to Apple’s collection of location data about available Wi-Fi networks. Apple’s iOS devices have three ways to determine your location: They can collect GPS data (provided the device supports GPS and can get a signal from enough GPS satellites), utilize cell tower triangulation (provided we’re talking about an original iPhone or a 3G iPad and a cell connection can be established), or refer to a database of known Wi-Fi networks.

Even though my Wi-Fi-only iPad doesn’t support GPS or cellular communication, it very often nails my location with surprising accuracy based on nearby networks — regardless of which one I’m actually connected to. That’s because it has access to a broad global database of known public and private networks and their locations.

Up through iOS 3.1, Apple relied on a database known as Skyhook. Beginning with the introduction of iOS 3.2 a year ago, the company quietly began using its own database of Wi-Fi networks and their locations. This change became public in a letter (download PDF) Apple’s chief counsel sent to Reps. Ed Markey (D-Mass.) and Joe Barton (R-Texas) about changes to the company’s privacy policy last July. Apple essentially said that any information it collects about a particular user or device is kept private unless the user consents to sharing it.

Here’s what Apple’s privacy policy says about location-based services:

“To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.”

“Some location-based services offered by Apple, such as the MobileMe ‘Find My iPhone’ feature, require your personal information for the feature to work.”

As Apple builds its own global database of Wi-Fi networks and locations, collecting data from iOS devices worldwide is an ideal way to maintain and update that database. Note: Apple’s not alone. Smartphones based on Google‘s Android operating system do the same thing, as the Wall Street Journal noted in its story.

However, forensic specialists familiar with the consolidated.db file claim that the file is not transmitted to Apple by either an iOS device or iTunes — although that doesn’t mean that some of the data stored in the file isn’t transmitted on its own. If that’s the case, one likely explanation for its presence is to provide third-party apps with easy access to a cache of past location information. This is one reason forensic experts believe Apple moved away from using the private — and difficult to access — h-cells.plist file.

To provide security, all third-party iOS apps run in a sandboxed environment within the iOS file system and onboard memory. Apple made a large number of additional features available to developers in iOS 4, including expanded location capabilities and the ability for some tasks to run in the background. That meant that Apple needed to make location data accessible to a part of the file system that apps can access. John Gruber at Daring Fireball backs this view with what appears to be deeper knowledge of the situation.

Another possibility: Apple may be trying to capture information about the device or, perhaps, carrier performance — the theory expressed by blogger Andy Ihnatko. Given the rap the iPhone got as a result of AT&T’s network problems, I wouldn’t discount the idea that Apple may have wanted firm data about how well its devices are actually working in the real world.

Why is it so vast?

Even absent malicious intent, why does an iPhone or 3G iPad store months and months of data — and why is it carried over from one device to another as Allan and Warden discovered?

I agree with the consensus view on why iOS isn’t purging older data — it’s probably a bug. Simply for performance and space reasons, it would make sense that a location cache be cleaned out periodically — just as any cache file on any desktop or mobile platform should be cleaned out. The fact that data isn’t being culled from the file means it likely got overlooked among other iOS engineering issues over the past year or two.

So why maintain the data across devices? That’s easy: When you replace an iPhone or iPad, you’re given the option of setting your shiny new one up using a backup from its predecessor. To do that, iTunes copies the existing backup to the device, including all your music, apps and preferences — and apparently that consolidated.db file.

What now?

I strongly suspect that the next iOS update will secure this file and probably add automatic culling of older data. Whether Apple will explicitly say that in the release notes — or even acknowledge the situation — is unknown. Though with Congress asking questions, it seems likely that Apple will have to offer up some kind of response. Until then, I recommend you turn on the option to encrypt your iPhone/iPad backups in iTunes and be prepared to use Apple’s Find My iPhone to remotely wipe the device if it gets lost or stolen.

If you’ve jailbroken your iPhone, there’s already a tool available on Cydia that will automatically wipe consolidated.db on a continuous basis.

For IT professionals who support the iPhone and iPad, there are security policies you can enable using Apple’s iPhone Configuration Utility or a third-party management console to remotely wipe a device after a set number of failed login attempts. Management consoles, like Exchange, can also initiate a remote wipe at any time as needed.

Ryan Faas is a freelance writer and technology consultant specializing in Mac and multiplatform network issues. He has been a Computerworld columnist since 2003 and is a frequent contributor to Peachpit.com. Faas is also the author of iPhone for Work (Apress 2009). You can find out more about him at RyanFaas.com and follow him on Twitter (@ryanfaas).

Read more about Smartphones in Computerworld’s Smartphones Topic Center.

Follow

Get every new post delivered to your Inbox.

Join 579 other followers

%d bloggers like this: