Laura let go of my hand and walked over to the bed. She was putting a little extra sway into her hips and her ass looked delicious in the black thong. Stopping at t

the side of the bed Laura bent over and began swinging her ass back and forth showing it off for me. Then standing up she turned and lied back on the bed. As I watched Laura hooked her fingers into the thong then after easing it off her

r hips put her legs straight up in the air and sensually slid the thong up her legs before bending her knees and kicking it off. Laura then allowed her legs to spread open giving me a full view of he

er glistening pussy. Propping herself up on her elbows Laura beckoned me over with her finger. As I approached the bed she made a noise of appreciation in her throat then said; "See

now that's what youth is for." I looked down and realized my cock was already rising again. I walked up to the bed and Laura pointed at the floor. I obediently got down on my knees between her legs. I was going to go right af

fter her pussy but remembering to be patient I leaned in and wrapping my arms around her waist took the initiative and kissed her. Unlike the crazed kiss on the ouch I kissed her softly and slowly, sliding my lips back and forth across her

rs and gently teasing her lips with my tongue. I was rewarded with a happy little sigh as Laura put her arms around my shoulders and softly returned my kisses. We kissed for quite awhi

ile our hands wandering, hers over my shoulders and back, mine down her sides and across her breasts. I broke the kiss and slid my lips down her neck. I went further down kissing her chest between her tits then starting with

the left slowly swirled my tongue around each hard nipple. Laura moaned softly and started playing with my hair. I finished with her nipp

ples and sitting back on my knees trailed my tongue down her soft stomach. When I reached the bottom of her stomach I gently pushed against her shoulder.

. Taking the hint Laura lied back and lifted her legs, placing her soft feet on my shoulders. Forcing myself to take my time I kissed the inside of each of her thighs and was thrilled t

to feel them trembling in anticipation. With an act of will I ran my tongue up each side of the crease between her upper thigh and pussy. The moan I received was more than a reward for my patience ho

owever. Finally taking my fingers I spread her pussy open lightly, and blew on her clit. When Laura made me even harder moaning; "Oh please Kev, please lick my pussy

I need it soooo bad!" How could I say no to that? I eagerly plunged my tongue directly into her steaming pussy and began working it in and out quickly. As I continued with my tongue I used the tip of my finger to teasingl

ly caress her swollen clit. "ohhh look at you tongue fucking me, ohhhh." Laura moaned. At the words tongue fucking I moaned myself goddamn this woman was hot! After a few more thrusts of my tongue I couldn't wait any longer and slid

ding my tongue up the length of her sopping wet pussy started flicking it across her clit. Laura gasped as a shudder went through her body. I took her clit into he

er mouth, and started sucking it in and out. I slid first one then two fingers into her pussy and as she groaned started pumping them timing it to the rhythm of my mouth. "Ohh someone taught you well." Laura gasped. I started speeding up then s

slowing down. Twice I caught her on the edge stopping just in time to slow her down. Laura didn't complain just lied there moaning. I Looked up and saw that she was playing with her nipples the sight made my

cock throb even more. Oh I was going to fuck the shit out of her I thought. I was speeding up again when Laura started driving me even wilder; "You like that Kev? You like li

icking my pussy?" "Oh yeah." "Then tell me. Don't be shy." "I like licking..." I stopped as she grabbed the back of my head by my hair. "Like? Like is how you describe cereal. Don't be a kid Kev be a man. And use my name when you

u tell me how much you're enjoying it." Okay if that's what she wants who am I to deny her? "I love sucking your hot pussy Laura." I told her replacing my tongue with my thumb on her clit as I spoke. "I love licking that sw

weet little clit." "Ohhh that's so much better." On that note I started sucking her clit harder and faster than before. Laura was moaning louder than ever and her hips were thrusting into my face. I hesitated I wanted to us

se my best trick but... No she said treat her like any other. Laura was getting closer, she was thrusting harder and her fingers were furiously working her nipples. I sucked her clit hard into my mouth then holding it there swirle

ed my tongue. Then quickly before I could change my mind I slid my left hand back and pushed my middle finger into her ass. Laura came like a wildcat. She

had still been holding my hair and used it to hold my face into her fiercely thrusting hips. Her thighs wrapped around my face and she let out a noise that was somewhere between a squeal and a wail. Her pussy gushed

in my face and I did find myself getting a face full as I continued to suck her clit. "Oh my fucking god!" Laura cried out. Her body continued to spasm in what was the longest hardest orgasm I had ever seen. Her hips finally start

ted to slow down and she let go of my hair. With a long drawn out moan Laura dropped her legs off of my shoulders and lied there panting. I stopped licking her clit and looked at her dripping pussy. Remembering

what she had said I looked up at her and smiled; "Now who made a mess? That's okay I'll get it." With that I started licking her pussy from top to bottom

m lapping up as much of her juices as I possibly could. Laura's hips pumped again and she let out a whimper that made me realize how damn ha

ard I was. I couldn't wait any longer. Fuck her like I would anyone else I told myself. Without waiting for her to take the lead I stood up, grabbed her ankles,

, and holding her legs up slammed my cock into the wettest pussy I had ever felt. "Oh yes!!!" Laura screamed ,and scream was the word. I found myself wond

dering if the neighbors could here this? Once again Laura took my mind off of everything else; "Oh yes Kev give it to me! Slam that fucking pussy!" That's exactly what I was doin

ng I had her legs high enough that her hips were off the bed and I was driving my cock into her as hard as I could. Laura was so wet every thrust caused a wet smacking sound. I was slamming her so hard her tits were bouncing back and forth, but what

t had my eye was Laura's face. Her head was back, her eyes closed and her mouth wide open as a series of loud yelps were coming from her with every thrust of my harder than ever cock. "Yeah you like that?" I asked her all

inhibitions gone "No, I love it!" She cried out. "I fucking love you pounding my pussy with that big fucking cock!" "Good," I told

her. "Because I love doing it, I love hearing you scream while I fuck the shit out of you!" "Yeah? You love it you dirty boy? You love fucking your mother?" That

got my attention. I slowed up a minute and Laura looked me in the eye. "Doesn't matter what you call me Kev, you're fucking your mother and your loving it!" She let out another loud squeal as I shifted my hands from her ankle

es to wrapping my arms around her thighs lifting her higher. She continued to surprise me as her fingers reached down and she started stroking her own clit. "That's okay though you know why? Because you're mother f

fucking loves it! Because she needs it! Oh yeah baby your mother needs that hard fucking cock buried in her pussy oh yeah she does!!" As twisted as all this sounde

ed it was driving me wild. I had never fucked a woman this hard. I was rearing all the way back driving every inch of my cock in and ou

ut of her. All the while Laura was talking trash and playing with her clit. "Yeah you bad boy shoving you're finger up your mothers ass making her cum in your fucking face oh you bad boyy

yyyy!" with that I felt her pussy begin to convulse around my cock. Laura let out another incredibly loud wail as her eyes rolled back in her head and her bod

dy went through its third orgasm in the last hour. I slowed up my slamming of her just a little as her orgasm finished. Then leaning over bent her legs back and started going harder. "Ohhhh," Laura moaned, "Oh y

you're so fucking deep!" She looked up at me as she spoke, Laura was sweating, her hair stuck to her neck and parts of her cheeks. Her cheeks themselves were flushed from the heat and the orgasms. God she looked beautiful I thought. "Like fucking me

don't you?" "Oh yeah I do." I got out in between gasps, I was starting to get close myself. "Stop." Laura said. As much as I didn't want to I did, although I did keep my cock inside o

of her. "This isn't how you thought of it. Is it Kev?" At first I wasn't sure what she meant. Laura smirked at me. "Isn't there a way you'd rather fuck me Kev

v? You know maybe with my ass in the air? That ass that you've been ogling for months now?" "Oh hell yeah!" I panted. "Then ask me." "Laura would you please get on your

knees so I can fuck you doggy style?" "That was nice Kev." She told me as she slid herself back off my cock and further back onto the bed. "Now tell me why." "So I can see that hot little ass pointed right at me whil

le I grab your hips and make you scream." "Oooh," She cooed. "Is that anyway to talk to your mother?" "No, but I bet that slut named Laura loves bei

ing treated that way." I told her. "Ain't that the truth!" With that Laura rolled over and after getting on her hands and knees lowered herself onto a pillow pushing her ass up towards me. I all but jumped onto the bed to kneel behin

nd her. Taking my cock I spent a minute teasing the two of us by rubbing it up and down her pussy then keeping the tip right at her pussy grabbed Laura's hips and slammed my prick into her tight

t little box. "Oh fuck yeah!!" Laura cried out as I began pumping in and out. I went slow for the first minute or so giving myself a chance to enjoy it as I knew

I wouldn't last long after the fucking from before. "Oh don't tease Kev you can take me like this again later, hell you can take me all weekend!" That was it! No holding back now I started slamming her so hard it made ear

rlier seem like we were making love. Laura was wailing nonstop now as using her hips, I was shoving her in and out against my thrusts pounding her even harder. Laura's back was glistening with sweat and her long hair was fann

ned out across it, Unable to help myself- I mean at this point what did it matter- I reached out and grabbed a handful of her hair, not really pulling it but just holding it. "Ohh you bad, bad boy!" Laura exc

claimed. "And you're a bad girl." I told her. "Then give me what I gave you when you were bad." Once again with no hesitation I gave her ass a quick slap. "Oh come on Kev." I slapped her harder this time leaving a red mark on her

right ass cheek. "That's better now just fuck me!" I shifted my hands from her hips to her still narrow waist, and really let loose. I'm a pretty strong guy and I could not believe how much she was taking. I'd have sent Jenny ho

ome crying by now. "Oh you like my ass in the air don't you?" "Yes oh yes!" I groaned out. "Yeah you love fucking me doggy style?" "Oh god yeah." "Yeah you like fucking your mother Kev?"

" "I love fucking Laura." I replied. I was getting close I started fucking even faster slamming my hips into her so hard I was going to have bruises tomorrow. "I want you to tell me you

love fucking your mother Kevin." At that I slowed down a little, was she kidding? "Just once Kevin just say it once, and it will be Laura

a from now on but I want to hear it." "O-okay." I said and resumed fucking her. Before I could try she added; "If you say it right I'll let you cum on my tits. Now go ahead and do as your mother tells you." I resumed slamming the shit out of

f her waiting until I was just about ready to say it so I wouldn't back down. After several more hard slams I closed my eyes and said; "I love it! I love

fucking my hot mother, I loved watching her suck my cock and I'm going to love cumming all over her tits I.. oh oh!" Feeling the

e cum racing through my cock I pulled it out and squeezed the head hard. Rolling over into a sitting position Laura held both her tits up framing them with her red nails. With a loud cry of my own I let my cock g

go and watched as the first tremendous spurt hit her right tit so hard it splattered I moved my cock so the second hit the left one. I continued to jerk another spurt hit right in between then Laura gave me one mor

re treat; "Go ahead shoot the rest on my face, like you know you want to." I pointed my cock up and the last couple of shots hit her cheek and her lips. I leaned

d back and rested my hands on my knees totally spent. Or so I thought. Laura immediately put her mouth on my cock and began sucking. I had just cum and was so sensitive it was driving through the roof. "No stop! Please!" I told her. Laura pus

shed me hard causing me to fall onto my back on the bed. Before I could move she swung her leg over my hips and drove herself down onto my still hard cock. "Oh god!" I moaned. Laura instantly started bucking up and down hard driving herself o

on and off of my cock. The head still felt like a raw nerve and my hips were bucking but in an attempt to pull out. Laura had me pinned however, her fingernails were digging into my chest and she was pushing into me causi

ing me to bounce up and down off the bed and into her hips. "Oh please." I cried out. "I can't again!" "Oh yes you can!" Laura said somehow finding a way to start riding me even harder. "Oh that's right you can! That y

young hard cock has one more load for it's hot Laura doesn't it baby?" To my surprise I could feel myself getting ready. I was sweating like a pig and totally exhausted but Laura was riding me like a porn star. She was leaning o

over and all that was visible through her sweat soaked hair was her lust crazed blue eyes staring straight into mine. "Yeah that's right baby you cum again for me! You want more of this pussy? You show me why I should give it to you. Sho

ow me how much you have for your hot little cougar." I let out a pathetic whimper as she pushed herself up on her knees and drove down even harder her ass slamming into my hips.

. "Oh yeah, I.. oh..." With a sense of relief I felt myself begin to cum and was surprised by how hard I did. Laura cried out; "Oh that's right I knew you

u had more for me!" Laura stopped bouncing and I could feel her pussy clenching around my cock milking every last drop out of it. When she was done she leaned over and kissed

d me sweetly on the lips then rolled off of me and onto her back. Where after a moment she let out a long sigh and said; "Damn I haven't had it that good in years!" "I don't think I ever had it th

hat good." I told her honestly as I lied there panting. "Well we'll work on seeing if we can do better." My eyes widened. "Really?" "Damn

Kev you think I'm going to let this be a onetime thing?" She rolled over onto her side. "Kev, roll over so you can look at me." I turned over onto my

y side so we were facing each other. "Okay listen." She said. "I think we both know that this whole thing seems very wrong but I also think that neither one of us c

cares. Why don't we? Well once again who cares? We don't tell anyone and we just enjoy okay?" "Whatever you say Ma, Laura I mean..." She laughed at me. "Seeing as were nake

ed in bed its Laura okay? It will be Laura anytime we do this, which for the record will be weekends only got it?" "Um I guess." "You come looking any other night I'll toss you out of the room okay?" "Um have

e you been thinking about this?" I asked her. " I have quite a bit actually. Remember the most important thing is it's always Laura on the

e weekends so it doesn't seem so weird." "Yeah but you wanted me to call you mom." I pointed out. "And you kept saying it." To my surprise she blushed. Then sighed and said. "Okay Kev I owe y

you the truth. When I first saw that site I was pretty disgusted. I was going to get you to counseling, then I read a couple of the stories then a few more. Next thing you know I was reading them at work, and playing with myself at night to them. It's

what made me want to try so just once I wanted to hear what it sounded like." She smiled tiredly shaking her head. "Truth is it was a hell of dirty turn on but let's keep it at Laura. I mean that's if you want to again." "How could I not I mean Jesus

your hot Laura." I blushed a little myself as I added. "Best lay I ever had that's for damn sure." "Good." Laura stretched, and I

I was once again amazed at how lean and tight her body was, how good her tits still looked. Not that there was a chance of me getting it up again but I still couldn't stop looking. "Well that wore this girl out." Laura said and tur

rning on the bed put her head on the pillow and pulling the sheet up slid her legs underneath them. "Um okay." I said. "I guess I'll go to

o my room." I began to get up, but Laura grabbed my arm. "Where you going Kev?" "I just said I'll go..." "Would you leave any other hot woman alone in her bed?" "Well no." Laura smiled and lifting up the sheet tapped the bed next to her. "Then get o

over here and cuddle up with me." I lied down on my back next to her and Laura slid up next to me putting her head on my chest and her arm across my waist. She sighed contentedly. "Isn't this better?" She asked. I have to say it felt pretty

damn good as long as I pictured it being Laura whose tits were pressed into my side and whose bare leg was draped across mine. I closed my eyes and also sighed. The air conditioning was on high and now that we weren't

fucking the room was pleasantly cool and God knew I was pretty worn out. "Besides," Laura said. "How can I wake you up by sucking your cock if you're in the other room?" She giggled then said; "Sweet dreams Kev." That had been a month and a half ago a

and since then we've gone at it like it's a sporting event from Friday to Sunday. To the point where I'm not even looking for a girlfriend, and if I do meet someone I'll tell them I'm not available on the weekends. Mom recently met someone and only

sees them on weeknights claiming she works Friday through Sunday. Fact is we both love it! The two of us have better sex then I co

ould have ever imagined, and after the first couple of weeks Laura even started dressing up and playing, everything from cheer leader outfits to a naughty nurse. Thing

gs like that make the week drag it's not just the sex but what the next game will be. The sound of a car door slamming in the driveway snapped me out of my day dream. I immediately sat up to face the front door. A

moment later my heart began to pound in anticipation as the door opened and Laura came in. She was dressed in the long overcoat she wore in the fall and all I could see was pair of heeled black boo

ots. "I know I'm late." She said coming over to stand before me. "That's okay." I told her. I went to reach for her but she stepped back. "Well if it's any consolation it wasn't because of work." "No?" "No I thought I would pick up a little somethi

ing for us." With that Laura undid the coat letting it drop to the floor. I think my jaw landed there first. The boots were thigh high, and all she had been wearing under the coat was a black leather thong and matching bra. "What do you

u think Kevin?" Laura asked as she sank down on her knees in front of me. I smiled "Thank God it's Friday."

Those low-cost embedded tracking devices in your smartphone or those personal GPS devices that track the whereabouts of your children, car, pet, or shipment can easily be intercepted by hackers, who can then pinpoint their whereabouts, impersonate t

them, and spoof their physical location, a researcher has discovered. Security researcher Don Bailey at SOURCE Boston today disclosed the newest phase of his research on the lack of security in embedded devices, dem

monstrating how he is able to hack vendor Zoombak's personal GPS locator devices in order to find, target, and impersonate the user or equipment rigged with these consumer-focused devices. Bailey

y, a security consultant with iSEC Partners, decided to call out the widely available products from Zoombak after the vendor and its

parent company Securus Inc. didn't respond when he alerted them about the security weaknesses. Mitigating these attacks would only require a few simple changes to the product, he says. Meanwhile,

the threat is real, he says. "Anyone with a little hardware knowledge could reverse-engineer this," he says. "Children are physically at [risk] because these device

es can be turned into weapons." Bailey also released tools today for each of the three attacks he demonstrated at SOURCE Boston. "Embedded devices are low-cost, easy to use,

and easy to debug. And the security landscape is very small," Bailey says. "There is very little capability for integrating secure communications on the devices and ensu

uring that it's your code executing on there." The underlying issue is that the low-cost and rapid commoditization of these embedded systems precludes their being properly secured. "There's a low entr

ry point for people to develop them, so you have a serious problem because new developers and new startups don't have an understanding of security. It's an insecure product by default," he says. E

Embedded system security is tricky in that there are so many moving parts in the final products, including baseband, GPS firmware, application firmwar

re, and SIM software, according to Bailey. It's not just consumer GPS tracking devices that are vulnerable, either. Bailey says he was also able to hack server SCADA embedded systems. "I was able to remotely compromise the box in its entirety" via the mic

crocontroller on it, he says. With the Zoombak device, Bailey was able to discover the tracking devices, profile them, using what he calls

"war texting," to intercept their location. Zoombak uses a Web 2.0 interface that provides a map showing the GPS-equipped person or payload's physical location. The devices receive commands via

a SMS text messages. In the first attack, Bailey forced the device to send him its physical location using techniques to grab the GPS coordinates and local cell tower information. "I can force those devices to bypass the manufacturer's c

controls and give me their information and they have no idea that I've intercepted their location," he says. Once he fingerprinted the device, he can determine just what it is. "I know if it's a semi, a mail van, or

r a teenager driving the family car just by watching the vehicle for a certain period of time. I can use traffic cameras on Google satellite," he says. That would leave the GPS-outfitted person or payload prone to physical attack,

, he says. Bailey was also able to impersonate the Zoombak personal GPS tracking device. "I use it as a weapon to fake the location data. If it's a tr

ruck on I-70, I can take the device and force it to send false location to the server and meantime, could hijack the truck," he explains. Zoombak's command and control channel is in the clear, unencrypted. These devices could be locked down with so

ome type of PKI on the microcomputer to encrypt the communications between the device and its server, Bailey says. "I can just sniff the line and see all of the data in plain text. I should

dn't be able to do that so easily; it's pretty ridiculous," he says. Another protection would be to ensure that when a device on a 3G network that it cannot interact with other 3g devices: it should only be able to speak with t

the manufacturer's server, he says. And he suggests network partititioning, which also would help secure these devices. Zoombak had not responded to press inquiries as of this posting. Microsoft today released a pair of security advisories for Chrome

e, the browser built by rival Google. One of the advisories also called out a vulnerability in Opera. The change is part of an expansion of the

vulnerability disclosure policy Microsoft launched last summer, said Mike Reavey, the director of the Microsoft Security Response Center (MSRC). The bugs we

ere discovered by Microsoft researchers, and reported to the security teams responsible for Chrome and Opera. Google patched the two Chrome vulnerabilities

s last September and December; Opera fixed its browser flaw in October 2010. The advisories were the first ever from Microsoft for bugs in third-party products. According to Reavey, they will be followed by others, as necessary. "If we're in a s

situation where we find a vulnerability in some other vendor's product, we will release an advisory ourselves," said Reavey. At times, those advisories will appear before the affected vendor has a patch ready for users, Reavey acknowledged. "If there's a

an attack [ongoing], we'll release an advisory, most of the time with workarounds and mitigations, but we will continue to coordinate when we do so," he said. In no instance will Microsoft issue an advisory on someone else's software without

t first contacting and coordinating work with the other vendor, Reavey stressed. Microsoft follows the same practice for flaws its researchers find in the company's own software, pointed out Andrew

w Storms, director of security operations for nCircle Security. Storms applauded the move, largely because of his high opinion on the advisories the company produces for its own code. Microsoft's advisories are much more thorough than

those from most rivals, he said, and more easily digestible. This isn't a sudden shift, said Storms. "Back in 2008 at [the] Black Hat [security conference], Microsoft said they were interested in finding vulnerabilities in the entire Wi

indows ecosystem. It took them three years to get it going," he said. Microsoft kicked off its Microsoft Vulnerability Research (MSVR) program in August

t 2008, saying then that its security researchers would report bugs they found to third-party developers, and coordinate with those vendors to make sure details did not go public before a patch was in place. At the time,

however, Microsoft said it would not issue security advisories for third-party software. Today's advisories were part of a larg

ger announcement by Microsoft that made public details of its bug policy, which it dubbed "coordinated vulnerability disclosure," or

r CVD, almost nine months ago. Last July, Microsoft said it would drop the term "responsible disclosure" used to describe the back-and-forth between bug finders and vendors, and instead us

se the new moniker CVD. At the time, Microsoft admitted the move was primarily a name change designed to eliminate what it said was the "emotional" context of the older term. Microsoft published the policy today -- something it had not done last year -- an

nd asked that others in the security community "embrace the purpose of this shift, which is ultimately about minimizing customer risk, not amplifying it." Today's advisories are a demonstration of that policy in action, sa

aid Reavey, who also acknowledged that future advisories will address complaints that critics had aired about CVD. "One thing we hear from 'full disclosure' [proponents' is that custo

omers can be put at risk with CVD," he said, talking about the opposing philosophy by some researchers, who believe in making vulnerabilities public to push vendors' patching pace. Advisories that Microsoft issues down the road about bugs that lac

ck a patch are an attempt to answer those critics. Microsoft also made public a policy that's been in place since November 2010 that requires all employees to follow the CVD guidel

lines, and report bugs in third-party products to the MSVR program. The new rules for internal researchers applies whether they found the flaws on company time, or their own, said Reavey. When asked wheth

her Microsoft expects others to follow its lead -- some Google security engineers, for instance, have released information about Windo

ows bugs before Microsoft had patches ready -- Reavey didn't answer directly. "In general, this is the shift we would like to see the industry move toward," he said. Android devices caches for the same function. This is a quick dumper I thr

rew together to parse the files from the Android location provider. The files are named cache.cell & cache.wifi and is located in /data/data/com.google.android.

.location/files on the Android device. You will need root access to the device to read this directory. How to disable: Find Settings -> Location & Security -> Use wireless networks and unche

eck it. This removes the files on 2.3 devices, my 2.2 device keeps the files but stops updating them. Other versions are unknown at this

s moment. Usage: $ parse.py You can also pass the --gpx option to get ouptut in GPX format, then use gpsbabel or something to get the data into the format of your choice: $ parse.py --gpx cache.wif

fi > wifi.gpx Important note: looking at old android source (this code is no longer open from Google it seems) it seems to be limited heavil

ly. However, data is only pruned when new info is added. There is no time based pruning unless there is new data being added to the cache. This could lead to old data being if t

there is limited movement of the device. // Maximum time (in millis) that a record is valid for, before it needs // to be

refreshed from the server. private static final long MAX_CELL_REFRESH_RECORD_AGE = 12 * 60 * 60 * 1000; // 12 hours private static fin

nal long MAX_WIFI_REFRESH_RECORD_AGE = 48 * 60 * 60 * 1000; // 48 hours // Cache sizes private static final int MAX_CELL_RECORDS = 50; private static final int MAX_WIFI_RECORDS = 200; Example output

t: $ ./parse.py cache.wifi db version: 1 total: 47 key accuracy conf. latitude longitude time 50:63:13:57:42:7e 80 92 57.689354 11.994763 04/11/11 10:03:51 +0200 e0:cb:4e:7e:cc:53

3 75 92 57.689340 11.994495 04/11/11 10:03:51 +0200 4c:54:99:14:47:68 57 92 57.708979 11.916581 04/11/11 01:14:53 +0200 00:26

6:18:0a:ad:cb 60 92 57.709699 11.917637 04/13/11 08:40:36 +0200 00:22:15:28:3f:7a 60 92 57.699467 11.979340 04/13

3/11 11:52:16 +0200 00:22:3f:a7:d9:fd 65 92 57.699442 11.979343 04/13/11 11:52:16 +0200 $ ./parse.py cache.cell db version: 1 total:

41 key accuracy conf. latitude longitude time 240:5:15:983885 1186 75 57.704031 11.910801 04/11/11 20:03:14 +0200 240:5

5:15:983882 883 75 57.706322 11.911692 04/13/11 01:41:29 +0200 240:5:75:4915956 678 75 57.700175 11.976824 04/13/11 11:52:16 +0200 240:5:75:4915953 678 75 57.700064

11.976629 04/13/11 11:53:09 +0200 240:7:61954:58929 1406 75 57.710205 11.921849 04/15/11 19:46:31 +0200 240:7:15

5:58929 -1 0 0.000000 0.000000 04/15/11 19:46:32 +0200 240:5:75:4915832 831 75 57.690024 11.998419 04/15/11 16:13:53 +0200 If you have

any questions/info that you'd like to share, I can be reached via @packetlss on Twitter or packetlss+android@gmail.com You may have heard about the way th

hat the iPhone is tracking your every move. Well, it turns out that Android phones do this as well, and likely for the same reasons. Developer Magnus Eriksson has created what he calls an Android location service data dumper. This is an

n app that searches Android phones for a location data file similar to the one iPhones use to store location data. Following the latest days internet outrage/overreaction to the revelation that iPhone has a cache for its location s

service, I decided to have look what my Android devices caches for the same function. This is a quick dumper I threw together to parse the files from the Android location provider. The file contains what he refers to

as ‘coarse’ location data. That is to say data obtained by cellphone tower location and not a more accurate GPS data location. Here is a sample set of data from the cache.cell file that recor

rds cellular locations in the Android file system. You can see that it contains a set of entries that record a latitude and longitude as well as a time stamp. $ ./parse.py cache.cell db version: 1 total

l: 41 key accuracy conf. latitude longitude time 240:5:15:983885 1186 75 57.704031 11.910801 04/11/11 20:03:14 +0200 240:5:15:983882 883 75 57.706322 11.911692 04/13/11 01:41:

:29 +0200 240:5:75:4915956 678 75 57.700175 11.976824 04/13/11 11:52:16 +0200 240:5:75:4915953 678 75 57.700064 11.976629 04/13/11 11:53:09 +0200 240:7:61954:58929 1406 75 57.710205 11.921849 04/15/11 19:46:31

1 +0200 240:7:15:58929 -1 0 0.000000 0.000000 04/15/11 19:46:32 +0200 240:5:75:4915832 831 75 57.690024 11.998419 04/15/11 16:13:53 +0200 The file is only accessible on devices that have

e been rooted and opened up to installation of unsigned apps. This is similar to the way that the iPhone used to store the data before it was made available to develo

opers using the iPhone’s background API for location sharing. Now however, the iPhone data is exposed to casual access using an application called iPhone Location Tracker that is similar in intent to the app that Eriksson has c

created for Android phones. We spoke to Eriksson about the way that the data from the Android OS and from iPhones is being used by their respective creators. He expla

ained that when an application requests location information, it doesn’t always need a pinpoint spot so the OS just uses cell towers to get a general location. The phone then sends the cell tower info to Google and in return

gets a set of coordinates. Then it can use this info (via triangulation and weighting based on each cells towers signal strangth etc)

) [to] get a rough estimate of it’s location. He mentions that it’s likely that the data is transmitted and received in the same way by Apple. This is corroborated

d by Adam Swindon, the creator of the CDMA version of the iPhone Tracker, who says that the data from a separate field within the Apple location data file, LocationHarvest, points to the possibility that the informatio

on is sent periodically to Apple. I think the names of the tables could be another clue towards how the data is being used. I have only ever seen the harvest tables containing a few entries with very recent t

timestamps, therefore they might be used as a queue for data to be sent to Apple. Once sent it could be archived in the other table, and the harvest table cleared. Due to the strong evidence that this behavior is extremely similar between the An

ndroid and iOS operating systems, it’s likely that the inclusion of months worth of this data is an oversight or error on Apple’s part and not intentional. Instead it’s lik

kely that the Apple system was originally intended to behave the way that Google’s system does. This is the behavior that John Gruber has speculated was the initial intent of Apple in regards to how long they keep location data i

in their system. After a period of time, 12 hours for cellular data and 48 hours for WiFi data, has passed, the location data is renewed by a new request from Google. It is also limited to a ma

aximum number of entries so that the database doesn’t grow too large. Swindon says that the location file pulled from his phone contained roughly 13,000 entries related to cellular network tracking. By contrast the Android file is

limited to only 50 entries in the cellular location database. The size of the database on the iPhone is what Eriksson attributes the accuracy of the lo

ocation maps created by the iPhone location data file to. Normally the data would be much more crude, but with a lot more data sampling to work with, the map grows more

e detailed and more accurate. This means that the only reason that the Apple system yields such detailed results is that it has far more data than it’s supposed to have in it’s database. Why that system does not b

behave the way that the Android location recording system does and simply dump out older entries is a mystery at this point. Gruber points to unofficial channels to suggest t

that it is a bug that will be corrected and looking at the evidence, we tend to agree. Today, two researchers for O’Reilly media published an article claiming discover

ry of a hidden tracking system on the iOS 4 operating system. Using simple techniques, Alasdair Allan and Pete Warden extracted data off of an iOS version 4 device and wrote an open source

e software utility to effectively graph this data onto a map. As a fellow researcher, I champion their creativity and their development. As an expert in this field, I have three points of

argument to raise. 1) Apple is not collecting this data. And to suggest otherwise is completely misrepresenting Apple. I quote: Apple is gathering this dat

ta, but it’s clearly intentional, as the database is being restored across backups, and even device migrations. Apple is not harvesting this data from your device. This is data on the device that

t you as the customer purchased and unless they can show concrete evidence supporting this claim – network traffic analysis of connections to Ap

pple servers – I rebut this claim in full. Through my research in this field and all traffic analysis I have performed, not once have I seen this data traverse a netw

work. As rich of data as this might be, it’s actually illegal under California state law: (a) No person or entity in this state shall use an electronic tracking device to determine the

e location or movement of a person. I don’t think that’s a legal battle Apple wants to face considering the sale of over 100 million iDevices worldwide. That raises the question – how is this data used? It’s used all the time by software runnin

ng on the phone. Built-In applications such as Maps and Camera use this geolocational data to operate. Apple provides an API for access to location awareness called Core Location. Here is Apple’s description of this softare library: The Core Location frame

ework lets you determine the current location or heading associated with a device. The framework uses the available hardware to determine the user’s position and heading. You use the c

classes and protocols in this framework to configure and schedule the delivery of location and heading events. You can also use it to define geographic regions

s and monitor when the user crosses the boundaries of those regions. Seems pretty clear. So now the question becomes why did this “hidden” file secretly appear in iOS 4? 2) This hidd

den file is neither new nor secret. It’s just moved. Location services have been available to the Apple device for some time. Understand what this file is – a log generated by the various

radios and sensors located within the device. This file is utilized by several operations on the device that actually is what makes this device pretty “smart”. This file existed in a different form p

prior to iOS 4, but not in form it is today. Currently, consolidated.db lies within the “User Data Partition” on the device. This is a logical filesystem that maintains non-system level privileges and where most of the data is stored. When y

you perform an iOS Backup through iTunes, it is backing up this partition. Prior to iOS 4, a file called h-cells.plist actually existed in the /root/Library/caches/locationd folder,

but with hidden access from other software and applications. h-cells.plist contained much of the same information regarding baseband radio locatio

ons as consolidated.db does now, but in Apple Property List format rather than sqlite3. Through my work with various law enforcement agencies, we’ve used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices. So let

ts recap. h-cells.plist = Pre iOS 4 / Radio Logs including Geolocational Data / Hidden from Forensic Extraction (usually) consolidate

ed.db = iOS 4+ / Radio logs including geolocational Data / Easily acquired through simple forensic techniques The change comes with a feature introduced in iOS 4 – Mutlitasking and Background Location Se

ervices. Apps now have to use Apple’s API to operate in the background – remember, this is not pure unix we’re dealing with – it is only a logical multi

itasking through Apple’s API. Because of these new APIs and the sandbox design of 3rd party applications, Apple had to move access to this data. Either way, it is not secret, malicious, or hidden. Users still have to approve

location access to any application and have the ability to instantly turn off location services to applications inside the Settings menu

u on their device. That does not stop the generation of these logs, however, it simply prevents applications from utilizing the APIs t

to access the data. 3) This “discovery” was published months ago. I understand that Mr. Allan and Mr. Warden are valued researchers for O’Reilly, but they have completely missed the boat

on this one. In the spirit of academia, due diligence is a must to determine who else has done such research. Mr. Allan, Mr. Warden, and O’Reilly have overlooked and

d failed to cite an entire area of research that has already been done on this subject and claimed full authorship of it. Let’s break down my history: Back in 2010 when the iPad first came out, I did a research project at the Rochester Ins

stitute of Technology on Apple forensics. Professor Bill Stackpole of the Networking, Security, & Systems Administration Department was teaching a computer forensics course and pitched the idea of doing forensic analysis on my recently acquire

ed iPad. We purchased a few utilities and began studying the various components of apple mobile devices. We discovered three things: Third Party Application data can con

ntain usernames, passwords, and interpersonal communication data, usually in plain text. Apple configurations and logs contain lots of n

network and communication related data. Geolocational Artifacts were one of the single most important forensic vectors found on these devices. After presenting that project to Professor Stackpole’s forensic class, I began

work last summer with Sean Morrissey, managing director of Katana Forensics on it’s iOS Forensic Software utility, Lantern. While developing with Sean, I continued to work with Professor Stackpole an academi

ic paper outlining our findings in the Apple Forensic field. This paper was accepted for publication into the Hawaii International Conference for Syst

tem Sciences 44 and is now an IEEE Publication. I presented on it in January in Hawaii and during my presentation discussed consolidated.db and it’s contents with my audience – my paper was written prior to iOS 4 coming out, but m

my presentation was updated to include iOS 4 artifacts. Throughout the summer, I worked extensively with Sean on both developing Lantern and writing custom software to interpret forensic data for customers of ours who

needed better ways of searching for and interpreting data. When the iPhone 4 came out, I was one of the first people in San Francisco to grab one (yes I waited

d to be in the front of that awful line). — ( Look for the RIT shirt ) Within 24 hours of the iPhone 4s release, we had updated Lantern to support forensic analysis of iOS 4.0 devices. Within 36 hours, we had began writing code to inves

stigate consolidated.db. Once a jailbreak came out for iOS 4, I wrote a small proof of concept application to harvest the contents of consolidated.db and feed it to a server for remot

te location tracking. Ever since then, location artifacts have been a main area of interest for me. I’m now the Lead Engineer for Katana Forensics leading all technical research and development of both Lantern and private utilities. I

I travelled to Salt Lake City, UT in November for the Paraben Forensics Innovation Conference (PFIC) and presented with Sean on iOS Forensics including the content of

f consolidated.db. At that same conference, Sean and I announced the development of Lantern 2.0 which would fully support the interrogation of consolidated.db and other geolocational artifacts scattered throughout the device

e. Sean and I even wrote a book detailing iOS forensics involving iOS 4 devices that came out on December 5th, 2010. — Sean Mo

orrissey, Primary Author, Alex Levinson, Contributor In the course of writing Chapter 10 – Network Forensics – I fully explain and detail th

he examination of consolidated.db and other network artifacts within the device! — Page 335 - Continued on page 336. In February of 2011, Sean and I previewed Lanter

rn 2.0 at the DoD Cyber Crimes Conference in Washington, DC including our geolocational features. Lantern 2.0 has been on the market for months now and performs the same functionality Mr. Warden’s

s utility does and much more. We correlate geolocational data embedded in images and third party application. We give you a geolocational timelin

ne of events in list view showing much more than baseband logs within consolidated.db. While forensics isn’t in the forefront of technology headlines

these days, that doesn’t mean critical research isn’t being done surrounding areas such as mobile devices. I have no problem with what Mr. Warden and Mr. Allan have created or p

presented on, but I do take issue with them making erroneous claims and not citing previously published work. I’m all for creative development and research, as long as it’s honest.