Geo-tagging & Photo Tracking On iOS

As you may already know, Apple has always been criticized for using their extremely popular devices to track users and use this information to expand their own databases. This tutorial assumes that you have already jailbroken your device and you know how to navigate your way through iOS menus, if you don’t then check out our other articles that cover just that. In this small and insightful tutorial, you’ll see just how easy it is to extract photos from an Apple device and use the EXIF data to view the location of where the photo was taken along with other cool details.

Introduction & Prerequisites

Apple devices store much more information than you would ever imagine. It is surprisingly accurate as well, with timestamps to the millisecond and even location data that is frighteningly accurate. The main challenge for the user however, is correctly extracting, preserving and analyzing this information which is where awesome dudes like me come into the picture! After several months of studying the iOS architecture and how things work on an Apple device, I am more than happy to provide the community with bite size chunks of information and that is exactly what I am about to start doing with this first post, aimed at Apple forensics.

So, enough blabbering on about the facts and figures, time to get right down to business right? Well, first you gotta have the right equipment and tools, of course. Here is what you’ll need for this tutorial:

  • An Apple device – this best works with an iPhone or an iPad but could be a great success on the latest iPod Touch too.
  • The device has to be jailbroken – cause it is really easy to do and allows us to do so much more with the devices.
  • Cydia package iFile which can be downloaded from many sources on Cydia.
  • An extensive EXIF viewer, there are many available however, I prefer this one that is available online.
  • Some legs, cause the device ain’t gonna walk up a high street itself now, is it?

That is roughly everything that you’re going to be needing in order to pursue this tutorial. Let’s get to it then!


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Foreword

I’ll show you what we did during our research and what procedures we followed to get the end result which is of course a picture with the location data plotted on the map that easily allows you to see your whereabouts at certain times. It should be noted that when we carried out this experiment, we took our iPad and walked down a busy high street in the heart of Glasgow, assuming that the iPad would automatically connect to open WiFi networks itself (which it did). We never at any point connected to a network by ourselves, we only had the Camera application open and were taking pictures intermittently. During the following steps, I’ll breakdown exactly what we did, why and how.

Step 1

Take your device out for a stroll, preferably on a street that you know contains many WiFi hotspots (that is if you have non-cellular device such as an iPad Mini WiFi only model), so if you have an iPhone, you should be good to go anywhere because it is always connected to the Internet via radio towers.

Step 2

Take some pictures, at random times, in random places, of random things. Possibly do it with the same technique that we did – 5 pictures on the way down and 5 pictures on the way back. Notice that when you take a picture using the Camera application, the location data icon shows up on the status bar of your device, as shown below:

Location data
Location data active icon in the taskbar.

The actual icon may differ from the one I have above however, it will only pop up right after you take a picture using the Camera application. The icon will always show up when the iPad is requesting the use of location services. This can be changed within the Settings application.

Step 3

Once you have a small collection of photos that you took, you can head back in and start extracting them from the iPad. Now, you can always just sync the photos on iTunes and that’ll move them over or use some 3rd party software to transfer them but how about doing it wirelessly? That’s right. With iFile on a jailbroken device you can easily set up a web server that allows you to transfer content over to your computer.

Open up iFile and navigate to the following path:

/var/mobile/Media/DCIM/100APPLE

You’ll be presented with a screen that looks similar to the one below, of course you could have more or less photos, obviously depending on how trigger happy you are with the Camera application.

DCIM Folder
The image files contained within the folder mentioned above.

Already you can see information such as the size for each file, timestamps and file names. To initiate a web server connection, touch the wireless icon in the bottom center of the screen. This will yield this screen which shows you what to type into your address bar in a browser.

Web Server Established
Connection has been created, use the details to access your device wirelessly.

Step 4

Now open up a browser on your laptop or desktop computer (for the love of god, do not use Internet Explorer) and type up the address that is shown on the device into the address bar. This will establish the connection between your computer and the device, enabling you to transfer files (yes, they go both ways) easily and effortlessly. Once you’ve setup the connection, you’ll be presented with this screen on your computer and a confirmation on your device.

iFile On A PC
This is what you’ll see on your computer once connection has been setup.

Step 5

You can now navigate to the path shown above on the computer and download the photos that you’ll be working with, precisely those that are located at the bottom of the folder. Just make sure that the date and time match that of when you took your initial photos. To save your photos, simply either right click on one and select Save link as… or click on it and repeat the aforementioned step. Save all your photos into one neat folder on your computer, so you can find them easily when it comes to the next step.

Step 6

This is where it begins to get interesting – with the photos extracted and ready, you can start uploading them onto the online EXIF viewer. Go ahead and open that up and upload the first image using the instructions provided on the website.

EXIF
Uploading your image to the online EXIF viewer is easy, my gran could do it!

Step 7

Once your image is uploaded and the processing is complete, you’ll be presented with the full page of information. Some of this information is useful, and some is not. Have a wonder about and see how much you can understand cause we really need a few important details for the next bit. Notice on the top of the page there is a section that summarizes all the information that we need – a timestamp, longitude and latitude.

EXIFED
This EXIF viewer does a nifty job summarizing all the stuff we need.

Step 8

Go ahead and copy the latitude and longitude that is shown in brackets, you’ll need it for plotting the final coordinates later on. Now all you need to do is rinse and repeat the steps above for the remaining photos that you took, remembering to copy over the coordinates into a text file.

Once you’re done, you’ll essentially have something that looks like the following image. Let’s hope you haven’t been stalking me and your coordinates are wildly different from mine.

Coordinates
Your final list of coordinates, probably different from mine.

Step 9

It’s time to plot this small selection of coordinates (larger list if you’re a photo fiend) on a map, provided by the good old trustworthy Google Maps. Navigate yourself to this website, which plots lists of coordinates with ease and slap in your list. Guess it’s common sense that you need to press the big green button to get anywhere, eh? You’ll start with something like this:

Batch Geo
Pretty straightforward, eh?

And you’ll end up with the final result which is shown below:

Plotted
The final result!

Conclusion

So, we’ve managed to plot the coordinates of the photos taken with an Apple device – this allows us to further explore just how fascinating technology really is and how quickly it is evolving into something that may soon be beyond our control. Even though this probably won’t hold up by itself in a court of law, it could potentially be part of crucial evidence that can be used to prosecute a suspect. I hope you’ve learned something new from this tutorial and this is just the first of many steps of uncovering what else Apple has in store for us.

For more articles, visit our blog!
For more articles, visit our blog!
We would really appreciate it if you like us on Facebook.
We would really appreciate it if you like us on Facebook.

Thanks for reading!

10 thoughts on “Geo-tagging & Photo Tracking On iOS”

  1. I really enjoyed this article thank you for posting it. It links in nicely with an article i posted a few weeks ago titled Mobile Device Geo Tags & Armed Forces. I look forward to any more articles you may post in the future.

    P.s how did you get the bat symbol in the bar at the top of your idevice?

    • Thanks for reading 🙂 I’ll check out your article also. The bat logo is part of a Cydia tweak called Zeppelin that allows you to change your carrier logos to many different designs.

  2. Nice article. Q: is there à difference in information out of the picture exit data when you take out the pictures after à psysical reading with Cellebrite ufed or XRY and scan the pictures with à tool that can read geodata Amons otter things.

  3. Good article thanks. My degree project was based on GPS EXIF data so this was an interesting read. I think there is a lot of forensic potential for this sort of evidence. I think this approach would have helped with the Boston Bombings investigation, pooling images from a number of different sources, may have narrowed down the amount of images to process and help locate the suspects more quickly.

    Many thanks for the article.

    Josh

  4. Thank you for your work. Please let me add some things I discovered:
    #1: the iPhone doesn’t have to be jailbroken, you can simply copy the photos of most i-devices to your pc and get the exim data (tested it with iPhone 3G, 4G without an S, 5G and iPad 4G, all of them running the latest available S/W versions).
    #2: you don’t have to send your data to an external website. Just use a graphic viewer like irfanview (you’ll have to install the plugins too) and you’ll get all the gps data, the program will even send you to the place where the photo was taken via Google Earth.
    #3: IOS isn’t the only system that adds GPS data to pictures. I tested an old HTC HD2, running WM 6.5 (a version I found somewhere at xda-developers), same result.

    I can’t say anything about the behavior of Android devices because I don’t have one, but I suppose that there will not be a great difference. Maybe someone could contribute his experiences.

    Best regards,

    Hastur

    • This should work the same for all mobile devices with GPS location enabled (Android as well as some BlackBerry devices), as the standard metadata for modern images allows for GPS coordinates.

      As for the programs to use to extract, I’m a big fan of Phil Harvey’s ExifTool.

Leave a Comment

Latest Videos

Digital Forensics News Round Up, March 27 2024 #dfir #digitalforensics

Forensic Focus 21 hours ago

Digital Forensics News Round-Up, March 21 2024 #digitalforensics #dfir

Forensic Focus 21st March 2024 6:15 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles