iCloud (In)Security - Examining iOS data backed up in the cloud
This is an overview of a presentation by Andrey Belenko and Dmitry Sklyarov at the ZeroNights conference on 11/22. Dmitry is a Lead analyst with Positive Technologies and Andrey is a Sr. Security Engineer with viaForensics.
“If you think that your backups are stored [in] Apple’s datacenter you’re sooooo mistaken”.
In early 2012, Andrey Belenko and Dmitry Sklyarov researched the security (or lack thereof) of data backed up to iCloud. iCloud, Apple’s successor to MobileMe, is a cloud service for Apple devices that allows users to backup and share critical data, such as contacts, calendars, application files, photos, and more. When enabled, the process is automated from a device to the iCloud. Backups can be as frequent as once or more per day, ensuring that the data resting in the iCloud is extremely current. Andrey stated this about their research:
“iCloud does not store actual backup data. The iCloud protocol is designed to use virtually any storage provider that can be accessed over HTTP(S). Depending on the Apple ID, we’ve seen iCloud backups stored in the Amazon cloud or Microsoft cloud. iCloud still stores all the metadata, and data from the Amazon/ Microsoft clouds is essentially useless without the iCloud metadata.”
“Also, there is effectively no encryption of iCloud backups. When backing up to iTunes there is an option to encrypt the backup, but if you backup to iCloud, the backup is effectively not encrypted. We say “effectively” because actual file parts stored in Amazon or Microsoft clouds are encrypted but the encryption keys are managed and provided by Apple. Basically, when you request a file from your iCloud backup, Apple servers respond with URL to the encrypted file in Amazon or Microsoft cloud AND associated encryption key.”
For more information, and to see the full presentation, see the slides below.