NowSecure Connect — THE mobile AppSec + AppDev community online event — returns with new content and the latest training. Join the world’s brightest innovators, practitioners, community leaders, and industry influencers LIVE online for in-depth training, discussions, strategy sessions, CTF and more. Gain access to keynotes, exclusive breakouts, expert panels, on-demand sessions, plus an interactive peer-to-peer community. #NSConnect22 is your source for cutting-edge mobile AppDev, mobile AppSec and mobile DevSecOps insight. Register your crew today!

magnifying glass icon
Andrey Belenko

Andrey Belenko

Former Senior Security Engineer at NowSecure

Andrey has developed successful digital forensics products, published cutting-edge research, secured multiple U.S. patents, and spoken at more than 40 security events (including at BlackHat on four continents).

Dark and Bright Sides of the iCloud (In)Security – Examining iOS data backed up in the cloud

This is an overview of a presentation by Andrey Belenko and Dmitry Sklyarov at the ZeroNights conference on 11/22. Dmitry is a Lead analyst with Positive Technologies and Andrey is a Sr. Security Engineer with viaForensics.

“If you think that your backups are stored [in] Apple’s datacenter you’re sooooo mistaken”.

In early 2012, Andrey Belenko and Dmitry Sklyarov researched the security (or lack thereof) of data backed up to iCloud. iCloud, Apple’s successor to MobileMe, is a cloud service for Apple devices that allows users to backup and share critical data, such as contacts, calendars, application files, photos, and more. When enabled, the process is automated from a device to the iCloud. Backups can be as frequent as once or more per day, ensuring that the data resting in the iCloud is extremely current. Andrey stated this about their research:

“iCloud does not store actual backup data. The iCloud protocol is designed to use virtually any storage provider that can be accessed over HTTP(S). Depending on the Apple ID, we’ve seen iCloud backups stored in the Amazon cloud or Microsoft cloud. iCloud still stores all the metadata, and data from the Amazon/ Microsoft clouds is essentially useless without the iCloud metadata.” “Also, there is effectively no encryption of iCloud backups. When backing up to iTunes there is an option to encrypt the backup, but if you backup to iCloud, the backup is effectively not encrypted. We say “effectively” because actual file parts stored in Amazon or Microsoft clouds are encrypted but the encryption keys are managed and provided by Apple. Basically, when you request a file from your iCloud backup, Apple servers respond with URL to the encrypted file in Amazon or Microsoft cloud AND associated encryption key.”