DeepSec 2013 Talk: Cracking And Analyzing Apple iCloud Protocols: iCloud Backups, Find My iPhone, Document Storage

René Pfeiffer/ November 3, 2013/ Conference

The „Cloud“ technology is a wonderful construct to hide anything, because the „Cloud“ itself is no technology. Instead it is constructed out of a variety of different protocols, storage systems, applications, virtualisation and more. So „Clouds“ provide a good cover. Ask any fighter pilot. They will also confirm that the „Cloud“ is a great hunting ground. A lot of companies and individuals store their data there. A security flaw, stolen access credentials, compromised servers/clients, or bugs in the implementation can do harm. Information security researchers have long since explored the „Cloud“ infrastructure. The task is difficult for few providers have a fully open infrastructure; some do, some don’t. Plus you don’t know what’s going on between data centres.

At DeepSec 2013 Vladimir Katalov will shed some light on the internals of the iCloud. He has reverse-engineered the iCloud protocol. The findings allow to access data stored on Apple’s servers without using a registered device. All you need is your Apple ID and your password. First of all this affects your backups. There are no access restrictions any more. You can fully access iMessage, SMS, photos and videos, device settings, documents, music, and other things. You only need Internet connection and a computing device (regardless from what vendor). Since the barrier has been lowered to your access credentials, make sure you guard your Apple ID well and use a secure password. Otherwise adversaries will find treasures in your backup files.

Secondly you can use Find my iPhone from any device as well. The trick is that you can use the location feature without accessing the iCloud or having a device tethered to your account. The only requirement is to have location services switched on. You can query a device’s geo-location by sending push requests. The received coordinates can be use with any visualisation technique you like.

Thirdly there is storage. The iCloud is advertised as to allow users’ to work with their own data wherever they like. The data being iTunes contents, photo streams, contacts, iWork documents, application files, and everything else you can think of. However, not all information can be accessed from the iCloud web page. For example, some application files (e.g. data generated by SoundHound) you may have on your iPad – or whatever – won’t be accessible from the iCloud.com/iWork framework. The presented technological analysis allowed us to make it possible to access and download all storage information, including third-party application files on-the-fly, even without launching a work session in the iCloud!

So by using a web browser the iCloud is your personal oyster. This is a truly remarkable feature of (i)Cloud-based infrastructure. We recommend this talk for everyone using the iCloud services, developing „Cloud“ services, or thinking about moving data into the virtual sky. If you really want to rely on these technologies, make sure you really understand what is going on and how they work! Seriously!

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

3 Comments

Comments are closed.