Presented at
DeepSec 2013 „Secrets, Failures, and Visions“,
Unknown date/time
(Unknown duration).
Apple iCloud was meant to improve flexibility and comfort when using your iDevices, however it also provides opportunities to extract as much as everything about the user.
Backups: iCloud suggests backing up iMessage, SMS, photos and videos, device settings, documents, music and other things on-the-fly, which is useful for syncing or restoring in case your iDevice is lost or damaged. However, there is only one way to access iCloud backup data by organic means: You can only restore the backup onto any of your devices (linked to the same account) and, thus, only via Wi-Fi connection. This technical limitation is presupposed by design. But now I can show you a method to simply download everything onto any desired computer at hand, provided that we have Apple ID and password.
Find My iPhone: this application was meant to help you to track your own iDevices geographically and should be available strictly to the user under his/her own Apple account. But there is a way to get the geo-location data having neither a Apple device tethered to that account readily available nor access to the iCloud website. If the location services are switched on, the geo-location of the device can be detected by sending a push request (there will be an arrow indicator in the right upper corner of the target device screen) and getting the requested coordinates. Then, the received positioning data can be applied to any map you prefer (incl. Google Maps or any other map).
Storage: Apart from backup iCloud can store iTunes contents, photo stream, contacts, iWork documents, application files and more, which can be accessed either from any device signed up to the account or from icloud.com/iwork. However, not all information can be accessed from iCloud webpage. For example, some application files (e.g. data generated by SoundHound) you may have on your iPad - or whatever - won't be seen from icloud.com/iwork. Our technological analysis allowed us to make it possible to access and download all storage information, including third-party application files on-the-fly, even without launching a work session in iCloud.
Conclusion: iCloud stores large amounts of information. Before now access to this info was restricted either by the necessity to have iDevice available or by using Internet and web-browser (knowing Apple ID and password is required). Now, that I have reverse-engineered Apple iCloud communication protocols we can suggest an alternative technology to reach and download iCloud data and its changes in standalone mode.
Presenters:
-
Vladimir Katalov
- ElcomSoft Co. Ltd.
Vladimir Katalov is CEO, co-founder and co-owner of ElcomSoft Co.Ltd. Born in 1969 he grew up in Moscow, Russia. He studied Applied Mathematics at Moscows Engineering-Physics Institute (State University); from 1987 to 1989 he was a sergeant in the Soviet Army. Vladimir works at ElcomSoft up until now from the very beginning (1990). In 1997, he created the first program the password recovery software line has started from: Advanced ZIP Password Recovery. Now he coordinates the software development process inside the company and constantly calls in question the appearing security tools and services.
Vladimir manages all technical researches and product developments in the company. He regularly presents on various events and also regularly runs security and computer forensics trainings both for foreign and inner (Russian) computer investigative committees and other law enforcement organizations.
Vladimir regularly visits various IT security- related events, conferences and trainings all over the world. He has shared his expertise through dozens of conference sessions. Here is an incomplete list of the events: TechnoSecurity, BlackHat, CEIC, Infosecurity (Europe, Russia, Japan), IT Security Area (it-sa), European Police Congress, e-Crime, Troopers, EuroForensics, FT-Day, China Computer Forensic Conference, CanSecWest, CrimeLab, Forensics Europe Expo, Interpolitex...
Links:
Similar Presentations: