![]() Apparently, the Russian intelligence did not like the idea. While that “spyware” could be anything, we have no doubts it was the iCloud service transferring phone’s usage information to a certain online cloud service coincidentally based in the US. After just a little while, the official Kremlin reported that some “spyware” was discovered in that device. What exactly can become a matter of national security? Well, if you follow the news, you can recall how an Apple director handed an iPhone to Dmitry Medvedev, who served as a president of Russia at the time. Privacy advocates can spend hours (literally) just citing examples of how extremely broad these “interests of national security” can be, how far stretched and how excessively executed they can become. Instead, the leading role in determining whether or not personal information is protected is now given to intelligence and homeland security agencies. End-user service agreements, privacy policies and legislations are no longer the determining factor of the privacy or personal information. ![]() This leads to a very important conclusion. However, based on legislations introduced after September 11th, the intelligence can gain access to information about a user based in a given country without a warrant – if such access is deemed to the interests of national security. Apple iCloud does not have a similar clause in its end-user agreement. Skype made agreements with special services of many countries to provide wiretapping access to users’ communications without a legal warrant. Recently, Skype was included as part of Windows 8. Since then, pretty much all providers of digital communications are legally obligated to provide the ability to deliver their customer’s personal information to special services regardless of what’s written in their end-user service agreements and privacy policies. US National Security Agency (NSA) gained powers to access American telephone, cable and satellite networks. After September 11th, “warrantless wiretapping” of Internet communications, as well as many other intrusions into personal privacy have become a fact of life. Either way, a corresponding warrant must be issued in order to seize the computer and/or the iOS device in question.Įmploying Apple iCloud for spying on users of iOS devices are not restricted with such pesky obstacles. Acquiring information from an iOS device requires physical access to that device. In order to obtain information from a phone backup, investigators need access to a PC that has those backups. However, there is something making this one different. There are so many ways to retrieve information from mobile devices that yet another backdoor may not seem like a big deal. Other than the combination of a unique Apple ID and password, nothing protects the data on its way to an intruder except some encryption (which could not be easier to circumvent because the decryption key is available along with the data). Interestingly, unlike offline backups that feature a rather strong protection making ElcomSoft’s own recovery tools spend hours guessing the original password, data stored in the iCloud is stored unprotected. Information from the iCloud can be transferred to any remote computer with an Internet connection. At this time, information about recent iCloud activities is not reported to the owner of the device, so it will be impossible to learn about someone accessing information in the iCloud. ![]() The user will never know that their data has been accessed as no access to the physical device is required. The newly discovered backdoor allows anyone having the money to buy Elcomsoft Phone Password Breaker and having a way to discover the original Apple ID and password of the user accessing information from all iOS devices belonging to a user with that particular Apple ID. The company even built the technology for accessing this information in one of its mobile forensic products, Elcomsoft Phone Password Breaker, allowing investigators accessing backup copies of the phone’s content via iCloud services. ElcomSoft researchers discovered that information stored in the iCloud can be retrieved by anyone without having access to a physical device, provided that the original Apple ID and password are known. The service opens governments a back door for spying on iOS users without them even knowing. Using the iCloud is so simple and unobtrusive that more than 190 million customers (as of November, 2012) are using the service on regular basis. Apple iCloud is a popular service providing Apple users the much needed backup storage space.
0 Comments
Leave a Reply. |