Dark and Bright Sides of iCloud (In)security presented at ZeroNights 2012

by Dmitry Sklyarov, Andrey Belenko,

Summary : "In July 2011 Apple has introduced iCloud, a successor to MobileMe. iCloud is a comprehensive cloud service for Apple devices that allows to share data (such as contacts, calendars, application files, photos) among devices, as well as to backup data from iOS devices directly to iCloud. With this approach there is always a fresh backup copy available in iCloud should there be need to restore. Recent estimates report iCloud user base to be as large as 125 million users (which is almost half of the number of iOS devices sold).
In this talk we will approach the security and privacy of this Backup to iCloud feature. We will describe the architecture of the iCloud backups (if you think that your backups are stored in the Apple's datacenter you're soooo mistaken) and the protocol iOS devices use to talk to iCloud to backup and restore data. We will explain how iCloud backups are encrypted and why this encryption (unlike the encryption of offline backups) is no problem.
Our goal is to provide the audience with iCloud reality check and to show that the moment you enable iCloud backups all your data belongs to Apple or to anyone who knows your Apple ID and password."