Cracking and Analyzing Apple’s iCloud Protocols presented at HITBSecConf Malaysia 2013

by Vladimir Katalov,

Summary : Apple’s iCloud was meant to provide ease of use and peace of mind should your device be lost or stolen, however it also provides opportunities to extract loads of information about the user.
Backups: iCloud suggests backing up iMessage, SMS, photos and videos, device settings, documents, music and other things on-the-fly which is useful for syncing or restoring in case your iDevice is lost or damaged, however there is only one way to access iCloud backup data by organic means – you can only restore the backup onto any of your devices (linked to the same account) and, thus, only via Wi-Fi connection. This technical limitation is presupposed by design. We aim to show you a method to simply download everything onto any desired computer at hand (provided we have the Apple ID and password).
Find My iPhone: Meant to help you track your own iDevices geographically and should be available strictly to the user under his/her own Apple account, however there is a way to get geo-location data having neither Apple device tethered to that account readily available nor access to iCloud website. If location services is switched on, geo-location of the device can be detected by sending a push request to obtain the requested coordinates. The received positioning data can be applied to any map you prefer (incl. Google Maps or any other map).
Storage: Apart from backup, iCloud can store iTunes contents, photo stream, contacts, iWork documents, application files and more, which can be accessed either from any device signed up to the account or from icloud.com/iwork. However, not all information can be accessed from iCloud webpage. For example, some application files (e.g. data generated by SoundHound) you may have on your iPad won’t be seen from icloud.com/iwork. Our technological analysis allowed us to make it possible to access and download all storage information, including third-party application files on-the-fly and even without launching a work session in iCloud.
By reverse engineering Apple’s iCloud communication protocols, we can suggest an alternative technology to reach and download iCloud data and its changes in standalone mode. This is the first report on Apple iCloud communication protocols. No details on these protocols or their encryption are publicly available (till now).