Researchers find iCloud storing Safari history & Google search data for years, Apple now d...

Posted:
in iCloud edited February 2017
iCloud-stored Safari browser history was discovered to be stored on iCloud and accessible by an update to a newly-updated forensics data gathering suite for over a year even after deletion -- but Apple has already taken steps to rectify the problem.




First reported by Forbes, security researchers at Elcomsoft discovered that Apple was retaining an iCloud record that kept deleted web history "by accident." Using software developed by Elcomsoft only released today, researcher Vladimir Katalov downloaded his own data, and discovered records going back to Nov. 2015.

Other information retrievable by the forensics tool on an iCloud-synced iPhone with Safari history retention turned on, were full Google search terms back to 2015, and "cleared" Notes for the last 30 days.

According to an unnamed forensics expert contacted by Forbes separate from Elcomsoft, the retention isn't malicious. The second expert noted that the failure by Apple was related to preventing the data from being read by forensics tools like Elcomsoft Phone Breaker and not an outright failure to delete the information, as the data needs to be retained for a while by iCloud to properly sync changes across devices.

Forensics tools like the tool used to examine the iCloud data still requires access to a target's iCloud credentials, or the unlocked device itself to get at the Safari and Google information. Also, users choosing to not sync Safari data to iCloud are unaffected, as are private browsing sessions.

The same Elcomsoft iPhone forensics tool used to probe iCloud data on Thursday was reportedly used in the celebrity data thefts from 2014.

Shortly after initial publication of the security and privacy problem, Forbes was contacted by Elcomsoft and another source, noting that old records were being removed as a result of Apple taking swift action on the matter.

Katalov was at the core of the discovery in Nov. 2016 finding that phone numbers dialed on an iPhone were being retained. Apple has since dealt with that as well.

At the time of the phone number data retention, AppleInsider was provided with a statement by Apple, suggesting that users "select strong passwords and use two-factor authentication," which would have prevented data from being harvested in Thursday's exploit, had it not been rectified by Apple.

Comments

  • Reply 1 of 10
    Pretty normal for a data participating in a synchronisation system to never be deleted, because the fact the information was deleted needs to be stored so that any future clients coming on line can receive the update. The notes app never really deletes any notes from its local database either and thus likely never from the server.
    watto_cobra
  • Reply 2 of 10
    I'm surprised there isn't an avalanche of articles screaming bloody murder after Forbes published this story. When I read the Forbes story I expected the author to not explain how iCloud synchronization worked in an attempt to explain why Apple might keep data for a while. As expected the author did not explain. 
    watto_cobra
  • Reply 3 of 10
    maestro64maestro64 Posts: 5,043member

    Oh my Apple is keeping my data so I can use it across multiply devices, shame on them for hanging on it until it really not needed anymore. And shame on them limiting access to only the user who created the information.

    Basically a non-story and time to move on. My note be fake news, but it is fake controversy for sure. The media does not like the fake-news tag line since all new is real to them, but they do spend lots of time tying to make unimportant things, more important than they need to be.  


    watto_cobra
  • Reply 4 of 10
    It's the user who chooses, and actively uh... 'activates' this feature in the first place.
    The information is 'supposed' to be stored. If I didn't want it stored, I wouldn't have turned it on.
    watto_cobra
  • Reply 5 of 10
    MplsPMplsP Posts: 3,911member
    Ditto the above comments - If I was worried about how long Apple stored the data (or about Apple storing the data at all) I wouldn't activate it.

    As a reminder to people, you can activate private browsing in iOS by tapping the tabs button and then tapping 'Private' in the lower left corner.

    https://support.apple.com/en-us/KM205106?cid=acs::applesearch

    watto_cobra
  • Reply 6 of 10
    Apple keeps recently deleted notes as a convenience - they are permanently deleted after 30 days as noted at the top of the deleted notes folder. 
    edited February 2017 cornchipwatto_cobra
  • Reply 7 of 10
    MplsP said:
    Ditto the above comments - If I was worried about how long Apple stored the data (or about Apple storing the data at all) I wouldn't activate it.

    As a reminder to people, you can activate private browsing in iOS by tapping the tabs button and then tapping 'Private' in the lower left corner.

    https://support.apple.com/en-us/KM205106?cid=acs::applesearch

    Well as one of those who never opts in, wishes I could rip the entire iCloud code base out of all Apple anything, does updates unplugged & then (re)checks known privacy settings, and is in a legal jurisdiction that makes it essentially illegal to use iCloud, I have had my iCloud discovered on without knowing intent at least once, and Safari's desktop browser not always 'opening a new window in private browsing mode' - call it what you want, but since the early addition of photos to the Contacts database (if not me then others adding others), and the invocation of the Patriot Act, one has to ask how such 'mistakes' just seem to continue, and if the EULA get impossibly longer & one sided...? Is it feasible to have 'Find My iPhone' able to be remotely invoked? If so why is the 'price' we must pay for admission an always on tracking status, ie. unavailable on demand, if a device goes MIA, when it is needed most...? Is Windows 10 worse, with all roads leading to MS by default? And so of course users have a choice... Or do we really...? Is it AI or bust ? What is the worst we may be one executive order away from...?
    cornchip
  • Reply 8 of 10
    eriamjheriamjh Posts: 1,631member
    Was this data encrypted?   Was it protected? 

     If no one else can access it but the iCloud devices, it's a non issue.  
  • Reply 9 of 10
    MacProMacPro Posts: 19,718member
    MplsP said:
    Ditto the above comments - If I was worried about how long Apple stored the data (or about Apple storing the data at all) I wouldn't activate it.

    As a reminder to people, you can activate private browsing in iOS by tapping the tabs button and then tapping 'Private' in the lower left corner.

    https://support.apple.com/en-us/KM205106?cid=acs::applesearch


    And you can make private browsing in Safari the default mode in Safari Preferences in macOS, not sure about iOS.
  • Reply 10 of 10
    Yeah, shame on Apple to keep my old data in their server so that in case of the time I need to retrieve them again after resetting Safari I still could find them.  Shame on them not to delete them permanently because now I am still able to find that extremely important website that I have been checking out 2 years ago.

    O wait, why is this a story? This is one example an article that troll would love to spam their Apple-hates just by the title alone and skipping the rest of the story.
Sign In or Register to comment.