Researchers find iCloud storing Safari history & Google search data for years, Apple now d...
iCloud-stored Safari browser history was discovered to be stored on iCloud and accessible by an update to a newly-updated forensics data gathering suite for over a year even after deletion -- but Apple has already taken steps to rectify the problem.
First reported by Forbes, security researchers at Elcomsoft discovered that Apple was retaining an iCloud record that kept deleted web history "by accident." Using software developed by Elcomsoft only released today, researcher Vladimir Katalov downloaded his own data, and discovered records going back to Nov. 2015.
Other information retrievable by the forensics tool on an iCloud-synced iPhone with Safari history retention turned on, were full Google search terms back to 2015, and "cleared" Notes for the last 30 days.
According to an unnamed forensics expert contacted by Forbes separate from Elcomsoft, the retention isn't malicious. The second expert noted that the failure by Apple was related to preventing the data from being read by forensics tools like Elcomsoft Phone Breaker and not an outright failure to delete the information, as the data needs to be retained for a while by iCloud to properly sync changes across devices.
Forensics tools like the tool used to examine the iCloud data still requires access to a target's iCloud credentials, or the unlocked device itself to get at the Safari and Google information. Also, users choosing to not sync Safari data to iCloud are unaffected, as are private browsing sessions.
The same Elcomsoft iPhone forensics tool used to probe iCloud data on Thursday was reportedly used in the celebrity data thefts from 2014.
Shortly after initial publication of the security and privacy problem, Forbes was contacted by Elcomsoft and another source, noting that old records were being removed as a result of Apple taking swift action on the matter.
Katalov was at the core of the discovery in Nov. 2016 finding that phone numbers dialed on an iPhone were being retained. Apple has since dealt with that as well.
At the time of the phone number data retention, AppleInsider was provided with a statement by Apple, suggesting that users "select strong passwords and use two-factor authentication," which would have prevented data from being harvested in Thursday's exploit, had it not been rectified by Apple.
First reported by Forbes, security researchers at Elcomsoft discovered that Apple was retaining an iCloud record that kept deleted web history "by accident." Using software developed by Elcomsoft only released today, researcher Vladimir Katalov downloaded his own data, and discovered records going back to Nov. 2015.
Other information retrievable by the forensics tool on an iCloud-synced iPhone with Safari history retention turned on, were full Google search terms back to 2015, and "cleared" Notes for the last 30 days.
According to an unnamed forensics expert contacted by Forbes separate from Elcomsoft, the retention isn't malicious. The second expert noted that the failure by Apple was related to preventing the data from being read by forensics tools like Elcomsoft Phone Breaker and not an outright failure to delete the information, as the data needs to be retained for a while by iCloud to properly sync changes across devices.
Forensics tools like the tool used to examine the iCloud data still requires access to a target's iCloud credentials, or the unlocked device itself to get at the Safari and Google information. Also, users choosing to not sync Safari data to iCloud are unaffected, as are private browsing sessions.
The same Elcomsoft iPhone forensics tool used to probe iCloud data on Thursday was reportedly used in the celebrity data thefts from 2014.
Shortly after initial publication of the security and privacy problem, Forbes was contacted by Elcomsoft and another source, noting that old records were being removed as a result of Apple taking swift action on the matter.
Katalov was at the core of the discovery in Nov. 2016 finding that phone numbers dialed on an iPhone were being retained. Apple has since dealt with that as well.
At the time of the phone number data retention, AppleInsider was provided with a statement by Apple, suggesting that users "select strong passwords and use two-factor authentication," which would have prevented data from being harvested in Thursday's exploit, had it not been rectified by Apple.
Comments
Oh my Apple is keeping my data so I can use it across multiply devices, shame on them for hanging on it until it really not needed anymore. And shame on them limiting access to only the user who created the information.
Basically a non-story and time to move on. My note be fake news, but it is fake controversy for sure. The media does not like the fake-news tag line since all new is real to them, but they do spend lots of time tying to make unimportant things, more important than they need to be.
The information is 'supposed' to be stored. If I didn't want it stored, I wouldn't have turned it on.
As a reminder to people, you can activate private browsing in iOS by tapping the tabs button and then tapping 'Private' in the lower left corner.
https://support.apple.com/en-us/KM205106?cid=acs::applesearch
If no one else can access it but the iCloud devices, it's a non issue.
And you can make private browsing in Safari the default mode in Safari Preferences in macOS, not sure about iOS.
O wait, why is this a story? This is one example an article that troll would love to spam their Apple-hates just by the title alone and skipping the rest of the story.