Guan’s blog


iCloud security

01 Sep 2014

There are rumors that the recent leak of nude photos of Jennifer Lawrence was due to either iCloud accounts or the iCloud service itself being compromised. We don’t have many details yet, let alone hard-ish evidence of what actually happened. We can speculate, though, and we can also think about how better to protect ourselves.

It’s possible that the attackers somehow obtained her password, or obtained access to her iCloud account. If she used iCloud Backup, that would then allow the attacker to restore all the contents of her phone onto one of their devices. An iCloud Backup includes app data, text messages and iMessage data (which is otherwise much better protected). The photos may have been attached to iMessages, which would be restored, or they might have been in her Photo Stream if they were among the last 1,000 photos she took.

Securing an iCloud account itself is easy these days: you should set up two-step verification. This requires either a code sent through text message or an existing iOS device to log in to your iCloud account.

But what if someone hacked into Apple’s systems, or compromised an Apple employee, or forced Apple to cooperate with them through legal process? What data could Apple reveal, willingly or unwillingly, without your iCloud password? (In the following, I’ll assume that Apple’s systems all work as designed. In reality they may well have unknown security holes.)

The two key documents to read to understand this are the iOS Security document from February 2014 and Apple’s Legal Process Guidelines for law enforcement. The latter is interesting because if Apple can provide something as a result of legal process, they can also provide it in response to extra-legal process, so to speak. (The converse is not necessarily true.)

End-to-end encryption

End-to-end encryption refers to a security model where data is protected all the way from the end producer to the end consumer.

For example, Dropbox data is not end-to-end encrypted: it’s encrypted between you and Dropbox, and it’s encrypted as it’s stored on Dropbox, but Dropbox has access to the data. (The encryption applied by Dropbox protects against scenarios where someone steals a hard drive from Dropbox, but receives no further cooperation from them.)

A lot of email these days is encrypted in transit and when you access it through webmail or encrypted IMAP, but the email provider still has access to the contents.


iMessages are protected in transit with end-to-end encryption. This means that nobody, not even Apple, can intercept them. Only your devices can ever read them.

There is a potential vulnerability: how does iMessage decide which are “your devices”? That happens through a Public Key Infrastructure, which is a database at Apple that keeps track of the encryption keys associated with your devices. If an attacker can maliciously add a new key to that database, then any future messages you send may be read by the attacker.

As the system is currently designed, you will receive a warning on your devices when this happens. Apple’s documents imply that they will not add a key to their iMessage PKI in response to legal process, or modify their systems to remove that warning.

Your iMessage data is also part of each device’s backups, either a backup through iTunes or as part of iCloud Backup.

iCloud Backup

Don’t use iCloud Backup if you are worried about security. Instead, get enough disk space to do iTunes backups that you control yourself:

[iTunes backup]

Each file is encrypted with a key, that is encrypted with an asymmetric (Curve25519) key for each data protection class (page 23). Those keys are placed in the iCloud Backup keybag. The keybag is then protected with a random key, which is also stored with the backup set in the iCloud account.

All this means that Apple, or someone who has compromised Apple through legal or extra-legal process, can always access the contents of your iCloud Backup. Unless, of course, those contents are further protected.

(If you decide to use iTunes backups, make sure that the hard drive of the Mac or PC where you store those backups is itself encrypted. On a Mac, use FileVault 2. If your iOS device contains something important that you don’t want to lose, then make sure you have a backup of the backup, in case you lose both the iOS device and your Mac. In this day and age, you are the jerk if you don’t have a backup and lose important things.)

iCloud Keychain

iCloud Keychain is useful. I use it. Changes to iCloud Keychain are synced among your iOS and OS X devices. This syncing, which happens within what Apple calls a “circle of trust,” is end-to-end encrypted, and when a new device wants to join the circle, an existing device has to approve it.

There is a separate mechanism called keychain recovery for situations where you lose all your devices. This is on if you have enabled “Allow approving with security code”. If you do that, you should use a random security code:

[iCloud security code]

Apple also goes to great lengths to ensure that not just anyone can get the encrypted version of your keychain (page 25). The keychain is not part of the regular iCloud Backup.

Data on the device

What if the attacker has physical access to your device? What can they do?

Assuming your device is passcode locked (and it should be, with a strong password and not a 4-digit one), it depends on the data. Text messages, photos, videos and contacts can be recovered, because Apple will do that in response to legal process. The Mail app implements Complete Protection, which means that emails and attachments are not accessible as soon as you lock the device.

Some files are protected when the device is locked, unless they are open when you lock it.

Some files are only protected until first user authentication, which means that they cannot be recovered from a device that has been powered off. They can be recovered if you have entered your passcode once after powering on. Most app data is in this category. This still provides a lot of protection if your device is locked because the attacker may need to reboot your device.

Finally, some files are not strongly protected at all. Apps themselves would be in this category.

Page 12 of the iOS Security document has a list of how various keychain items are protected. Only Safari passwords and your home sharing password are in the category that is protected when locked.

If you have a weak passcode, or even a 4-digit one, Apple can always decrypt everything on your device because they can circumvent the feature that limits you to 10 incorrect password attempts.

Compromising your Apple ID

What can an attacker use to gain access to your iCloud account, if they don’t know the password and can’t use two-step verification? The biggest risk is that Apple has a phone number, 1-800-275-2273. (Please don’t tell anyone.) Whatever Apple’s procedures are or may be in the future, there is a human on that line, and that human has the power to give anyone access to your account.

The solution is to ban phone calls. Phone calls are a dangerous vector for social engineering and will compromise almost any security system. Don’t allow them in your organization, don’t call anyone, and don’t accept incoming phone calls.

I would require users who have lost their Apple ID password to go to an Apple store physically and present identification.