I have zero problems with Apple differentiating between cloud and physical security. I know full well that my cloud data is not fully secure because it is not in my possession. Yes, I could add my own layer of security, but if I don't, then a warrant could access the data. This is completely different from the security of my own personal device.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iCloud Backups Not as Secure as iOS Devices to Make Restoring Data Easier
- Thread starter MacRumors
- Start date
- Sort by reaction score
They already have the most recent backups from iCloud, since they began working with the FBI on the case within about a week of the San Bernardino shootings. That was all done long ago.
The FBI thinks there may* be some more recent data on the phone, and they wanted Apple to crack the device so they could get at it that way. Which is where all the excitement, shouting and hand gestures started.
*nothing really useful to the legal case, a very likely nothing useful pointing to other would be terrorists, either. It's turned into a fishing expedition, with theater sauce on the side. Which is to say, their pride is taking a thumping now.
[doublepost=1457025671][/doublepost]
San Bernadino County bought an MDM tool, but they didn't install it on all (possibly any) of the iPhones that they issued employees. It's like buying a nice, shiny set of specialized tools for working on their fleet of trucks, then locking it safely in a vault somewhere.
Bloody useless bureaucrats.
That is an ongoing problem out here in Cali. There is such a push to save funds that even things that should be are not.
Cloud is just a term for "somebody else's hardrive", so if you want to keep things secret, it's better to avoid that.
I don't think this is correct. Apple makes it very clear they control the encryption key for any data stored via iCloud backup, which usually includes your iMessages. iMessages sent from device to device are encrypted via UID and then are purged from Apple's systems within 15 days after delivery. Once someone turns on iCloud Backup, all your iMessages go right back up to Apple's servers, encrypted with Apple's key, not yours. This is the same data that Apple has already provided to the FBI in the San Bernadino case.
no one is surveilling you, even if you use iCloud backup...I guessed that already, but now it's a fact on public record. The only 'safe' solution is to delete all our iCloud backups data, and not use any iCloud services.
But here is the problem! Apple is increasingly integrating iCloud services deep into its iOS and Mac OS X. It's almost impossible to use Apple products without iCloud. This is scary...
We're all already trapped deep in total surveillance by the NSA and god knows by whom else. The orwellian society is real!
I feel like a chimp sitting in a zoo while constantly being watched. Welcome to the 21st century's privacy striptease.
The only way out of our modern tech zoo is going low-tech and to move to an isolated island, dig a cave there (beware spy satellites), and hide there forever.
Apple just has the ability to pass your backups to government authorities under a proper warrant.
What has the size of the on-board storage of an iPhone to with the need for backups? Do you consider storing multiple copies of all data on the same device to be a backup?
[doublepost=1457039672][/doublepost]
Not the ISP per se, but the email service provider(s) which can be the same if you don't get your email account from other providers (eg, Gmail, Yahoo mail, Apple Mail, Exchange hosted by your employer/university). Email is encrypted between your and your email service provider (unless the latter is really behind the times).
[doublepost=1457040096][/doublepost]
Well, Time Machine isn't backing up what you did every hour of every lasting day. Only every hour of one day. You never made a mistake while using your computer that involved either deleting something you didn't want delete or modifying something you later realised you need it in its earlier state?
Using FileVault is always a good idea. That said, encrypted iTunes backups are definitely not easy to break if you use a reasonably good password. They are encrypted using AES, and the encryption key is derived from the password using 10,000 rounds of PBKDF2, which makes it impractical to brute force.
A more important reason to use FileVault in this context is that it prevents access to the pairing keys that iTunes uses to authenticate itself when accessing the phone over USB. If the authorities get their hands on the keys, they can use them with forensic tools to extract a lot of useful information from the phone via USB (although it is no longer possible since iOS 8 to extract the full backup content unencrypted).
Last edited:
It's a very bad name for it, but I suppose you can make another choice. What it is is a tradeoff. It's very secure if you don't give probable cause to a police agency to go before a judge and say, yeah, here's my warrant. That authority is in the Constitution. On the other hand, back up to your computer if you think people are after you for no reason.
Security Theater is a protection racket. Security Theater is a method whereby tyrants impose what appear to be security measures while they are actually just implementing control mechanisms. It's like "anti-virus" software - the anti-virus software companies invent the "viruses". Likewise governments invent "terrorists".
I would have to think local backup will always be part of iTunes.... What if users don't wanna use icloud but still backup their devices with iTunes ? Those users will have no choice... I certainly don't backup to icloud..
Too right.... Why should Apple deviate itself in term of cloud security against the competition? There are several other "personal cloud" LAN devices u can get if u wanna be secure.
Apple still encrypts it though.... so u would think that provides some true
Last edited:
It appears that this information is no longer current.
"No one else, not even Apple, can access end-to-end encrypted information."
Device backups: encrypted in-transit and on-server. That's "end-to-end":
https://support.apple.com/en-us/HT202303
"No one else, not even Apple, can access end-to-end encrypted information."
Device backups: encrypted in-transit and on-server. That's "end-to-end":
https://support.apple.com/en-us/HT202303
Apple's ongoing fight with the FBI over whether the company can be compelled to help the government unlock the iPhone 5c used by San Bernardino shooter Syed Farook has brought the full range of Apple's privacy policies into the spotlight.
The details surrounding the case have made it clear that while Apple is unable to access information on iOS devices, the same is not true of iCloud backups. Apple can decrypt an iCloud backup and provide the information to authorities when ordered to do so via a warrant, as it did in the San Bernardino case.
In a piece posted on The Verge entitled "The iCloud Loophole," Walt Mossberg takes a look at Apple's iCloud backups and explains the reason why iCloud data can't be made as secure as data stored solely on an iPhone or iPad.
Apple is able to decrypt "most" of the data included in an iCloud backup, and an Apple official told Mossberg that's because the company views privacy and security issues differently between physical devices that can be lost and iCloud. With iCloud, it needs to be accessible by Apple so it can be used for restoring data.iCloud backups contain iMessages and texts, content purchase history, photos and videos, device settings, app data, voicemail password, and health data. Backups don't include information that's easily downloadable, such as emails from servers or apps, and while iCloud backup does encompass iCloud keychain, Wi-Fi passwords, and passwords for third-party services, that information is encrypted in a way that makes it inaccessible to Apple.
Mossberg suggests customers who don't want to upload data to Apple via an iCloud backup make local encrypted backups through iTunes using a Mac or PC, and he points out that other cloud storage services, like Dropbox, are no more secure.
Mossberg's full exploration of iCloud is available over at The Verge and is well worth reading for anyone interested in the security of data stored in the cloud.
Article Link: iCloud Backups Not as Secure as iOS Devices to Make Restoring Data Easier
You are misreading that document. While backup data is stored on Apple's servers in an encrypted format, Apple still has a master key to that information. It is not encrypted with end to end protection, which is a combination of own unique passcode and device key.
Some of what Apple stores they deem senesitive enough to wall off, but does not include backups.
While it is much easier to hide your messages, it requires using not iCloud Backup, since it stores a copy of a key to unlock your messages in it.