Users’ deleted notes should completely disappear from Apple’s servers after 30 days. However, ElcomSoft, a Russian company developing computer and mobile forensic tools, discovered that the deleted notes could still be extracted from Apple’s servers after the 30 days had passed, even though they were no longer visible to the users.
Deletes Notes Extracted From iCloud Servers
Apple’s Notes app automatically stores users’ notes in the cloud, when iCloud is enabled. Users can delete their notes, and they will remain in the app’s “Recently Deleted” folder for another 30 days, as expected.
However, ElcomSoft discovered that Apple was not deleting the notes once that 30-day period was over, even if the files were no longer in the Recently Deleted folder. Therefore, users would assume that the notes were permanently deleted when they actually weren’t.
The company used its own Phone Breaker forensic app, which can extract sensitive information from a phone if the files are not well protected by the mobile platform. If a user’s credentials are used, the tool can also download whatever data is available in the user’s iCloud account, even if the data is not visible to the user anymore.
According to ElcomSoft, a user’s authentication token can also be extracted from the PC to bypass the iCloud authentication process, which sounds like another security design flaw Apple needs to fix.
Prease to read more here:
terms | privacy | contactCopyright © 2006-2020