Vladimir Katalov (Co-Founder, ElcomSoft Co. Ltd.)
PRESENTATION TITLE: Cracking and Analyzing Apple’s iCloud Protocols
Apple’s iCloud was meant to provide ease of use and peace of mind should your device be lost or stolen, however it also provides opportunities to extract loads of information about the user.
Backups: iCloud suggests backing up iMessage, SMS, photos and videos, device settings, documents, music and other things on-the-fly which is useful for syncing or restoring in case your iDevice is lost or damaged, however there is only one way to access iCloud backup data by organic means – you can only restore the backup onto any of your devices (linked to the same account) and, thus, only via Wi-Fi connection. This technical limitation is presupposed by design. We aim to show you a method to simply download everything onto any desired computer at hand (provided we have the Apple ID and password).
Find My iPhone: Meant to help you track your own iDevices geographically and should be available strictly to the user under his/her own Apple account, however there is a way to get geo-location data having neither Apple device tethered to that account readily available nor access to iCloud website. If location services is switched on, geo-location of the device can be detected by sending a push request to obtain the requested coordinates. The received positioning data can be applied to any map you prefer (incl. Google Maps or any other map).
Storage: Apart from backup, iCloud can store iTunes contents, photo stream, contacts, iWork documents, application files and more, which can be accessed either from any device signed up to the account or from icloud.com/iwork. However, not all information can be accessed from iCloud webpage. For example, some application files (e.g. data generated by SoundHound) you may have on your iPad won’t be seen from icloud.com/iwork. Our technological analysis allowed us to make it possible to access and download all storage information, including third-party application files on-the-fly and even without launching a work session in iCloud.
By reverse engineering Apple’s iCloud communication protocols, we can suggest an alternative technology to reach and download iCloud data and its changes in standalone mode. This is the first report on Apple iCloud communication protocols. No details on these protocols or their encryption are publicly available (till now).
ABOUT VLADIMIR KATALOV
Vladimir Katalov is CEO, co-founder and co-owner of ElcomSoft Co.Ltd. Born in 1969 and grew up in Moscow, Russia. He studied Applied Mathematics in Moscow Engineering-Physics Institute (State University). Vladimir works in ElcomSoft from the very beginning (1990); in 1997, he created the first program the password recovery software line has started from: Advanced ZIP Password Recovery. Now he coordinates the software development process inside the company and constantly calls in question new appearing security tools and services.
Vladimir runs all technical researches and product developments and regularly presents on various events and also regularly runs it security and computer forensics trainings both for foreign and inner (Russian) computer investigative committees and other law enforcement organizations.
He regularly visits various IT security- related events, conferences and trainings all over the world. He has shared his expertise through dozens of conference sessions. Here is an incomplete list of the events: TechnoSecurity, BlackHat, CEIC, Infosecurity Europe, Infosecurity Russia, Infosecurity Japan, IT Security Area (it-sa), European Police Congress, e-Crime, Troopers, EuroForensics, FT-Day, China Computer Forensic Conference, CrimeLab, CanSecWest, Forensics Europe Expo, Interpolitex…