The cloudy iCloud

Some years ago, the word cloud mostly related to the clouds in the sky, now it immediately makes me think of Data Clouds. Although a recent study totally contradicts this saying that most people think it is run on actual clouds in the sky. Most businesses manage their data in the cloud, because it’s an easy way to collaborate and all the information is accessible anywhere and anytime from any platform. Private users use cloud services like Dropbox, Google Drive, Box and SkyDrive to easily share or backup pictures, music and documents. Although these solutions are easy and often reliable, how much of your private data do you really want to entrust to big corporations?

When it comes to privacy, there is a very fine line of knowing what these companies are doing with your data and whose hands are actually on it. Security breaches have been very common and they aren’t going anywhere. Sometimes it’s not the question of will someone steal your data, it’s when will they steal your data.

iCloud is one of the largest improvements ever made to increase usability and productivity of electronic devices.

But …

Are my backups and synced data secure on iCloud?

What this blog contains …

  • The simple answer
  • Some details about iCloud-Security
  • The good news
  • The worse news
  • The Apple ID
  • Summary
  • An example how it should be
  • Attachments
    Encryption techniques
    Managing data with iWork


The simple answer …

The simple answer is that your data is at least as safe as it is when stored on any remote server, if not more so. All data is transferred to computers and mobile devices using secure sockets layer via WebDAV, IMAP or HTTP. All data (except E-Mail and Notes) are stored and encrypted on Apple’s servers. Secure authentication tokens are created on mobile devices to retrieve information without constantly transmitting a password.

Some details about iCloud-Security …

(quoted from Apple’s Terms and Conditions for iCloud)

Access to Your Account and Content
Apple reserves the right to take steps Apple believes are reasonably necessary or appropriate to enforce and/or verify compliance with any part of this Agreement. You acknowledge and agree that Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so or if we have a good faith belief that such access, use, disclosure, or preservation is reasonably necessary to: (a) comply with legal process or request; (b) enforce this Agreement, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Apple, its users, a third party, or the public as required or permitted by law.

This means that Apple employees have the technical ability to read your data.

There may be procedural, technical, or policy controls to make this unlikely, but the capability is there. That means that if Apple’s cloud ever gets compromised by a sophisticated attacker, the attacker could potentially access all your data. In other words, any data breach or accident on Apple’s part could potentially expose your data. This may not be too likely but even respected companies like Google have been breached. A breach or other exposure of the iCloud servers is not unthinkable.

E-Mails and Notes are not stored in encrypted form, while on Apple’s servers. This might be dangerous as E-Mails often contains sensitive information (e.g., account passwords, reset links, etc.).

When Government comes knocking Apple will not be transparent about requests for access to your data and not telling users when their data has been disclosed to the government.

The risks are not limited to government requests.
If you get sued, or end up in a contentious divorce, the opposing party’s lawyers could subpoena your data from Apple, and Apple would be required to disclose it to them, if they are relevant to the case. But who knows it before investigating the contents?

The good news …

Data is encrypted using SSL while it is transferred (in transit) between your computer and the iCloud servers. Also, data is encrypted while it is stored on the iCloud servers (at rest).

The worse news …

iCloud uses server-side encryption, not client-side encryption. When sending data to the cloud, it gets encrypted on your machine with SSL, then decrypted at the iCloud servers, then re-encrypted using an encryption key that only Apple knows for storage.

The Apple ID …

The security of your data on iCloud is only as good as the passphrase on your Apple ID.
Therefore, if you want your data to be secure, you need to choose a long and strong passphrase. Unfortunately, there are some aspects of the current systems that tend to nudge users towards choosing short, weak passphrases.

    The OS refuses to store this passphrase in the keychain, requiring you to type it in frequently. If you use an iOS-Device, you will frequently need to type in your Apple ID passphrase (e.g., every time you install or update an app). Because entering a long and strong passphrase is a major pain on an iPhone, many users may end up choosing a short, poor passphrase just for convenience sake — which unfortunately leaves their iCloud data poorly secured. So, the current design may tend to encourage many users to use a weak password, leaving their data at risk.

Summary …

iCloud’s security practices are largely in line with mainstream practice in this area. iCloud appears to have a reasonable and professionally designed security architecture. While there are some security risks, for most people, iCloud’s security is likely to be good enough, and the convenience benefits of iCloud will likely outweigh any risks for most folks.

However, storing your data in the cloud does increase the risk. For some particularly sensitive users (health records, financial institutions, lawyers, etc.) it might be prudent to avoid storing the most sensitive data in the cloud.

An example how it should be …

The solution are apps which already store their data encrypted on your device and use the highest level of iOS Protection classes that is ‘Accessible only when Unlocked’ (disadvantage: syncing won’t start happening immediately when your phone is turned on) and ‘Non-migratable’ (disadvantage: if you migrate all of your device settings and data to a different device you will have to re-enter the password).
These data will be, let me say DOUBLE-ENCRYPTED, when transferred to iCloud and stored there. They cannot be accessed with server-side keys only.
An example is 1Password (AgileBits) for managing passwords, bank accounts and beyond.


Interested people even with less technical understanding should read these articles about security design basics …

AgileBits Cloud Storage Security

Lost iPhone and Safe Passwords

Attachments …

Encryption techniques …

Full-strength, randomly generated, user-managed key
This is the most secure setting. Access to the full server data gives the attacker no useful information. Unfortunately, it is also the most difficult to use. Enabling a new device requires coordination with an existing device. If users lose all of their devices, e.g. if they only have one device and it breaks, there’s no way to recover.

Password-derived key
The data is encrypted with a key derived from the user’s password. This is not as secure as the previous setting, since most user passwords are not nearly as strong as full-strength crypto keys. However, as my colleague Brian Warner is exploring, it may be possible to still make it quite expensive to break into a single user’s dataset, and prohibitively expensive to go fishing for data across many user accounts. Usability is significantly increased: a user can set up a new device simply by typing in their password. However, the crypto conundrum remains: lose your password, lose your data.

Server-side security (applied to Apple’s iCloud)
Users don’t manage keys, and servers technically have access to the user data. A number of techniques can be used to meaningfully restrict the chance of a leak (e.g. disk encryption or other type of encryption where the server holds the key somewhere.) Security against insider attackers is not nearly as high as with the two previous solutions. This is, of course, how almost every service on the Internet works today. It is the only model that maps to user intuition, where a user can forget their password, lose their devices, and still recover. Apple holds the (encryption) key!

Turn off apps which should not sync their data using iCloud or which should not include their data into iCloud backups. To do this go to

Settings – iCloud – Storage + Backup – Manage Storage – Your device

and deactivate all apps which data you do not want to be handled by iCloud services.
Do something similar with data of Apple’s pre-installed apps
(Mail, Calendars, Contacts, Reminders, Safari, Notes, Photo stream).
But if you do so you will loose all the benefits coming with iCloud.

Recommendations …

Consider three vulnerabilities …

  • Access in accordance with Terms and Conditions of the cloud provider
  • Stealing of the device
  • Hacking of your device
  • Hacking of the cloud storage

To keep your data secure there is no simple workaround.
But you can do your best with theses settings and keeping your sensitive data away from apps not supporting encryption.

  • Use a strong password for you Apple ID even if it is not convenient
  • Use an Unlock Code for your device
  • Use the Auto-Lock option for time-based automatic locking
  • Use unlock codes for lockable apps managing sensitive data
  • Do not use cloud storages for saving data managed by apps not supporting encryption already on your device

If your thoughts are still in turbulence …
Keep your devices under lock in Fort Knox, switch them off and lock the door with your one and only key. Don’t loose the key!

Managing data with iWork …

The most powerful setting is using the iCloud service for syncing iWork-Documents across your devices. It’s simple and automatic and predestined for frequent usage of different devices.

But keep in mind that these documents should not contain sensitive data as they are NOT DOUBLE-ENCRYPTED like those of the app 1Password mentioned above.

As an alternative manage sensitive data e.g. in NUMBERS and exclude this application from iCloud syncing and iCloud backup. To back up the data use iTunes with a strong backup password.

Another solution would be to store iWork documents highly encrypted via WebDAV on a cloud storage which does not use server-side encryption. At the time Apple does not support this feature.