iCloud Forensics – The Compromised Platform Examination

Creative Team | December 16th, 2015 | Forensics

iCloud is the free of cost cloud storage and computing service designed and rendered by Apple. The primary motto of introducing the service was to allow users store their data remotely to make it flexibly accessible (via browser access) despite the unavailability of user device. The storage supports all essential data of an Apple device, which includes; Music, Pictures, Applications, Contacts, Videos, and other assorted storage. Accessing iCloud account enables you to not only use your data but also share it over to another user with an iOS 5 and above configured Apple device. The synchronization feature is what makes it even more special, as users who have their mobile devices connected to an iCloud account need not have to take separate data backups as the data on their iPhones/iPads are regularly synched and securely stored over to cloud storage of the respective iCloud account. Other forms of generating Apple data backup is by setting up iTunes on the user machine and save the data locally rather than remotely.

Security and iCloud Vulnerability

The above discussion brings into limelight the extensive dependency of Apple users on iCloud. Apple does guarantee security of their user data stored on the iCloud storage however, coincidentally of late emerged the case of iCloud’s vulnerability to hacking.

Digital safety has become a way major concern now days as compared to the bygone days. In the recent catastrophe, iCloud accounts of popular celebrities were hacked which lead to the obvious misuse of data stored in them; leak of bare pictures. The situation of privacy intrusion led to questions being raised against the safety measures guaranteed by Apple. The security breach caused on accounts got highlighted because of celebrity involvement, however, this clearly showcases the overall security Apple has implemented in securing its iCloud accounts.

Forensically Examining iCloud Storage

The breach shows the security levels implemented for data by Apple. This shows that, in order to access such sensitive and private data belonging to a user, all you need is the respective account holder’s login credentials and no physical access to their device at all. The absence of multi-layered security is evident.

Vulnerability towards such majorly destructive attacks is what led to the requirement of applying forensic sciences in examining the iCloud storage. This helps to find out how the hackers got into these user accounts and how this loophole can be filled to avoid such occurrences in future.

In order to test the environment and perform an iCloud analysis at the same time, the investigation revealed two strategies that were implemented in this data leak. The two ways of carrying out iCloud forensics are:

Manual Workarounds: Amongst the manually doable workarounds, a few include; executing a local attack despite not having the device physically like the one done over network connection to which the device is connected to; Wi-Fi. Being able to retrieve the pairing code used by an Apple device to connect with Wi-Fi there are high chances that its data can be backed up by spoofing the machine via Wi Fi connectivity.

iCloud Analysis Utilities: These applications are specially programmed to get user to pull out data stored on iCloud account for investigative purposes. Such professional tools are supposed to be specifically implemented by law enforcements or for other legal purposes only.

However, as far as the security measures stand currently, the storage can be hacked easily by either gaining physical access to the device or crack the credentials of the iCloud account. Technically speaking, all that is required to access an iCloud account is its login credentials. Anyone can have straightaway access of the account data without having to testify that they are the authorized account holder.

Forensic Application Implementation

iCloud Analysis

MailXaminer is a renowned email examination tool that also happens to investigate hosted server and Cloud based storage successfully. iCloud is supported as part of its web based environments for investigation. Investigators can conduct the filtered / non – filtered examination of data stored on an iCloud account provided that the credentials are in custody. Once the storage is acquired and read by the application, it can be examined through the featured scanners by applying; search strings, advanced search, filters, skin tone analysis on videos and image based media, and more can be done. The application can be implemented to use for advanced forensic analysis of iCloud data to accomplish iCloud Forensics.