lecture: Apple iCloud services reversed inside out
Apple iCloud was meant to improve flexibility and comfort when using your iDevices, however it also provides opportunities to extract as much as everything about the user.
Apple iCloud was meant to improve flexibility and comfort when using your iDevices, however it also provides opportunities to extract as much as everything about the user.
Backups: iCloud suggests backing up iMessage, SMS, photos and videos, device settings, documents, music and other things on-the-fly which is useful for syncing or restoring in case your iDevice is lost or damaged, however there is only one way to access iCloud backup data by organic means - you can only restore the backup onto any of your devices (linked to the same account) and, thus, only via Wi-Fi connection. This technical limitation is presupposed by design. But now we can show you a method to simply download everything onto any desired computer at hand, provided we have Apple ID and password.
Find My iPhone: this application was also meant to help you track your own iDevices geographically and should be available strictly to the user under his/her own Apple account, however there is a way to get geo-location data having neither Apple device tethered to that account readily available nor access to iCloud website. If location services are switched on, geo-location of the device can be detected by sending a push request (there will be an arrow indicator in the right upper corner of the target device screen) and getting the requested coordinates. Then, the received positioning data can be applied to any map you prefer (incl. Google Maps or any other).
Storage: apart from backup iCloud can store iTunes contents, photo stream, contacts, iWork documents, application files and more, which can be accessed either from any device signed up to the account or from icloud.com/iwork. However, not all information can be accessed from iCloud webpage, for example, some application files (e.g. data generated by SoundHound) you may have on your iPad or whatever won't be seen from icloud.com/iwork. Our technological analysis allowed us to make it possible to access and download all storage information, including third-party application files on-the-fly and even without launching a work session in iCloud.
In this presentation you'll get more info about reverse-engineering of iCloud protocols itself, including jailbreak, reset, replacing of certificates (to perform a kind of man-in-the-middle attack), sniffing, parsing. You will also learn more about protocol changes that were implemented in the end of this March. And in addition, we'll go further into details of iCloud data access protocol and speak about the peculiarities of storing files like Pages/Numbers/Keynotes: they are being saved in a special proprietary format and there are special commands executed on server that allow downloading files both in Apple and Microsoft Office formats, or Adobe PDF.
Conclusion: iCloud stores large amounts of information and before now access to this info was restricted either by the necessity to have iDevice and Wi-Fi (only) available or by using Internet and web-browser (www.icloud.com), knowing Apple ID and password is required. Now, that we have reverse-engineered Apple iCloud communication protocols we can suggest an alternative technology to reach and absolutely new method to download iCloud data and its changes in standalone mode onto any available computer.
Info
Day:
2013-06-22
Start time:
13:00
Duration:
01:00
Track:
Main
Files
| Video |
