Data stored in Apple's iCloud deemed 'safe' for most users

article thumbnail

Unless you're sharing or storing information of importance to national security, information saved on Apple's servers through iCloud should be secure enough for the average person's needs, a new analysis has found.

Chris Foresman at Ars Technica took a closer look at Apple's iCloud in an effort answer the question: "How safe is my data stored in iCloud?" He came away with the conclusion that Apple's service is at least as safe as using any other remote server, and maybe even more than most.

"All data is transferred to computers and mobile devices using secure sockets layer via WebDAV, IMAP, or HTTP," he wrote, explaining that all data except notes and e-mails is encrypted on Apple's remote servers.

Aside from someone obtaining an e-mail address and password associated with an iCloud account, he found the service is "safe" from hackers, and regular users can feel confident with sharing their data.

One potential security concern could be an Apple employee with direct access to files and data on the company's servers. But the company's own privacy policy plainly states that the company takes "administrative, technical, and physical" cautions to safeguard data.

Apple does not publicly disclose how it encrypts user data when it is stored on its remote servers, but sources who spoke with Foresman indicated the company is relying on Microsoft Azure for iCloud, aligning with a rumor that surfaced last September.

"Using a WebDAV client, we were able to access some of our iCloud data by guessing the server name and path; once authenticated, that data was human readable," he wrote. "Since we know that Apple decrypts this kind of data, the company is likely using some type of file-system encryption that is decrypted on the fly when requested from an authenticated device or computer."

E-mail is not encrypted through iCloud because no mainstream consumer IMAP providers encrypt messages on disk. Instead, messages are usually encrypted by the e-mail client and then decrypted by the receiver using a shared key.

As for notes, they are shared using IMAP to allow syncing with the Mail application in OS X 10.7 Lion. Foresman theorized that may change with the forthcoming release of OS X 10.8 Mountain Lion, which will have its own dedicated Notes application.

The iCloud umbrella of services launched last October, replacing Apple's previous cloud-based option, MobileMe. It includes former MobileMe services like Find My iPhone, Mail and Contacts, as well as Documents in the Cloud, iTunes in the Cloud and more.


Latest News