Elcomsoft is a Moscow based firm that creates forensics software said it was possible [Pdf] to retrieve your deleted browser history beyond a year. Elcomsoft CEO Vladimir Katalov stumbled upon this while he was testing out his new hacking tool to view his safari history on his iPhone. He discovered that Apple was storing consumer data in a secret cloud service from iCloud called “Tombstone.” Data was not being deleted from this service for the ease of syncing separate devices.
When Vladimir used their phone breaker software to extract his browser history, he noticed that deleted data up to a year old was still recorded. In the interview with Forbes, Katalov claimed “We have found that they stay in the cloud, probably forever,” records that were deleted from both Mac and iPhone interestingly were termed as “cleared” rather than “deleted” in Safari. These claims were verified by an IOS expert brought in by Forbes.
Civil rights groups and privacy security experts could be in an uproar with these revelations. The senior policy analyst at the American Civil Liberties Union (ACLU), Jay Stanley stated to Forbes “Overall, assuming this was a mistake, it’s a reminder that storing and retention of data is the default as a technical matter,” he added “Browsing history is a very sensitive set of data. It reveals people’s interests, concerns, worries and in many cases their every fleeting thought, as well as health information, information on their sexuality”.
“In this release, we added the ability to pull Safari browsing records going back more than one year, and this includes records that’ve been deleted a long time ago”, says Vladimir Katalov, ElcomSoft CEO. “The user does not have a chance to see these records anywhere on their device or in the cloud, and may not have a clue they even exist.”
Having data that you wish deleted to be then recorded and kept is a breach of trust, people should be comfortable with the knowledge that their commands are carried out accordingly, companies should always follow best practices and make the instructions of the user; hence we always recommend search tools that do not keep records.
In Elcomsoft’s press release Per Thorsheim a renowned security expert and the organizer of the PasswordCon conference stated that “Any data that’s supposed to be deleted but can still be extracted is always interesting, especially for law enforcement
Apple seems to be plugging holes in their systems as Katalov contacted Forbes after their findings had been published, notifying them that his browsing data was disappearing from his iCloud, but there was no response from Apple as regards the allegations.
This is not the first time Apple has had issues which cast doubt over its perceived impenetrable reputation. In the past it has had security flaws with its fingerprint sensor on the iPhone 6 which was vulnerable to hacking; a few months back hackers at PWNFEST in Seoul, South Korea, were able to exploit Safari in just 20 seconds; and last year Apple had to issue an emergency security update for OSX due to what they described as a ‘critical security threat’ which allowed hackers to hack iPhones of famous celebrities and other personalities.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.