If one deletes his browsing history, it is usually for a good reason. But there is a synchronization problem between iCloud and Safari could bring to the fore quite easily the historical deleted by the user. This vulnerability was discovered by the Russian company Elcomsoft, which specializes in the development of software pentesting. As explained by its director, Vladimir Katalov to Forbes, he has discovered the flaw in tests any of their software dubbed Phone Breaker on his iPhone.
This tool has the functionality to extract data : it is testing these, Katalov discovered a file on iCloud dubbed Tombstone and that contained the browsing history Safari deleted by the user. The stored data go back well over a year, and the researcher is thus able to retrieve addresses and query Google up to 2015. In addition to the addresses, the data retrieved indicated also the date of deletion of the history data.
Forbes is able to reproduce the bug reported by Katalov, and an independent researcher was also able to retrieve his browsing history deleted, as well as Notes erased from his phone. In the case of the notes, they do back up to 30 days. Forbes stated that since the 9.1 version of Safari and 9.3 of iOS, the navigation data is removed are chopped and made technically unreadable by third parties.
This discovery does not seem to show a malicious behavior on the part of Apple, according to Forbes : data were not hidden and could be retrieved simply by the user owner of the iCloud account. Apple did not wish to communicate on this issue, but seems to have undertaken to correct his mistake. The article specifies that since the publication, browsing data stored by iCloud were progressively deleted from the accounts.
No comments:
Post a Comment