Breaking Apple's iCloud Keychain

Explore the intricacies of Apple's iCloud Keychain security in this revealing conference talk from HITB2017AMS. Delve into the various types of data synced and stored in iCloud, including contacts, calendars, notes, passwords, and credit card information. Discover how certain data, such as call logs, are transmitted to Apple servers even when syncing is disabled. Learn why two-factor authentication may not provide the level of protection users expect and how it can potentially make accessing sensitive information easier. Gain insights into data acquisition methods, cloud services, and the differences between backup and iCloud keychains. Examine iOS keychain protection classes, iTunes backup password breaking techniques, and the setup of two-factor authentication. Understand the arrow proxy architecture and SRP protocol used in iCloud security. Presented by Vladimir Katalov, CEO of ElcomSoft Co. Ltd., this 37-minute talk offers a comprehensive look at the vulnerabilities and complexities of Apple's cloud-based security systems.

Intro
What's inside the smartphone?
Data acqusition methods
Cloud: backup, sync or just storage?
Cloud services: backups
Cloud data by platform
Apple keychains
Backup vs iCloud keychains
iOS keychain (credit card data)
iOS backup keychain protection classes
ITunes backup password breaking
Set up 2FA
arow proxy architecture
SRP protocol
Keychain recovery