Reuters reports:
Personal data including text messages, contact lists and photos can be extracted from iPhones through previously unpublicized techniques by Apple Inc employees, the company acknowledged this week.
The same techniques to circumvent backup encryption could be used by law enforcement or others with access to the “trusted” computers to which the devices have been connected, according to the security expert who prompted Apple’s admission.
Read more on Huffington Post.
Thanks to Joe Cadillic for this link.
Update: earlier today, Jonathan Zdziarski posted the following to Pastebin:
Personal information that came off com.apple.mobile.file_relay unencrypted
(bypassing backup encryption) from my iPhone 5C 7.1.2. Your mileage may vary.Databases:
NOTE: These are raw sqlite3 databases, which means that deleted records can
often be carved from these files– Accounts database: List of email, social, and other accounts configured
– AddressBook database: Contact lists, phone numbers, addresses, etc.
– AddressBook images: Photos associated with contacts
– Calendar database: User’s calendar, events, alarms, and so on
– Notes database: All of the users notes as stored in the Notes application
– SMS/MMS/iMessage database:
– Database of all correspondence from “Messages” applicatio
– SMS attachments (photos or other attachments)
– SMS drafts (texts the user typed but did not sent)
– Emergency alerts received
– Voicemail database: All voicemail metadata
– Voicemail audio files: The actual audio of voicemails left for the user
– Envelope index: User’s email envelope data (message metadata, but no content)Media:
– Camera / Video Roll (all photos / videos still on the device reel)
– User photo album (photo album as synced from desktop)
– Thumbnails cache (database of thumbnails of photo album and camera reel)
– I didn’t have any music stored, but IIRC that comes off tooCaches:
– GeoLocation history (timestamp, lat/long, altitude, accuracy, speed, course)
– Contents of the clipboard (pasteboard)
– User’s last known longitude / latitude (separate cache from GeoLocation)
– Map tiles database (including tile identifiers)
– Screenshots of last user activity in:
– App Store
– Camera (intentionally blurred, but with clear saved roll preview)
– FaceTime (including screenshot of call history)
– Maps (including current position, last route, whatever on screen last)
– Calendar (open to my current day’s events at the time)
– Notes (last note I was viewing, or list of all notes)
– Mobile Phone (recent calls, contacts, or whatever was last on screen)
– Photo Album app (last album / photo viewed / album list)
– Messages (last thread or view of all messages)
– iTunes app
– Preferences
– App store resources cache (images, etc)
– iTunes cached resources (album covers, etc.)Other:
– Metadata disk image of entire user partition (minus actual file content)
– Keyboard typing cache
– Application install logs
– iCloud genstore (some cached copies of iCloud data)
– MobileAssets, including copies of kernel cache, iBSS, and other system files
– List of all installed applications (both third party and system)
– Mobile gestalt
– Device activation record
– All pairing records (including escrow bags) for other trusted machines
– Data ark
– Application preferences
– Application crash logs
– Baseband, iCloud, and other system logs
– Caches of urls to viewed audio and video media kept temporarily in /tmp
– Lockdown logs; what hosts have connected when, SIM/network statusAlso, when accessing house_arrest service, data-protection can be unlocked
and send all files from Documents, Library, Caches, Preferences, etc. from all
third party applications installed on the device (no access controls, so user
can download stateful information containing personal caches, conversations,
databases, OAuth tokens, private content, and sometimes even passwords)