Tech —

Ask Ars: how safe is my data stored in iCloud?

How well does Apple protect your e-mail, photo stream, documents, and other …

Apple uses
Apple uses "industry best practices" to keep iCloud data protected.

Apple's iCloud service lets users sync a staggering amount of data between Macs, Windows PCs, iPhones, and iPads. Though Apple says it stores this data securely in an encrypted format, just how safe is it? An Ars reader wrote in to ask us this question, so we decided to investigate.

The simple answer is that your data is at least as safe as it is when stored on any remote server, if not more so. All data is transferred to computers and mobile devices using secure sockets layer via WebDAV, IMAP, or HTTP. All data except e-mail and notes—more on that later—are stored and encrypted on disk on Apple's servers. And secure authentication tokens are created on mobile devices to retrieve information without constantly transmitting a password.

The data stored on Apple's iCloud servers includes photos in your Photo Stream, any documents stored in iCloud, backups for iOS devices, @me.com e-mail, contacts, calendars, Safari bookmarks, reminders, and notes. According to Apple, all data is stored encrypted on disk except e-mail and notes. The exception for e-mail may be due to performance reasons, including supporting features like searching messages on the server or partially downloading messages and attachments.

As far as we can determine, no common IMAP providers encrypt messages on disk for consumer e-mail services. (Commercial services do exist to securely transport e-mail and encrypt it on disk for HIPAA compliance, however.) Instead, most providers offer support for S/MIME encrypted messages, which requires encrypting messages sent by your e-mail client and relying on the receiver's client to decrypt using a key you provide. Doing so is the only way to ensure end-to-end encryption of message contents.

Notes are also not encrypted on iCloud servers. The reason is that iCloud currently syncs notes using IMAP, and a result of this method is that your notes are synced on Mac OS X via Mail. However, OS X 10.8 (Mountain Lion) will include a proper Notes app when it's launched this summer, so it's possible that future Notes will use iCloud's document store APIs, and these notes will be encrypted on disk like the rest of iCloud data.

For now, though, it's technically possible for an unscrupulous Apple data center employee to rifle through your e-mail or notes. The likelihood is remote, and Apple promises in its privacy policy that it "takes precautions—including administrative, technical, and physical measures—to safeguard your personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction." Those who routinely send and receive messages of importance to national security—or just the more paranoid among us—may want to consider a more secure alternative for e-mail and notes.

What about what Apple doesn't tell us?

Apple would not disclose to us the methods used to encrypt data on disk, and merely claimed to use industry standard practices to ensure user data is stored securely. Still, we can make a few educated guesses about the level of security used. To start, several sources we consulted believe that Apple is using Microsoft Azure to power its iCloud data store. Using a WebDAV client, we were able to access some of our iCloud data by guessing the server name and path; once authenticated, that data was human readable. Since we know that Apple encrypts this kind of data, the company is likely using some type of file-system encryption that is decrypted on the fly when requested from an authenticated device or computer.

Mac OS X appears to use the PBKDF2 (Password-Based Key Derivation Function) standard recommended by the National Institute of Standards and Technology (NIST) to generate encryption keys for things like FileVault and Keychain. Outside of a direct explanation of the exact algorithms and key lengths from Apple, it seems reasonable to presume Apple is using this same "industry standard practice" to generate the secure tokens used to access iCloud from authenticated devices.

Essentially, NIST considers PBKDF2 "good enough for government work" so that federal agencies can secure data as required by Federal Information Security Management Act (FISMA) of 2002. Assuming Apple is generating keys that are more than 64 bits in length, the chances of someone brute-forcing the key and decrypting the data within a lifetime are slim to none.

Your iCloud data also isn't generally shared with third parties, but some personal information, such as name and address, may be shared with, for instance, a credit card processing service. As far as your Safari bookmarks or iPhone photos, however, that information is only given out when required by law, such as when it's required by court order. "We may also disclose information about you if we determine that, for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate," Apple wrote in its privacy policy.

As best as we can determine, if your Apple ID isn't a widely known e-mail address with an easy-to-guess password (Apple now requires a combination of uppercase and lowercase letters and numbers, at a minimum), your iCloud data is effectively "safe" from hackers or prying third parties. E-mail and notes are not as secure as other data, though it doesn't appear to be any less secure than other common IMAP e-mail providers. If you require HIPAA-level security compliance, you'll need a different solution for e-mail—but then again, you likely wouldn't be using a personal e-mail address for such purposes in the first place. And you could use standard S/MIME encryption such as PGP to secure e-mail messages from sender to receiver.

Listing image by Photograph by Photo Illustration by Chris Foresman includes photo CC m theirry

Channel Ars Technica