Data Forensics Company Recovers Notes Data Apple Claims is Deleted

Files deleted from Apple’s Notes app shouldn’t be recoverable after 30 days, but the security and data forensics company Elcomsoft found they could access records that were deleted months—or even more than a year—ago. That sounds pretty bad, but recovering those files requires some pretty specific elements, including knowing your iCloud login and password.

Elcomsoft discovers long ago deleted Notes files are recoverable

iCloud offers data recovery for files that have been deleted in the lat 30 days. That’s a feature, not a bug, and TMO’s Melissa Holt recently detailed how that works. After 30 days, however, and those files are supposed to really be deleted and unrecoverable.

Elcomsoft found it’s possible to restore long deleted Notes data in some cases, saying, “We discovered that deleted notes are actually left in the cloud way past the 30-day period, even if they no longer appear in the ‘Recently Deleted’ folder.”

How Elcomsoft Notes Data Recovery Works

While restoring Notes files that were deleted more than 30 days ago does pose a privacy threat, it’s not necessarily a gaping hole any hacker can use. Accessing the deleted files requires the Apple ID and password linked to the iCloud account and Elcomsoft’s forensic software, both of which aren’t likely in the hands of a hacker.

The company’s tools can download all Notes data associated with an iCloud account, including those that no longer appear as recently deleted. Once the Notes files are downloaded, they can be viewed and searched without any restrictions.

Behind Elcomsoft’s Motivation

Detailing the flaw in Apple’s Notes recovery feature is, on one hand, a community service because now users and the company are aware of the problem. Apple can work on a server-side patch that truly deletes files that fall outside the recovery feature’s 30-day window, and users can decide if syncing Notes through iCloud is something they want to keep doing.

On the other hand, talking about the issue is essentially a big commercial for Elcomsoft’s data forensic products. These are tools law enforcement agencies use in criminal investigations, and telling the world about the Notes issue is akin to hanging a big neon “buy me” sign over Elcomsoft’s products.

What the Notes Data Recovery Issue Means for You

Despite the foreboding tone that goes along with hearing Notes data can be recovered well after is should really be gone, Elcomsoft’s announcement isn’t likely a big deal for most iCloud account users—unless you’re under criminal investigation and police already have your Apple ID user name and password. That’s not to say don’t worry if there’s nothing you need to hide; your personal data should simply stay private.

Apple will likely patch the issue that shouldn’t have been there, and Elcomsoft’s forensic tools won’t be able to get at those deleted records any more. The fix most likely will happen on Apple’s iCloud servers, so we…

Read the full article from the Source…

Back to Top