When Apple announced iOS 7, iCloud Keychain was one of its key features. It is no doubt great for usability, but what about security? What kind of access does Apple have to the passwords stored in the iCloud?
The talk by Andrey Belenko from PasswordsCon Bergen 2013 focuses on protection of user data. It reviews iOS Data Protection and changes that iOS 7 brought to it. The author explores in great detail the inner workings of the new iCloud service — ‘escrowproxy’ — which is the essence of the iCloud Keychain. Other iCloud services, such as iCloud Backup, receive some attention, too.
The main giveaway of the talk is the in-depth analysis of the new iCloud Keychain feature. You learn how, when, and where things are encrypted, and what it takes to decrypt them.