For Paul, Apple’s new cross-device syncing feature meant the possible exposure of “personally identifiable information, seed values, phone call notes, love letters etc”. In light of the National Security Agency’s surveillance program, PRISM, and the recent hacks on celebrity iCloud accounts, this is a plausible risk. The same issue applies to third party document creating apps.
Local encryption however is undermined in Yosemite, according to Paul, who noticed that “all of my locally-stored, ‘unsaved’ documents open in my text editor have now been uploaded in full” to Apple’s servers. Under that model, they remained local and encrypted if the user was encrypting their hard drive. Prior to Yosemite, if documents were produced in, for example, Apple’s TextEdit, they would be stored in ~/Library/Saved Application State/, allowing the user to find the document in the state they left them even if the document was not explicitly ‘saved’. “Syncing data across devices is perfectly reasonable silently syncing data - via a stop on Apple servers - that I have previously only stored locally is not,” Paul told CSO Australia. But as Berlin-based security researcher Jeffrey Paul discovered, the convenience of syncing documents across multiple Apple devices may come at a hefty price to privacy, with unsaved documents in Yosemite now being uploaded automatically and “silently” to Apple’s servers.
0 kommentar(er)
