Safari Saves All Deleted Browser History To iCloud

Forbes published a disturbing report that Safari web browser history gets saved in iCloud. A security analyst discovered that an iCloud Record called “tombstone”, which Apple keeps the deleted history, accidentally using a tool called Phone Breaker.

View Browser History from The Grave

Phone Breaker was developed by Elcomsoft in Russia. Vladimir Katalov CEO stated that Apple can store browser history back up to a year ago, possibly longer.

Forbes writer Thomas Fox-Brewster used Phone Breaker for his own iCloud accounts. The program gave him access to 7,000 records, which were not supposed to be deleted. It showed a count of visitors and the date and times the item had been deleted. (Apple’s term was cleared but not deleted). You could also see the complete terms of Google Searches.

Vladimir Katalov even had an iOS expert on the case to support his claims. Unidentified person discovered the Phone Breaker had found 125,203 browsing data in their account. Thomas and the expert in forensics discovered that the records go back to November 2015, according to Thomas.

Details and Risk

This data has not yet been accessible by law enforcement. Even hackers can’t access the data remotely. Phone Breaker is a tool that requires the user to have their iCloud credentials and an authentication token.

Apple is the Best?

Apple hasn’t yet made an official statement on the issue, but it doesn’t mean that the company is silent. Forbes has been told by an insider to the effect that Safari 9.1 (and iOS 9.3) later) allow you to erase browser history and turn URLs into hashes. This makes it impossible for anyone to know which websites you visited.

Vladimir Katalov discovered that browsing records disappeared from their computers after the Forbes article had been published. Apple could therefore be taking steps.

UPDATE

Vladimir Katalov from Elcomsoft offered clarification. He said he read iOS release notes but could not find any evidence that the issue had been fixed in Safari 9.1/iOS 9.3.

Elcomsoft’s software was tested on iOS 9.3, iOS 10.2, 10.2, and iOS 10.3. The iOS version doesn’t affect the ability to store your browsing history in iCloud.

Vladimir stated that he was unable to find a link between the URL being deleted and the storage of the data in iCloud. Elcomsoft only examined the synced data within iCloud and didn’t analyse delete requests. Apple stores encryption keys with the encrypted data, and encrypts it in the cloud.

Actual records will display the page title, date/time and URL. Two data points can be saved for deleted links. Two data points are stored for “deleted links”. One contains the original information. The other duplicates the document but includes the attachment called the “tombstone”. These havehes are eliminated.