[Cryptography] Security weakness in iCloud keychain
Jon Callas
jon at callas.org
Wed May 9 17:15:31 EDT 2018
> On May 9, 2018, at 11:38 AM, Ron Garret <ron at flownet.com> wrote:
>
>
> It turns out this is not true. By sheer coincidence (at least I’m pretty sure it was a coincidence) shortly after starting this thread, my iPod developed a battery problem and needed to be replaced. (Apple authorized service centers can’t replace the battery, so they give you a new iPod instead.) I wiped the old iPod before turning it in (i.e. logged out of iCloud and invoked the Reset function from general settings). I just now fired up the new one they gave me to replace it. When I did this, a test password that I had entered manually on the old iPod appeared on the new one. There is no place that password could have been stored other than in iCloud.
>
> Even worse: at one point during the setup process for my new iPod it asked me for the passcode I had set for the old one. So Apple must have stored that too. I find that to be particularly disturbing.
Have you read the security document?
Based on what you're saying, I have a hypothesis about what's going on, but you don't believe me.
Jon
More information about the cryptography
mailing list