Files deleted from Apple’s Notes app shouldn’t be recoverable after 30 days, but the security and data forensics company Elcomsoft found they could access records that were deleted months—or even more than a year—ago. That sounds pretty bad, but recovering those files requires some pretty specific elements, including knowing your iCloud login and password.
iCloud offers data recovery for files that have been deleted in the lat 30 days. That’s a feature, not a bug, and TMO’s Melissa Holt recently detailed how that works. After 30 days, however, and those files are supposed to really be deleted and unrecoverable.
Elcomsoft found it’s possible to restore long deleted Notes data in some cases, saying, “We discovered that deleted notes are actually left in the cloud way past the 30-day period, even if they no longer appear in the ‘Recently Deleted’ folder.”
How Elcomsoft Notes Data Recovery Works
While restoring Notes files that were deleted more than 30 days ago does pose a privacy threat, it’s not necessarily a gaping hole any hacker can use. Accessing the deleted files requires the Apple ID and password linked to the iCloud account and Elcomsoft’s forensic software, both of which aren’t likely in the hands of a hacker.
The company’s tools can download all Notes data associated with an iCloud account, including those that no longer appear as recently deleted. Once the Notes files are downloaded, they can be viewed and searched without any restrictions.
Behind Elcomsoft’s Motivation
Detailing the flaw in Apple’s Notes recovery feature is, on one hand, a community service because now users and the company are aware of the problem. Apple can work on a server-side patch that truly deletes files that fall outside the recovery feature’s 30-day window, and users can decide if syncing Notes through iCloud is something they want to keep doing.
On the other hand, talking about the issue is essentially a big commercial for Elcomsoft’s data forensic products. These are tools law enforcement agencies use in criminal investigations, and telling the world about the Notes issue is akin to hanging a big neon “buy me” sign over Elcomsoft’s products.
What the Notes Data Recovery Issue Means for You
Despite the foreboding tone that goes along with hearing Notes data can be recovered well after is should really be gone, Elcomsoft’s announcement isn’t likely a big deal for most iCloud account users—unless you’re under criminal investigation and police already have your Apple ID user name and password. That’s not to say don’t worry if there’s nothing you need to hide; your personal data should simply stay private.
Apple will likely patch the issue that shouldn’t have been there, and Elcomsoft’s forensic tools won’t be able to get at those deleted records any more. The fix most likely will happen on Apple’s iCloud servers, so we won’t even have to wait for a security patch for your iPhones, iPads, and Macs.
For the average user, this is an issue that they most likely won’t ever encounter. For TMO’s John Kheit, however, this is no doubt a big dose of personal validation for his argument against cloud services in general.