Secure your iPhone or iPad – Hack your data

I am always interested in how secure my devices are? Is my data safe, can people get to my info, am I at risk of giving out any private information. The iPhone /iPad has proven to be pretty secure if you take precautions. Lock your screen and keep sensitive data out of the clear. The one interesting item you can hack is the backup. There is a lot of information to be gathered and searched in your simple backup.  Many people don’t think twice about the sync that happens with your computer and iTunes. I’ll go into a little discussion on what can be seen.

Before I go too far into this  information, it should be noted that this can be corrected by encrypting your backups.   The process to encrypt your backup is a simple check box in iTunes.  You can do this by connecting your iphone / ipad and selecting summary -> options -> encrypt iPhone backup.

Now that you have secured any future information let’s look at the wealth of informaiton that is now residing on your computer from your previous backups.  To find your backups on a windows machine navigate to :

(Windows 7 or vista) – C:\Users\{your username}\AppData\Roaming\Apple Computer\MobileSync\Backup\

(Windows XP) – C:\Documents and Settings\{your username}\Application Data\Apple Computer\MobileSync\Backup

Once in the directory you will see your backup sets.  Select one to look at.    First we will start with the info.plist file.  You can open this file with any text editor (xml formated file).  This file contains the overall information regarding the ios device:

  • Device Phone number
  • Device name
  • Device GUID
  • ICC-ID: Integrated Circuit Card ID serial number of the SIM card
  • Serial number of the device
  • and Much more

You can see in the screen capture above that this device name is “jimizphone”.

I know at this point you are thinking why is this stuff important.  Well after some research and some reading I was able to find out what some of those files contained.  Thanks to team over at hrgeeks in their great post here is some definitions of the files.  These files are all .mddata files that can be viewed using a SQLite browser.:

  • Call Log: ff1324e6b949111b2fb449ecddb50c89c3699a78
  • SMS (TEXT) Log: 3d0d7e5fb2ce288813306e4d4636395e047a3d28
  • Notes Application : 740b7eaf93d6ea5d305e88bb349c8e9643f48c3b
  • Contact List: 31bb7ba8914766d4ba40d6dfb6113c8b614be442
  • Voice Mail List: 992df473bbb9e132f4b3b6e4d33f72171e97bc7a
  • Calendar: 2041457d5fe04d39d0ab481178355df6781e6858

Let’s review one of the files.  I choose to look at the SMS log.  This would be the most damaging file if someone could review what I have said.   It could also be the target file for people looking for information (ex-wife, girlfriend, or business competitor).  Using SQLite browser I did a select statement on the file “select * from messages”  it returns records of text messages from the phone.

You can see from the image, that a record of all text messages was saved.  I have not verified if the deleted items are saved but the information is clear enough.  Your iPhone  backup file contains in clear text your SMS text messages.  It has the date, phone, message, and time stamp that can be searched.

Opening the contact list quickly allowed me to look at names and numbers that were stored on the phone.  This could be dangerous for people who don’t want that information shared.   A person would not need physical access to their phone, only access to their computer.

Armed with file name information you can also get other non-phone related information that may be stored by applications.

Facebook friend list – 6639cb6a02f32e0203851f25465ffb89ca8ae3fa

I did a quick check, and I was able to see all my facebook friends information (cell phone, email are hashed) but names and contact are available.  This is interesting in that you can gather information outside of the phone that could be used against you.

So with a little information and a simple tool you can get a lot of information from an iPhone / iPad backup.

To view the email accounts accessed or setup on the phone you can view this file in a text view application:

  • Email Account: 5fd03a33c2a31106503589573045150c740721dd
  • Safari History: 1d6740792a2b845f4c1e6220c43906d7f0afe8ab
  • Safari Searches: bd38afa30b5a43c146db02a46ee11d82cdc817fe
Overall there is a lot of data being stored on your computer from your phone.  Be safe, encrypt it.

Here is a list of all the photos in this post:

Leave a Comment