Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Lots of speculation here, since I have not seen any stories/posts out there re: people doing a deep dive to analyze potential security issues, but...

It appears that Apple might encrypt each note with their own unique encryption key, and those encryption keys are protected with a master password that the user assigns/creates. On iOS, there is a password reset button that has the caveat along the lines of "resetting the password will not affect the status of previously encrypted notes". So, appears that each note is not encrypted with the password user enters, hence, probably per-note unique random key (similar to how iOS encrypts each file on the device).

On OS X, Notes are stored in an SQLite database, so, guessing same on iOS and iCloud. Password "vault" for Notes is most likely kept in the database as some sort of table, with the encryption keys encrypted on the user selected passcode (ie. not seeing anything in Keychain being stored, and since in big scheme of things, needs to move between OS X - iCloud - iOS, the encryption info needs to be passed around easily between environments).

Per Apple, Notes in transit to/from iCloud are encrypted with AES-128. Stored on iCloud with AES-128 as well.

https://support.apple.com/en-us/HT202303

IMO, the weakest link is the user chosen passcode. Pick something weak, and the file is scraped off of iCloud or iOS or OS X (or un-encrypted TimeMachine backups), might be easily dictionary cracked. Next, not selecting a strong password for the computer and not turning on FileVault probably is the next weak point (but goes hand in hand with being able to scrape off the SQLite database).

Sure, might be a flaw in Notes where encryption keys might be exposed when machine and Notes up and running (but probably have bigger issues, if someone has planted something on the machine to snoop and or someone has physical access to machine with you not knowing). Apple's iCloud encryption keys might get leaked somehow. But, comes down to choosing a strong Notes master password, imo.

ADD: have not tested, but appears that each note is encrypted with the passcode in effect when you initially locked the note. I just looked at the verbiage for the reset button on iOS, "...create a new password for notes you lock from now on. Notes that already have a password aren't affected." So, still need, imo, a strong passcode for the notes, and set it early, because might not want to try to remember all the passwords used for different notes.
 
Last edited:
  • Like
Reactions: KALLT
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.