Elcomsoft, purveyor of forensic extraction tools, announced that they were the first to achieve a full filesystem extraction for the Apple TV 4K running tvOS 26, marking the first forensic extraction of one of Apple's latest operating systems, according to them. They plan to release support in their iOS Forensic Toolkit later.
I guess this is almost the oldest SoC Apple still supports. This seems to rely on the well-known exploit in pre-A11 chips that I guess won’t be fixed until these products are taken out of commission.
I don’t like how Apple calls them all Apple TV 4K even though the one in question here is 5 years older than the current Apple TV 4K.
Next, the keychain. We’d be happy to see the complete keychain synced with Apple TV, but only Wi-Fi passwords are present. This is a feature, not a bug, since Apple TV cannot be protected with a passcode. Well, some tokens (and probably passkeys) appear to be there too, but this still requires further exploration.
They highlight the difficulties of extracting data when the device lacks a USB C port, however there is apparently a hidden lightning connection in the ethernet port. Apple sells the Apple TV in two configurations: one without an ethernet port and one with one, so maybe the one without an ethernet port is a bit more secure against forensic extraction.
When we think of security, we tend to focus on securing our phones and desktop computers. But as more and more IoT devices enter our lives, we need to start thinking about the security of those as well.
The Apple TV syncs a lot of data from your iCloud, such as photos. The device doesn’t sync as much data as an iPhone or a Mac, but it’s certainly enough to be worried about.
That’s why nobody should be using shared folders or syncing them with the Apple TV in the first place. Best defense against this type of forensic extraction is to not have anything important on it anyways.
Wouldn’t the Apple TV be running 24/7 anyways? Or at least, a decent good chunk of that time.
Speaking of alternatives, we don’t have many good ones out there that are easily configurable day 1. I’m sure home theatre pcs running LibreElec are just as prone to forensic extraction because of its very nature as a pc, not an IOT device. Unless you want to hook up a keyboard to unlock it every time it’s turned on, I don’t see how smart tv devices can be made resistant against these attacks anyways.
I doubt this can be configured on Apple TV, short of not signing in to iCloud
This is why I liked the idea of Google Chromecast back in the day, but people like their remotes. Maybe now that technology has much improved, it would be cool if my phone could power a full TV experience in the same way it can control a car’s infotainment via CarPlay.
Or, Apple just needs to make it so that personal data from iCloud can only be accessed on Apple TV if the person’s iPhone is in close proximity.
