iPhone Call Logs Easy Pickings on iCloud, Says Russian Security Firm

Source: Tech News World

By Peter Suciu

Russian digital forensics firm ElcomSoft on Thursday reported that Apple automatically uploads iPhone call logs to iCloud remote servers, and that users have no official way to disable this feature other than to completely switch off the iCloud drive.

The data uploaded could include a list of all calls made and received on an iOS device, as well as phone numbers, dates and times, and duration, the firm said.

Apple retains the cloud-based data for up to four months, according to ElcomSoft’s report. It includes calendars, wallet, books, notes and other data synced with iCloud. Even photos may be retained remotely longer than Apple has indicated.

Apple currently relies on a two-factor authentication system that requires an iCloud token along with an Apple ID and password, but ElcomSoft’s new Phone Breaker 6.20 software can allow law enforcement to bypass those checks.

For its part, Apple has defended the fact that the data is backed up on the cloud.

“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple spokesperson said in a statement provided to TechNewsWorld by company rep Ryan James.

“Apple is deeply committed to safeguarding our customers’ data,” the spokesperson added. “That’s why we give our customers the ability to keep their data private. Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”

Privacy or Security?

ElcomSoft made its announcement not so much to call attention to the potential weaknesses in Apple’s data storage practices, as to address how easily its own software can obtain the information. It is billed as a tool for law enforcement, but it’s not too hard to imagine that hackers could utilize similar tools for nefarious purposes.

“It is very concerning, as this can’t be something that is a surprise to Apple; it is baked into their design for the product and services,” said Jim Purtilo, associate professor of computer science at the University of Maryland.

“Only Apple can speak to its motive for orchestrating this behavior, but this is a way to project an image of security to consumers,” he told TechNewsWorld.

These iPhone users may believe their data are encrypted and secure, “which is mostly true, even if only on their actual device, while [Apple] is still working accommodatingly with the feds, who get tremendous value from the traffic analysis made possible by these saved data,” Purtilo added.

Read more

Leave a Reply