iPhones secretly storing call data in iCloud, allows later access for law enforcement (Updated)

Posted by:
Date: Friday, November 18th, 2016, 05:43
Category: iOS, iPhone, privacy, security, Software


This definitely qualifies as a mess between privacy, security and law enforcement.

While Apple emerged as a guardian of privacy earlier this year, fighting the FBI’s demands to help crack San Bernadino shooter Syed Farouk’s iPhone, implementing improved encryption for all its handsets and refusing to undermine that encryption, it appears that private data is being sent to the iCloud without user consent.

Russian digital forensics firm Elcomsoft has found that Apple’s mobile devices automatically send a user’s call history to the company’s servers if iCloud is enabled — but the data gets uploaded in many instances without user choice or notification.

“You only need to have iCloud itself enabled” for the data to be sent, said Vladimir Katalov, CEO of Elcomsoft.

The logs sent along to Apple apparently contain a list of all calls made and received on an iOS device, complete with phone numbers, dates and times, and duration. They also include missed and bypassed calls. Elcomsoft has stated that Apple retains the data in a user’s iCloud account for up to four months, which offers a window for law enforcement to obtain it if necessary. Although large carriers in the U.S. retain call logs for a year or more, this may not be the case with carrier outside the US.

Other data is also sent to the iCloud, including FaceTime and regular call logs. The call logs appear to go back to at least iOS 8.2, which Apple released in March 2015.

Following the release of iOS 10, incoming missed calls that are made through third-party VoIP applications like Skype, WhatsApp, and Viber, and that use Apple CallKit to make the calls, also get logged to the cloud according to a representative from Elcomsoft.

Because Apple possesses the keys to unlock iCloud accounts, U.S. law enforcement agencies can obtain direct access to the logs with a court order. But they still need a tool to extract and parse it.

Apple’s collection of call logs potentially puts sensitive information at the disposal of people other than law enforcement and other Elcomsoft customers. Anyone else who might be able to obtain the user’s iCloud credentials, like hackers, could potentially get at it too. In 2014, more than 100 celebrities fell victim to a phishing attack that allowed a hacker to obtain their iCloud credentials and steal nude photos of them from their iCloud accounts. The perpetrator reportedly used Elcomsoft’s software to harvest the celebrity photos once the accounts were unlocked.

Apple has acknowledged that the call logs are being synced and said it’s intentional.

“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple spokesperson said in an email. “Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”

The syncing of iCloud call logs would not be the first time Apple has been found collecting data secretly.

As of now, Apple offers no clear way to either opt in or opt out of this arrangement, which makes it it that much more controversial.

According to Apple’s recently updated white paper on the topic, the company backs up the following data to iCloud:

Information about purchased music, movies, TV shows, apps, and books, but not the purchased content itself

Photos and videos in Camera Roll

Contacts, calendar events, reminders, and notes

Device settings

App data

PDFs and books added to iBooks but not purchased

Call history

Home screen and app organization

iMessage, text (SMS), and MMS messages


HomeKit data

HealthKit data


Stay tuned for additional details as they become available and please let us know what you think in the comments.

Via The Intercept, iMore and Apple

Recent Posts

Comments are closed.