Forensic report of Elcomsoft, a Russian security firm, made a surprising exposure. The report confirmed that the call history of iCloud enabled iPhone users is being forwarded to Apple server without notifying them.
iCloud stores your media, documents, apps and plenty of other stuff and keeps them safe and updated. This helps you to access your stuff anytime from anywhere in the world. But unlike iCloud, your call history is not all that safe and secure. Though Apple is all about security, but now it has been revealed that your private information may still break out.
According to the report of Elcomsoft, instead of storing your information for few days Apple keeps it for almost four month. This can help the law enforcement agencies to obtain this data through court order. Apple is only allowed to store media, calendar etc. of its users, not their call logs.
Former FBI agent, Robert Osgood stated:
“Four months is a long time. It’s generally 30 or 60 days for telecom providers, because they don’t want to keep more than they absolutely have to. So, if Apple is holding data for four months, that could be a very interesting data repository and they may have data that the telecom provider might not”
Nothing is safe, not even a miss call
Elcomsoft further reported that apart from your call logs, audio and video calls made by FaceTime are also forwarded on Apple server. Moreover, in the updated version of iOS 10, even your missed calls, and third party calls from Whatsapp, Skype etc., are also forwarded to Apple. This makes your sensitive data more vulnerable.
Apple confessed that it is syncing the call logs on purpose. A representative of Apple said in an email:
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Device data is encrypted with a user’s passcode. The access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication”
A few months ago the same activity was identified in iMessage logs too. Back in 2014, a hacker using Elcomsoft software gained access of the nude photos of more than 100 celebrities. Hacker used their iCloud IDs to crack into their photos.
Chief technologist for the American Civil Liberties Union, Chris Soghoian commented:
“iCloud really is the Achilles heel of the privacy of the iPhone platform. The two biggest privacy problems associated with iCloud don’t have check boxes, nor do they require that you opt in either”
Apple should look forward to resolve this serious issue otherwise it might end up losing trust of its users. Even though Apple’s server are safest than any other, still, hackers and lawful agencies can crack into it. Apple can expand its option to disable call log syncing only, without disabling the whole iCloud.
Source: The Intercept