Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

iPhone Call Logs Quietly Synced to iCloud, Forensics Firm Warns

A log of all phone calls made from iPhone devices running iOS 8 or newer may be automatically synchronized to iCloud and susceptible to third-party access, digital forensics and IT security solutions provider Elcomsoft has warned.

A log of all phone calls made from iPhone devices running iOS 8 or newer may be automatically synchronized to iCloud and susceptible to third-party access, digital forensics and IT security solutions provider Elcomsoft has warned.

The issue, Elcomsoft’s Oleg Afonin explains, is not only that call records are synced to iCloud (when iCloud is enabled) regardless of whether the user wants that to happen or not, but also that iCloud data is loosely protected. Thus, if user’s calls are synced to the cloud, Apple themselves and third-parties with access to the proper credentials could extract them.

What’s more, all of the information stored in iCloud is available for law enforcement upon request, unlike data stored exclusively on the device, which Apple has said numerous times it cannot access.

In fact, Apple entered a spat with the FBI earlier this year when it refused to help decrypt the iPhone of San Bernardino shooter Syed Rizwan Farook, claiming that the Bureau was actually requesting a backdoor to be included in all iPhone devices. Eventually, the FBI received help from a third-party firm, but the quarrel went viral as large tech companies expressed their support for Apple. Some even announced plans to improve their encryption to provide users with increased privacy.

“On devices running iOS 8 and later versions, your personal data is placed under the protection of your passcode. For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess,” Apple says.

However, the same is not true about data saved on iCloud, because the same encryption level no longer applies to it. In Afonin’s opinion, the cloud syncing functionality is actually a blessing for forensic researchers and law enforcement agencies, as they can access user information that would otherwise be out of reach, because of the privacy features in iOS.  

“The ability to extract call logs from the cloud instead of having to deal with the tough hardware protection of todays’ iPhones can be a blessing for forensic examiners,” Afonin says.

iPhone Call Log

For users, however, this is a privacy nightmare. Not only is access to their data much easier, for Apple and for anyone with the right credentials, but the synced data – in this instance, call logs – is visible on all devices on which the same Apple ID is used.

Advertisement. Scroll to continue reading.

If a user has two iPhones but a single Apple ID, the calls will appear on both devices. If two people share the same Apple ID, they will have visibility into each other’s calls. What’s more, if one of them clears the calls list on their device, the other user/device will be impacted as well.

The only way to avoid that, Elcomsoft says, is to disable iCloud Drive functionality on the iPhone. The move will not affect features such as iCloud Photo Library or iCloud backups, but will affect the syncing of data for third-party apps that rely on iCloud Drive for that. Increased privacy, it seems, comes at a cost.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights