A log of all phone calls made from iPhone devices running iOS 8 or newer may be automatically synchronized to iCloud and susceptible to third-party access, digital forensics and IT security solutions provider Elcomsoft has warned.
The issue, Elcomsoft’s Oleg Afonin explains, is not only that call records are synced to iCloud (when iCloud is enabled) regardless of whether the user wants that to happen or not, but also that iCloud data is loosely protected. Thus, if user’s calls are synced to the cloud, Apple themselves and third-parties with access to the proper credentials could extract them.
What’s more, all of the information stored in iCloud is available for law enforcement upon request, unlike data stored exclusively on the device, which Apple has said numerous times it cannot access.
In fact, Apple entered a spat with the FBI earlier this year when it refused to help decrypt the iPhone of San Bernardino shooter Syed Rizwan Farook, claiming that the Bureau was actually requesting a backdoor to be included in all iPhone devices. Eventually, the FBI received help from a third-party firm, but the quarrel went viral as large tech companies expressed their support for Apple. Some even announced plans to improve their encryption to provide users with increased privacy.
“On devices running iOS 8 and later versions, your personal data is placed under the protection of your passcode. For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess,” Apple says.
However, the same is not true about data saved on iCloud, because the same encryption level no longer applies to it. In Afonin’s opinion, the cloud syncing functionality is actually a blessing for forensic researchers and law enforcement agencies, as they can access user information that would otherwise be out of reach, because of the privacy features in iOS.
“The ability to extract call logs from the cloud instead of having to deal with the tough hardware protection of todays’ iPhones can be a blessing for forensic examiners,” Afonin says.
For users, however, this is a privacy nightmare. Not only is access to their data much easier, for Apple and for anyone with the right credentials, but the synced data – in this instance, call logs – is visible on all devices on which the same Apple ID is used.
If a user has two iPhones but a single Apple ID, the calls will appear on both devices. If two people share the same Apple ID, they will have visibility into each other’s calls. What’s more, if one of them clears the calls list on their device, the other user/device will be impacted as well.
The only way to avoid that, Elcomsoft says, is to disable iCloud Drive functionality on the iPhone. The move will not affect features such as iCloud Photo Library or iCloud backups, but will affect the syncing of data for third-party apps that rely on iCloud Drive for that. Increased privacy, it seems, comes at a cost.