Apple upheld its position as the protector of user privacy by outright denying to help the FBI in unlocking the iPhone found in possession of the infamous San Bernardino shooter. But, the integrity of the same is now being questioned due to existence of a grim vulnerability in the iCloud backups on the iPhone, reports The Intercept.
According to Apple hacking tools provider Elcomsoft, the Cupertino giant’s cloud service has been collecting your call history, going back as far as four months, in real-time and consistently storing it on their servers without explicit permission from users. Elcomsoft CEO Vladimir Katalov states that the backup feature is automatic and there is no explicit way of shutting the service down. He says that iCloud continues to backup your communication log even when the backup service has been disabled.
Syncing call logs happens almost in real time, though sometimes only in a few hours. But all you need to have is just iCloud Drive enabled, and there is no way to turn that syncing off, apart from just disabling iCloud Drive completely. In that case many applications will stop working or lose iCloud-related features completely.
The call logs uploaded to the iCloud servers contain a lot more personal information than you imagine. It not only contains the list of all calls made and received on an iOS device but also includes phone numbers, dates and times, and duration data as well. Elcomsoft further mentions that it also syncs call logs pertaining to its video and audio call service FaceTime. Well, you might be fine with uploading your call history to iCloud and wondering why are we making a fuss about it?
Apple, in its data access guide, states the services which might be available for access to law enforcement agencies include email logs, text messages, photos, documents, contacts, calendars, bookmarks and iOS device backups. It never once mentions call history backups which are being updated in real-time and stored for four months.
Also, another grave concern over these backups is that Apple is the bearer of all encryption keys and has the ultimate to unlock any message or iCloud account. This can be used by law enforcement agencies to force the Cupertino giant to grant them access to user data, which wouldn’t be beneficial for us all. This could also open the backups to potential exploits hackers who can gain access to information with just the knowledge of their Apple ID.
With regard to the same, an Apple spokesperson has shared the following statement:
We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Apple is deeply committed to safeguarding our customers’ data. That’s why we give our customers the ability to keep their data private.
The Cupertino giant has not once specified if they’re working on further bolstering the security of their cloud service to protect their user’s data but fed up info that we were already aware of. Apple should atleast disclose that it is backing up call logs and provide users with the ability to turn those off, if required.
Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.