Apple
emerged as a guardian of user privacy this year after fighting FBI
demands to help crack into San Bernardino shooter Syed Rizwan
Farook’s iPhone. The company has gone to great lengths to secure
customer data in recent years, by implementing better encryption for
all phones and refusing to undermine that encryption. But private
information still escapes from Apple products under some
circumstances. The latest involves the company’s online syncing
service iCloud.
Russian
digital forensics firm Elcomsoft has found that Apple’s mobile
devices automatically send a user’s call history to the company’s
servers if iCloud is enabled — but the data gets uploaded in many
instances without user choice or notification. “You only need to
have iCloud itself enabled” for the data to be sent, said
Vladimir Katalov, CEO of Elcomsoft.
The logs
surreptitiously uploaded to Apple contain a list of all calls made
and received on an iOS device, complete with phone numbers, dates and
times, and duration. They also include missed and bypassed calls.
Elcomsoft said Apple retains the data in a user’s iCloud account
for up to four months, providing a boon to law enforcement who may
not be able to obtain the data either from the user’s phone, if
it’s encrypted with an unbreakable passcode, or from the carrier.
Although large carriers in the U.S. retain call logs for a year or
more, this may not be the case with carrier outside the US.
It’s not
just regular call logs that get sent to Apple’s servers. FaceTime,
which is used to make audio and video calls on iOS devices, also
syncs call history to iCloud automatically, according to Elcomsoft.
The company believes syncing of both regular calls and FaceTime call
logs goes back to at least iOS 8.2, which Apple released in March
2015.
Full
report:
Comments
Post a Comment