A Russian software and digital forensics company is claiming that Apple has been secretly uploading data from iPhone users through its iCloud service. If true, it could be seen as a potential security risk and breach of privacy by some users.
“ElcomSoft Co. Ltd. discovers another privacy issue with Apple cloud services, releases tool to extract iPhone call logs from iCloud,” Moscow-based ElcomSoft announced in a press release.
“Apple automatically uploads iPhone call logs to Apple’s remote servers,” the press release continues. “Call logs can be stored on Apple servers for months, and there is no option for the end user to disable this sync without disabling iCloud entirely on their device.”
So, um, when your iPhone has iCloud turned on, it sends your call records to Apple. Just so you know. https://t.co/TmTfikJFqk
— consumerist (@consumerist) November 19, 2016
The press release heavily promoted ElcomSoft’s new Phone Breaker 6.2 data extraction tool, which raises some questions about the motives and legitimacy of the company’s accusations against Apple. However, several major news outlets and respected tech sites have since reported on the iCloud data uploads as factual. Investigative reporting site the Intercept recently reported on the issue as well.
“Apple emerged as a guardian of user privacy this year after fighting FBI demands to help crack into San Bernardino shooter Syed Rizwan Farook’s iPhone,” Kim Zetter writes for the Intercept. “The company has gone to great lengths to secure customer data in recent years, by implementing better encryption for all phones and refusing to undermine that encryption. But private information still escapes from Apple products under some circumstances. The latest involves the company’s online syncing service iCloud.”
One of the main problems with iCloud uploading data to Apple’s servers is that there’s no convenient way to stop it from doing so if you have iCloud activated on a device, and deactivating iCloud to avoid the data upload will, of course, deny access to all of iCloud’s functions.
“The ability to store call logs (information about incoming and outgoing calls, including missed or rejected calls) on Apple servers is available on devices running iOS 9.x and 10.x,” the ElcomSoft press release explains. “There is no official way to disable this feature for the end user other than switching off the iCloud Drive functionality completely… Since iOS delivers a number of services via iCloud Drive, disabling it would greatly affect its usability.”
Calls made directly through your iPhone are not the only ones being logged either. FaceTime calls are also synced through iCloud. All third-party VoIP applications such as Apple CallKit, Skype, Viber, and WhatsApp are synced to iCloud in the iOS 10 operating system as well, Zetter explains in the Intercept article.
iCloud stores your iPhone’s call history for four months https://t.co/brw4MUFDOH
— TechCrunch (@TechCrunch) November 18, 2016
Questions about how photos are synced and stored on Apple’s servers still remain.
“In recent months, ElcomSoft has discovered that Apple may keep photos deleted from the user’s iCloud Photos for much longer than the advertised period of 30 days,” the ElcomSoft press release notes. “While Apple has seemingly fixed the issue, it is not yet known whether the photos are actually removed from Apple servers or are kept elsewhere.”
Apple has recently faced other security issues, perhaps most notably when it was reported that spyware was targeting three zero-day vulnerabilities in the iOS 9.3.5 operating system.
Those vulnerabilities made headlines when the iPhone of United Arab Emirates dissident Ahmed Mansoor was targeted by a “highly expensive spyware that exploits flaws in the mobile operating system for iPhones and iPads,” USA Today reported in August.
Apple quickly issued an update to address that threat and “beefed up” its security efforts by offering awards of up to $200,000 for researchers who discover any bug or vulnerability that poses a threat to Apple operating systems, according to USA Today.
Apple could, of course, update iCloud so that it no longer automatically uploads data to Apple servers. Doing so would offer a greater sense of security to users with privacy concerns.
[Featured Image by Sean Gallup/Getty Images]