“Apple has a hidden feature for you in its iPhones: call logs going back as far as four months are stored in near real-time in the iCloud,” Thomas Fox-Brewster reports for Forbes. “That’s the warning today from a Russian provider of iPhone hacking tools, Elcomsoft, which claimed the feature was automatic and there was no way to turn it off [except for] shutting down iCloud Drive altogether.”
“Whilst it was well-known that iCloud backups would store call logs, contacts and plenty of other valuable data, users should be concerned to learn that their communications records are consistently being sent to Apple servers without explicit permission, said Elcomsoft CEO Vladimir Katalov. Even if those backups are disabled, he added, the call logs continue making their way to the iCloud, Katalov said,” Fox-Brewster reports. “‘Syncing call logs happens almost in real time, though sometimes only in a few hours,’ he added. ‘But all you need to have is just iCloud Drive enabled, and there is no way to turn that syncing off, apart from just disabling iCloud Drive completely. In that case many applications will stop working or lose iCloud-related features completely.'”
Fox-Brewster reports, “Apple said the syncing did exist, a spokesperson explaining: ‘We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Apple is deeply committed to safeguarding our customers’ data. That’s why we give our customers the ability to keep their data private. Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.'”
“Jonathan Zdziarski, a noted iOS forensics expert, told FORBES he believed Elcomsoft’s find was new and of concern, but was likely down to Apple oversight,” Fox-Brewster reports. “Zdziarski said the research should give Apple further encouragement to add proper end-to-end encryption to the iCloud.”
Read more in the full article here.
MacDailyNews Take: The sooner Apple moves iCloud to end-to-end encryption, the better.
Security expert: Apple’s iMessage and FaceTime are not ‘end-to-end’ secure – August 6, 2015
Edward Snowden supports Apple’s stance on customer privacy – June 17, 2015
U.S. appeals court rules NSA bulk collection of phone data illegal – May 7, 2015
Apple’s iOS encryption has ‘petrified’ the U.S. administration, governments around the world – March 19, 2015
Apple’s Tim Cook warns of ‘dire consequences’ of sacrificing privacy for security – February 13, 2015
A message from Tim Cook about Apple’s commitment to your privacy – September 18, 2014
Apple will no longer unlock most iPhones, iPads for police, even with search warrants – September 18, 2014