Apple emerged as a guardian of user privacy this year after fighting\u00a0FBI demands to\u00a0help crack into San Bernardino shooter Syed Rizwan Farook\u2019s iPhone. The company has gone to great lengths to secure customer data in recent years, by implementing better encryption for all phones and refusing to undermine that encryption.<\/p>\n
But\u00a0private\u00a0information still escapes from Apple products under some circumstances. The latest involves the company\u2019s\u00a0online syncing service iCloud.<\/p>\n
Russian digital forensics firm Elcomsoft has found that Apple\u2019s\u00a0mobile devices automatically send a user\u2019s call history to the\u00a0company\u2019s servers if iCloud is enabled \u2014\u00a0but the data gets uploaded in many instances without user choice or notification.<\/p>\n
\u201cYou only need to have iCloud itself enabled\u201d for the data to be sent, said\u00a0Vladimir Katalov, CEO of Elcomsoft.<\/p>\n
The logs surreptitiously uploaded to Apple contain a list of all calls made and received on an iOS device, complete with phone numbers, dates and times, and duration. They also include missed and bypassed calls. Elcomsoft said Apple retains the data in a user\u2019s iCloud account for up to four months, providing a boon to law enforcement who may not be able to obtain the data either from the user\u2019s phone, if it\u2019s encrypted with an unbreakable passcode, or from the carrier. Although large carriers in the U.S. retain call logs for a year or more, this may not be the case with carrier outside the US.<\/p>\n
It\u2019s not just regular call logs that get sent to Apple\u2019s servers. FaceTime, which is used to make audio and video calls on iOS devices, also syncs call history\u00a0to iCloud automatically, according to Elcomsoft. The company\u00a0believes syncing of both regular calls and FaceTime call logs goes back to at least iOS 8.2, which Apple released in March 2015.<\/p>\n
And beginning with Apple\u2019s latest operating system, iOS 10, incoming missed calls that are made through third-party VoIP applications like Skype, WhatsApp, and Viber, and that use Apple CallKit to make the calls, also get logged\u00a0to the cloud, Katalov said.<\/p>\n
Because Apple possesses the keys to unlock iCloud accounts, U.S. law enforcement agencies can obtain direct access to the logs with a court order. But they still need a tool to extract and parse it.<\/p>\n
Elcomsoft said it\u2019s releasing an update to its Phone Breaker software tool today that\u00a0can be used to extract the call histories from iCloud accounts, using the account holder\u2019s credentials. Elcomsoft\u2019s forensic tools are used by law enforcement, corporate security departments, and even consumers. The company also leases some of its extraction code to Cellebrite, the Israeli firm the FBI\u00a0regularly uses to get into seized phones<\/a>\u00a0and iCloud data.<\/p>\n In some cases, Elcomsoft\u2019s tool can help customers access iCloud even without account credentials, if they can\u00a0obtain an authentication token for the account<\/a>\u00a0from the account holder\u2019s computer, allowing them to get iCloud data without Apple\u2019s help. The use of authentication tokens also bypasses two-factor authentication if the account holder has set this up to prevent a hacker from getting into their account, Elcomsoft notes on its website.<\/p>\n Apple\u2019s collection of call logs potentially puts sensitive information at the disposal of people other than law enforcement\u00a0and other\u00a0Elcomsoft customers. Anyone else who might be able to obtain the user\u2019s iCloud credentials, like hackers, could potentially get at it too. In 2014, more than 100\u00a0celebrities fell victim to a phishing attack that allowed a hacker to obtain their iCloud credentials and\u00a0steal nude photos of them from their iCloud accounts<\/a>. The perpetrator reportedly\u00a0used Elcomsoft\u2019s software<\/a>\u00a0to harvest the celebrity photos once the accounts were unlocked.<\/p>\n Generally, if someone were to attempt to download data in an iCloud account, the system would email a notification to the account owner. But Katalov said\u00a0no notification occurs when someone downloads synced call logs from iCloud.<\/p>\n Apple acknowledged that the call logs are being synced and said it\u2019s intentional.<\/p>\n \u201cWe offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,\u201d an Apple spokesperson said in an email. \u201cDevice data is encrypted with a user\u2019s passcode, and access to iCloud data including backups requires the user\u2019s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.\u201d<\/p>\n The syncing of iCloud call logs would not be the first time Apple has been found collecting data secretly. A few months ago, The Intercept reported about similar activity occurring with\u00a0iMessage logs<\/a>.<\/p>\n Chris Soghoian, chief technologist for the American Civil Liberties Union, said\u00a0he\u2019s not surprised that Apple is collecting the information.<\/p>\n \u201cIt\u2019s arguably not even the worst thing about iCloud,\u201d he told The Intercept. \u201cThe fact that iCloud backs up what would otherwise be end-to-end encrypted iMessages is far worse in my mind. There are other ways the government can obtain [call logs]. But without the backup of iMessages, there may be no other way for them to get those messages.\u201d<\/p>\n Still, he said\u00a0it\u2019s further proof that \u201ciCloud really is the Achilles heel of the privacy of the iPhone platform. The two biggest privacy problems associated with iCloud don\u2019t have check boxes [for users to opt out], nor do they require that you opt in either.\u201d<\/p>\n Jonathan Zdziarski, an iOS forensics expert and security researcher, said\u00a0he doesn\u2019t think Apple is doing anything nefarious in syncing the call logs. But he\u00a0said that Apple needs to be clear to users that the data is being collected and stored in the cloud.<\/p>\n iCloud is Apple\u2019s cloud service that allows users to sync data across\u00a0multiple Apple devices, including iPhones, iPads, iPods, and Macs. The iPhone menu corresponding to the service gives users the option of syncing mail, contacts, calendars, reminders, browser history, and notes and wallet data. But even though call logs are automatically getting synced as well, the menu does not list them among the items users can choose to sync. Because there\u2019s no way to opt in to sync call logs, there is also no way to opt out \u2014 other than turning off iCloud completely, but this can cause other issues, like preventing\u00a0apps from storing documents and data (such as WhatsApp backups) in the cloud.<\/p>\n \u201cYou can only disable uploading\/syncing notes, contacts, calendars, and web history, but the calls are always there,\u201d Katalov said. One way call logs will disappear from the cloud is if a user deletes a particular call record from the log on their device; then it will also get deleted from their iCloud account during the next automatic synchronization.<\/p>\n Katalov said\u00a0they\u2019re still researching the issue but it appears that in some cases the call logs sync almost instantly to iCloud, while other times it happens only after a few hours.<\/p>\n In addition to syncing data among their devices, users can also configure their iCloud account to automatically back up and store their data. Katalov said\u00a0that call logs get sent to the cloud with these backups as well, but this is\u00a0separate from the trafficking his company discovered: Even\u00a0if users disable the backups, their call logs will still get synced to\u00a0Apple\u2019s servers.<\/p>\n \u201cI would suggest Apple to add a simple option to disable call log syncing, as they do that for calendars and other things,\u201d Katalov told The Intercept, though he acknowledges this would likely take some re-architecting on Apple\u2019s part. Nonetheless, he says, \u201cThey should allow people to disable that if they want to.\u201d<\/p>\n Even as Apple has increased the security of its mobile\u00a0devices in recent years, the company has been moving more and more data to the cloud, where it\u00a0is less protected. Although iCloud\u00a0data is encrypted on Apple\u2019s server, Apple retains the encryption keys in almost every instance and can therefore unlock the accounts and access data for its own purposes or for law enforcement.<\/p>\n \u201cAll of your [iCloud] data is encrypted with keys that are controlled by Apple, but the average user isn\u2019t going to understand that,\u201d Zdziarski said. \u201cYou and I are well aware that Apple can read any of your iCloud data when they want to.\u201d<\/p>\n A report in the Financial Times nine months ago<\/a>\u00a0indicated Apple plans to\u00a0re-architect iCloud to resolve this issue and better protect customer data, but that has yet to occur.<\/p>\n Apple discusses the privacy implications of iCloud collection on its website and does say that implementing backups will send to\u00a0iCloud \u201cnearly all data and settings stored on your device.\u201d A 63-page\u00a0white paper<\/a>\u00a0on the site discloses more clearly that call logs get uploaded to Apple servers when iCloud backups are enabled. But neither document\u00a0mentions that the logs\u00a0still get uploaded even if backups aren\u2019t enabled.<\/p>\n Even in an online document about\u00a0handling legal requests from law enforcement<\/a>, Apple never mentions that call logs are available through iCloud. It says that it possesses subscriber information that customers provide, including name, physical address, email address, and telephone number. It also says it retains IP connection logs (for up to 30 days), email metadata (for up to 60 days), and content that the user chooses to upload,\u00a0such as photos, email, documents, contacts, calendars, and bookmarks. The law enforcement document\u00a0also says that Apple\u2019s servers have\u00a0iOS device backups, which may include photos and videos in the user\u2019s camera roll, device settings, application data, iMessages, SMS and MMS messages, and voicemail.<\/p>\n The only time it mentions call logs is to say that iCloud stores call histories\u00a0associated with FaceTime, but it says it maintains only FaceTime call invitation logs, which indicate when a subscriber has sent an invitation to someone to participate in a FaceTime call. Apple says the logs \u201cdo not indicate that any communication between users actually took place.\u201d It also says it only retains these logs for \u201cup to 30 days.\u201d<\/p>\n But Elcomsoft said\u00a0this is not true. Katalov said\u00a0the FaceTime\u00a0logs contain full information about the call, including the identification of both parties to the call and the call duration. He said his researchers also found that the FaceTime call logs were retained for as long as four months.<\/p>\n Some users are aware that their call logs are being synced to Apple\u2019s servers, because a byproduct of the automatic syncing means that if they have the same Apple ID as someone with a different device \u2014 for example, spouses who have different phones but use the same Apple ID \u2014 they will see calls from one device getting synced automatically to the device of the other person who is using the same ID.<\/p>\n \u201cIt\u2019s very irritating,\u201d one user\u00a0complained<\/a>\u00a0in a forum about the issue. \u201cMy wife and I both have iPhones, we are both on the same apple ID. When she gets a call my phone doesn\u2019t ring but when she misses that call my phone shows a missed call icon on the phone app and when I go to the phone app it\u2019s pretty clearly someone who wasn\u2019t calling my phone. Any way to fix this so it stops?\u201d<\/p>\n Another user\u00a0expressed frustration at not knowing how to stop the syncing<\/a>. \u201cI use my phone for business and we have noticed in the last few days that all of the calls I make and receive are appearing in my wife\u2019s iPhone recent call history? I have hunted high and low in settings on both phones but with no joy.\u201d<\/p>\n There\u2019s no indication, however, that these customers realized the full implications of their logs being synced \u2014 that the same data is being sent to and stored on Apple\u2019s servers for months.<\/p>\n Apple isn\u2019t the only company syncing call logs to the cloud. Android phones do it as well, and Windows 10 mobile devices also sync call logs by default with other Windows 10 devices that use the same Microsoft account. Katalov said\u00a0there are too many Android smartphone versions to test, but his company\u2019s research indicates that call log syncing occurs only with Android 6.x and newer versions. As with Apple devices, the only way for a user to disable the call history syncing is to disable syncing completely.<\/p>\n \u201cIn \u2018pure\u2019 [stock versions of] Android such as one installed on Nexus and Pixel devices, there is no way to select categories to sync,\u201d Katalov said. \u201cFor some reason, that is only able on some third-party Android versions running on Sony, HTC, Samsung, etc.\u201d The company already produces a tool for\u00a0harvesting call logs associated with Android devices<\/a>.<\/p>\n There\u2019s little that subscribers can do to prevent law enforcement from obtaining their iCloud call logs. But to protect against hackers who might obtain their\u00a0Apple ID from doing the same, they can use two-factor authentication. But Zdziarski said\u00a0there\u2019s another solution.<\/p>\n \u201cThe takeaway really is don\u2019t ever use iCloud. I won\u2019t use it myself until I can be in control of the encryption keys,\u201d he said.<\/p>\nAuthorized and Unauthorized iCloud Collection<\/h3>\n
Early Clues From Frustrated Apple Customers<\/h3>\n