According to The Intercept, a Russian security firm Elcomsoft claims that Apple is now syncing your iPhone’s call data to the iCloud, which can be accessed by the company. Below we’ve listed out in easy points how can this affect your personal security. We’ll update the story as soon as updates on Apple’s official stand on the report mentioned above is made available.
What Information Does Apple Access?
If a user has iCloud enabled on their iOS device, all their call logs, including phone numbers, call duration, date and time of missed, dialled and received calls will be stored in the iCloud account of the user for four months. Apart from the standard telephone calls, Apple also records data from your FaceTime. Whether you make an audio or a video call, all the call history is automatically synced to the iCloud servers.
Are You Safe if You Own a Device With iOS 10?
No, absolutely not. On the contrary, if you’re using the latest version of the iOS, not only will your phone calls and FaceTime logs will make it to the server but also calls using third-party applications. Calls made through VoIP applications like WhatsApp, Viber and Skype which use Apple’s CallKit, will also have their own space on the Cloud servers.
How Does This Help Law Enforcement?
Telephone service providers keep a call record of up to 60 days, which can then be used by various law enforcement agency’s to arrest criminals or follow a trail. Now since Apple holds the key to unlocking any iCloud account, if needed, law enforcement agencies can hold them to a court order to gain access to the call data. The law enforcement agencies can extract this data using Phone Breaker software tool. These tools are also used by corporate security departments and consumers too.
Is iCloud Safe to Use?
If anyone can get your iCloud credentials, like a hacker, your data can be used in any way that they wish to. If you recall the 2014 incident when certain celebrity accounts were hacked, you’ll get the gist of the matter. Elcomsoft’s software tool can help its customers — which include certain law enforcement agencies — to access an iCloud account without using credentials, all you need is an authentication token for the account in question, and that’ll allow you to gain access to the iCloud account without any help from Apple’s side.
Has This Happened to Anyone?
Apple customers have reported auto-syncing of their device’s data among two devices using the same Apple ID, causing confusion. A New York Times report from February stated that Apple was to roll out updates to its security features in order protect user data better, but that hasn’t happened yet. The best way out of this mess for Apple would be to allow users to toggle the auto-syncing of features on their phone so that they only push things to the Cloud servers which they really want to save.