Apple ‘Sends iPhone Call History To iCloud’

Law enforcement officials could get their hands on iPhone call data because Apple sends it to the iCloud, bypassing the protection afforded by iOS encryption, a Russian software developer has claimed.

Elcomsoft supplies law enforcement agencies, and anyone who so desires, with tools to extract information from offline and cloud backups created by iOS, Android, BlackBerry and Windows 10 devices.

A variety of iOS data is sent to the iCloud, including contacts, calendars, system backups and photos, but there appears to be “no reason” why call logs are sent there too, Elcomsoft said.

iCloud call logs

“The latest update of Elcomsoft Phone Breaker offers forensic experts the ability to acquire calls from the cloud just minutes after they’ve been placed or received”, says Vladimir Katalov, ElcomSoft CEO.

“More and more data is saved into the cloud, with little to no control left to the end user. This allowed us to build a great acquisition tool capable of near real-time access to calls being made with iOS devices.”

In a blog post, Elcomsoft’s Oleg Afonin claimed there was no way to turn the ‘feature’ off other than not to use the same Apple ID on different devices and to disable iCloud Drive functionality entirely. However this would stop other apps from being able to store data remotely. Afonin added that users did not want or need this feature, citing several forum posts as evidence.

Instead, the only beneficiaries appear to be police and other authorities, along with Elcomsoft itself.

“What seems to be a hassle for some frustrated iPhone users is a real blessing for law enforcement. Indeed, the security model of recent iPhones is exemplary,” said Afonin. “They are extremely difficult to break in on a physical level. Even unlocking the device with Touch ID or passcode does not automatically mean the ability to extract data. In fact, Apple refuses to perform acquisition of any iOS devices running iOS 8 and newer quoting their extremely strong security.

“In order to extract call logs, you’ll need to use the correct Apple ID and password to sign in to the user’s iCloud with Elcomsoft Phone Breaker 6.20. Alternatively, you may use an iCloud authentication token extracted from the suspect’s PC. If you use an authentication token, you’ll be able to bypass two-factor authentication checks, if 2FA is enabled on that account.”

Indeed, the practice appears to contradict the company’s efforts and the purpose of its long-running dispute with the FBI. Apple refused to build a back door into iOS so the FBI could access data on an iPhone 5C, claiming this would undermine the security of its products.

Ironically, Apple could have helped the FBI access data from the iCloud and the argument only ended when the FBI was able to gain access via a ‘third party’ product.

Apple has been contacted for comment.

How much do you know about data privacy? Try our quiz to find out!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

View Comments

  • Let us consider that person 'A' uses a landline phone and person 'B' has an iPhone. If person 'A' calls person 'B', is person 'A' giving 'Apple' (or any another party for that matter) permission to store their (person 'A') details in the cloud ?

    • Presumably give Person A permission to share certain details (number, call length) with Person B's telecoms provider too when they initiate the call.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago