A Russian security firm is casting doubt on just how big of an ally Apple is when it comes to consumer privacy. In a new report, the company alleges that Apple’s iCloud retains the entire call history of every iPhone for as long as four months, making it an easy target for law enforcement and surveillance.
The firm, Elcomsoft, discovered that as long as a user has iCloud enabled, their call history is synced and stored. The log includes phone numbers, dates and durations of the calls, and even missed calls, but the log doesn’t stop there; FaceTime call logs, as well as calls from apps that utilize the “Call History” feature, such as Facebook and WhatsApp, are also stored.
There is also apparently no way to actually disable the feature without disabling iCloud entirely, as there is no toggle for call syncing.
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices,” an Apple spokesperson told The Intercept via email.”Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”
But security from unauthorized eyes isn’t what users should be worrying about, according to former FBI agent and computer forensics expert Robert Osgood. “Absolutely this is an advantage [for law enforcement],” Osgood told The Intercept. ““Four months is a long time [to retain call logs]. It’s generally 30 or 60 days for telecom providers, because they don’t want to keep more [records] than they absolutely have to.”
If the name Elcomsoft sounds familiar, it’s because the company’s phone-cracking software was used by many of the hackers involved in 2014’s massive celebrity nudes leak. Elcomsoft’s “Phone Breaker” software claims the ability to crack iCloud backups, as well as backup files from Microsoft OneDrive and BlackBerry.