Even in the now famous case of the case of the San Bernardino shooter, Apple revealed it had already handed over access to the shooter's iCloud. That data includes email logs and content, text messages, photos, documents, contacts, calendars, bookmarks and iOS device back-ups.
Elcomsoft chief executive Vladimir Katalov said, “It is well-known that iCloud backups store call logs, contacts, and plenty of other valuable data. Users should be concerned to learn that their communications records are consistently being sent to Apple servers without explicit permission.”
“All you need to have is just iCloud Drive enabled, and there is no way to turn that syncing off, apart from just disabling iCloud Drive completely. In that case, many applications will stop working or lose iCloud-related features completely,” he added.
He stated that Apple had not properly disclosed just what data was being stored in the iCloud and, therefore, what information law enforcement could demand.
Apple has published a Guide for US Law enforcement and Katalov says it is inaccurate. “Synced data contains full information including call duration and both parties. We were able to extract information going back more than four months.”
Apple’s response was that it was deeply committed to safeguarding customers’ data. “That’s why we give our customers the ability to keep their data private. Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication.”
According to another source, The Intercept, data stored in iCloud is not at all safe from prying, legally enabled, eyes. It says that the fact that Apple is able and willing to help the government map the communications networks of its users doesn’t necessarily undermine the company’s posturing as a guardian of privacy, though this leaked document provides more detail about how the iMessages system can be monitored than has been volunteered in the past.
Just in case you think Elcomsoft is picking on Apple, it says Google enabled this for Android 6.x and Microsoft for Windows 10 Mobile, but the service can be turned off and does not affect cloud apps. It ends by saying that if you want to make confidential calls get another non-iPhone.
Macworld has a more detailed article here.
Header image courtesy Kaspersky Labs.