According to a report by The Intercept, Russian digital forensics firm Elcomsoft has found that the iPhone’s call history is automatically send to Apple’s servers if iCloud is enabled. The security firm claims that a user’s call history is uploaded in many instances without user choice or notification. “You only need to have iCloud itself enabled” for the data to be sent, said Vladimir Katalov, CEO of Elcomsoft.
The firm has discovered that call logs uploaded to Apple contain a list of all calls made and received on an iOS device, complete with phone numbers, dates and times, and duration. The data, which also includes missed and bypassed calls, is retained in a user’s iCloud account for up to four months, “providing a boon to law enforcement, who may not be able to obtain the data either from the user’s carrier”. FaceTime, which is used for both audio and video calls, also syncs call history to iCloud automatically, according to Elcomsoft.
“Absolutely this is an advantage [for law enforcement],” Robert Osgood, a former FBI supervisory agent who now directs a graduate program in computer forensics at George Mason University, said of Apple’s call history uploads. “Four months is a long time [to retain call logs]. It’s generally 30 or 60 days for telecom providers, because they don’t want to keep more [records] than they absolutely have to. So if Apple is holding data for four months, that could be a very interesting data repository and they may have data that the telecom provider might not.”
Elcomsoft has also said that it is releasing an update to its Phone Breaker software tool today, that can be used to extract the call histories from iCloud accounts, using the account holder’s credentials.
Meanwhile, Apple has acknowledged that the call logs are being synced, adding that it’s intentional:
“We offer call history syncing as a convenience to our customers so that they can return calls from any of their devices. Device data is encrypted with a user’s passcode, and access to iCloud data including backups requires the user’s Apple ID and password. Apple recommends all customers select strong passwords and use two-factor authentication”.
The syncing of both regular calls and FaceTime call logs goes back to at least iOS 8.2, which was released in March 2015.