Earlier this year, Apple went toe-to-toe with the FBI over the company’s refusal to unlock the iPhone of San Bernardino shooter Syed Rizwan Farook. After refusing a court order to assist, Apple emerged as the great protector of user privacy. But was this all a farce?
It seems that private information still escapes from Apple products under certain circumstances – the latest being the company’s online syncing service iCloud.
“We're hunting for awesome startups”
Run an early-stage company? We're inviting 250 to exhibit at TNW Conference and pitch on stage!
According to The Intercept:
Russian digital forensics firm Elcomsoft has found that Apple’s mobile devices automatically send a user’s call history to the company’s servers if iCloud is enabled — but the data gets uploaded in many instances without user choice or notification.
The data – including calls made and received – collects information such as phone numbers, dates and times, and duration which is then automatically uploaded to Apple.
Apple keeps this information for up to four months, and because they control the keys to encrypted messages as well as possess the ability to unlock iCloud accounts, the device-maker could be forced to grant access to law enforcement agencies.
Chris Soghoian, chief technologist for the American Civil Liberties Union, says that because iCloud backs up normally encrypted iMessages it could actually be worse.
…There are other ways the government can obtain [call logs]. But without the backup of iMessages, there may be no other way for them to get those messages.
But this is only the beginning.
Hackers could potentially collect sensitive information merely by obtaining a user’s Apple ID.
In order to prevent this, iPhone owners can use two-factor authentication. But that won’t stop the fuzz if they come sniffing at your door.