iPhone Call History Synced to iCloud Without User Consent, Knowledge

Security experts warn iPhone call history data may be synced to iCloud accounts without user knowledge, making personal phone records an easy target for a determined third-party.

iPhone users are being warned that their call history may be synced and stored on their iCloud account without their knowledge, making their personal phone records a target for a determined third party.

Under a common configuration scenario, where two iPhones share the same Apple ID and are set to sync to Apple’s iCloud, data such as who called and when is stored in a user’s iCloud account. Also synced are logs pertaining to phone calls missed, rejected and the duration of calls, according to a report released Thursday by forensic tool maker Elcomsoft.

That call history data is not available to users of Apple’s iCloud service. However, the call history data is stored within a user’s iCloud account and can be extracted easily by Apple, law enforcement, or a third-party using forensic tools, so long as they have the account’s Apple ID and password.

“Using an iPhone and have an active iCloud account? Your calls will sync with iCloud whether you want it or not. In fact, most users we’ve heard from don’t want this,” Elcomsoft’s Oleg Afonin wrote in a post explaining the research. “Apple has no official way to turn off this behavior other than telling people (to) ‘not use the same Apple ID on different devices,'” he wrote.

He said most iPhone users are aware of iCloud syncing of calendar, photo and app data, but not call history data. The revelation, he suggests, dredges up the privacy debate sparked when Apple went head-to-head against the FBI over access to encrypted data stored on San Bernardino terrorist Syed Farook’s iPhone 5c.

Afonin contends most iPhone users don’t want this data being synced with Apple’s iCloud citing a bevy of confused and grumpy iPhone users complaining in online forums. Afonin said Apple is needlessly risking sensitive call history data to exposure by syncing it to an iCloud account where it is only “loosely protected.”

Apple did not reply to requests by Threatpost for comment.

Afonin asserts Apple’s iCloud storage and call history data is vulnerable to exfiltration using tools such as Elcomsoft’s own branded solution that can be used to find the call logs and extract the data from the iCloud service. “iCloud data (backups, call logs, contacts and so on) is very loosely protected, allowing Apple itself or any third party with access to proper credentials (to) extract this information.”

threatpost_elcomsoft_iphone_call_historyIn one scenario, a third-party could even bypass iCloud two-factor authentication by extracting Apple’s iCloud authentication token and using it access the targeted iCloud account. “The ability to extract call logs from the cloud instead of having to deal with the tough hardware protection of todays’ iPhones can be a blessing for forensic examiners,” Afonin wrote.

He argues the security of iCloud data stands in contrast to device encryption used to protect iOS device and data access. Afonin quotes Apple:

“On devices running iOS 8 and later versions, your personal data is placed under the protection of your passcode. For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.”

The call history syncing issue, according to Afonin, frustrates iPhone users who are confused by the process. “I use my phone for business and we have noticed in the last few days that all of the calls I make and receive are appearing in my wife’s iPhone recent call history? I have hunted high and low in settings on both phones but with no joy,” quotes Afonin from an Apple discussion forum.

Apple, according to Afonin, is well aware of user frustrations; but offers no way to halt call history logging when two iPhones are configured to sync to iCloud and use a shared Apple ID. One fix includes disabling iCloud syncing altogether. However, Afonin points out, that prevents all syncing – including photos, calendar and app data.

“For those who use several iPhone devices in a family, Apple recommends not using the same Apple ID on those devices, recommending Family Sharing instead,” Afonin said.

Apple’s Family Sharing feature allows up to six people to share iTunes and App Store purchases without sharing accounts. Afonin confirmed use of Family Sharing solved the problem, but may be an unsatisfactory solution for some iPhone users that use two phones – one for work and another for personal use.

Suggested articles