Apple has acknowledged that its Icloud service is a weak link in its security model, because by design Apple can gain access to encrypted data stored in its customers' accounts, which means that the company can be hacked, coerced or tricked into revealing otherwise secure customer data to law enforcement, spies and criminals.
So it's alarming to learn that Iphones are designed to synch your call history — which includes calls placed over Skype, Whatsapp and Viber — to your Icloud account, even if you have turned this setting off. To make things worse, this synch operation is hidden from you: this data is not visible when you browse your Icloud account, but Apple still has it.
The discovery came from Russian security firm Elcomsoft, who make tools that help law-enforcement, private security and Apple customers gain access to data on Apple devices without the logins and passwords that are normally used to access this data.
Apple has acknowledged that this undocumented, secret synchronization takes place and advises its customers to use two-factor authentication as an additional protective measure, though it's not clear whether this would protect Apple users against secret search warrants served against Apple itself.
Apple has announced plans to redesign Icloud so that customers can opt to keep their data private from the company, but there is no public timeline for this, and as things stand today, Icloud data can be decrypted by Apple.
Chris Soghoian, chief technologist for the American Civil Liberties Union, said he's not surprised that Apple is collecting the information.
"It's arguably not even the worst thing about iCloud," he told The Intercept. "The fact that iCloud backs up what would otherwise be end-to-end encrypted iMessages is far worse in my mind. There are other ways the government can obtain [call logs]. But without the backup of iMessages, there may be no other way for them to get those messages."
Still, he said it's further proof that "iCloud really is the Achilles heel of the privacy of the iPhone platform. The two biggest privacy problems associated with iCloud don't have check boxes [for users to opt out], nor do they require that you opt in either."
IPHONES SECRETLY SEND CALL HISTORY TO APPLE, SECURITY FIRM SAYS
[Kim Zetter/The Intercept]