Emerging as a staunch protector of user privacy this year, Apple has exhausted all means to implement better encryption for their iPhones, however, private information can still leak from Apple products.
Backing up iPhone data has never been so easy using Apple's iCloud services. The data can also be used to sync across all Apple devices or to a new iPhone, however, there is an unfortunate consequence for this convenience if the user is unaware their device is synching sensitive information, according to Macworld.
Elcomsoft Phone Password Breaker
Elcomsoft, a Moscow-based digital forensics firm found out that Apple's iPhone and mobile devices regularly and automatically sends all phone user activity to Apple's servers in many instances without user choice or even prompting a notification. This happens if iCloud is enabled, according to Elcomsoft CEO, Vladimir Katalov.
Elcomsoft's Phone Password Breaker (EPPB) is a piece of software the authorities use to tap data from iPhones saved in iCloud, unfortunately, the same software is also being used by unscrupulous individuals to siphon off sensitive materials such as text messages, photos, videos, calendars, email settings, practically all data stored in their victim's iCloud data backups.
The amount of information sent from iPhone and mobile devices is staggering from calls made and received, complete with phone numbers and date and time stamps, including missed and bypassed calls. The data is retained on Apple's iCloud servers for up to four months, reported The Intercept.
What else gets synced?
Facetime also gets synced to iCloud automatically. The practice, Elcomsoft believes, goes back to Apple's iOS 8.2 released in March 2015. With Apple's latest iOS 10, third-party VoIP apps such as Skype, WhatsApp, Viber, and those using Apple CallKit are all logged to the cloud.
But of course, even without EPPB, anyone can access the iPhone and mobile device data if that someone already has or knows of the user's credentials albeit retrieving the information at much slower pace. Downloading large backups with EPPB can take hours but law enforcers or hackers can select which data to download for expediency.
Even if Apple advised its iPhone and mobile device users to pick a unique password and implementing a two-factor authentication and two-step verification, Elcomsoft's tool can access iCloud if they have an authentication token for the account. The use of this tokens bypasses two-factor authentication which would allow anyone access to the iCloud data.