Security of over a billion iPhone owners and users of popular instant messengers is at risk due to a vulnerability in Apple iCloud.
As the Forbes reports, private messages sent via iMessage and WhatsApp on iPhone are not secure when using factory settings.
While encrypted apps like iMessage and WhatsApp keep messages on the device completely safe, a vulnerability in Apple’s iCloud backup system puts them at risk, and unauthorized people can access messages. This is possible as Apple stores message encryption keys in iCloud backups, which undermines the main security features that protect iMessage.
Apple states in its security policies: “End-to-end encryption protects iMessage conversations on all your devices, so Apple cannot read your messages as they are transfered between devices.”
This means that while messages are completely secured in transit between phones, they don’t have to be secured on the device or in the cloud.
Apple has come under a lot of pressure recently after an internal FBI document was released proving that the bureau regularly accesses messages on nine secure messengers, including iMessage and WhatsApp.
To keep their messages safe, users can turn off iCloud backups.
Apple also urgently needs to change its approach to iCloud to stop storing encryption keys and avoid backing up encrypted data.