A SECURITY weak point in Apple’s iPhone technology opens user iMessages up to hackers and unwanted observation.
An estimated 1billion users could be impacted by the flaw, which is a failure in the end-to-end encryption process.
As reported by Forbes, Apple uses end-to-end encryption for iMessage, in an effort to stop hackers from intercepting and reading messages.
However, Apple allows users to backup their data using iCloud.
That includes the encryption keys used for iMessages. A document assembled from the FBI, published earlier this week, details the weakness iCloud backups cause.
“If target uses iCloud backup, the encryption keys should also be provided with [lawful access] content return,” the document reads.
Hackers “can also acquire iMessages from iCloud returns if target has enabled Messages in iCloud.”
Earlier this year, Apple issued an emergency software update following a huge security breach that allowed iPhones to be hacked without any user action.
A malicious spyware, known as Pegasus, was designed by Israeli tech firm NSO Group and could film users through their camera, listen to calls, and even send messages.
Pegasus is known to have targeted both Apple and Android devices and can avoid detection by antivirus software.
The spyware has around since 2016, but a leak in July brought it back into the public spotlight.
Forbes’ cybersecurity expert Zak Doffman has warned of the negatives that come with using iMessage and insisted he can “no longer recommend iMessage as a daily messenger for Apple users.”
Doffman said about the latest hack, “The stark truth is that Apple needs to change its iCloud approach as a matter of urgency, to cease storing encryption keys and to avoid backup up end-to-end encrypted data unless its protection carries over or users have been specifically warned that their privacy is being compromised.”
“This update is now critical,” he wrote.
We pay for your stories!
Do you have a story for The US Sun team?