Despite Apple’s efforts to offer end-to-end encryption, one billion iPhone users are still at risk of having their private messages leaked due to a critical security flaw. With that, the FBI has detailed a potential weakness found in the Apple iCloud backups that could cause user messages to leak.
Flaw in Apple’s End-to-End Encryption for iMessages
According to the story by The Sun, weak security points in Apple’s sophisticated iPhone technology is opening up the possibility of iMessages users to be accessed by hackers and unwanted observers. With that, an estimated one billion users could potentially be hit by the flaw, which is referred to as a failure in the end-to-end encryption process.
As per an article by Forbes, Apple is using its end-to-end encryption for the company’s proprietary iMessage in an effort to prevent hackers from intercepting or even reading user messages. There is, however, a potential flaw in how Apple allows its users to back up their data through iCloud.
FBI Warns of Weakness Found in iCloud Backups
This includes encryption keys being used for iMessages. With that, a document that the FBI assembled and published earlier this week is detailing weaknesses they found being caused by the iCloud backups.
The document reads that should users choose to enable the iCloud backup, the encryption keys will also be provided to them with lawful access content return. With that, it was stated that hackers could also get iMessages from iCloud returns should their target enable Messages in iCloud.
Why is Pegasus Extremely Dangerous?
Earlier this year, the Cupertino giant issued an emergency software update shortly following a massive security breach which allowed iPhones to be hacked even without any actions by the user. To expand, a malicious spyware known as the Pegasus could use the iPhone’s camera to look at them, listen to the users’ calls, and even send messages.
Pegasus was originally designed by the Israeli tech firm known as the NSO Group. To add, Pegasus is extremely popular due to its attempts targeting both Apple and Android devices while avoiding detection from antivirus software.
Cybersecurity Expert Gives Thoughts on the Matter
The spyware has been around ever since 2016 but a recent leak that happened in July of this year brought Pegasus back into the public spotlight. Zak Doffman, a cybersecurity expert at Forbes, warned of the negatives that might come with using iMessage saying he can “no longer recommend iMessage” as an Apple users’ daily messenger.
Doffman addressed the latest hack saying that the stark truth is that Apple would need to change its iCloud approach as a matter of urgency. This is in order to cease storing encryption keys and to be able to avoid backup end-to-end encrypted data unless the protection carries over or users have been warned that their own privacy is being compromised. To add, Doffman said that the update is now “critical.”
Urian B., Tech Times