iPhone settings must be changed now as Apple warns one billion users of privacy risk

Apple’s iPhone carries a major vulnerability that is putting thousands of private messages at risk – users must change their iCloud settings in order to remain secure

More than a billion iPhone users face a huge security risk if they fail to update their iCloud settings immediately, Apple has revealed.

A Forbes investigation has found that private messages sent via iMessage and WhatsApp on the iPhone aren’t secure if you use Apple’s default factory settings—putting you at risk of hackers, scammers, and even the FBI.

Although encrypted messaging apps like iMessage and WhatsApp keep your messages completely secure on your device, a vulnerability in Apple’s iCloud backup system means that your private messages can be accessed outside of the app.

It turns out that Apple stores the encryption keys to your messages in iCloud backups, which undermines the security features that keep apps like iMessage secure in the first place.

In the small print of Apple’s security policy, the company says: “End-to-end encryption protects your iMessage conversations across all your devices so that there’s no way for Apple to read your messages when they’re in transit between devices.”

That means that, while messages are completely secure while they are sent between phones, they aren’t necessarily as private on-device or on the cloud.

Pressure is mounting on Apple to deliver stronger encryption following the leak of FBI documents which show that US intelligence agencies routinely access private data from nine different ‘encrypted’ messaging services.

Notably, the FBI said it can also access some message content: “if target is using an iPhone and iCloud backups enabled, iCloud returns may contain WhatsApp data to include message content.”