An error in iPhone security has left 'billions' of iMessage users at risk of being hacked.

iPhone security loophole leaves users at risk

iPhone security loophole leaves users at risk

iMessage is Apple’s end-to-end encrypted messaging service which acts as their rival to WhatsApp but users are now thought to be leaving themselves open to observation if they use the default iCloud service to back up their messages.

An document assembled by the FBI explained: "If target uses iCloud backup, the encryption keys should also be provided with [lawful access] content return. Hackers can also acquire iMessages from iCloud returns if target has enabled Messages in iCloud.

Upon reading the report, cyber security expert Zak Doffman branded the encryption service that Apple promises as "pointless" as he explained the

Message is secured by end-to-end encryption, the idea being that the keys to decrypt messages between you and those you message are only shared between you. That stops anyone intercepting your content. But in a bizarre twist, Apple stores a copy of those encryption keys in that iCloud backup, which it can access. That means the end-to-end encryption is actually fairly pointless.

When it comes to security, WhatsApp’s assurances are clear: “We use end-to-end encryption so no one can read or listen to your personal conversations.” Apple’s wording is different—and the nuance is critical. “End-to-end encryption protects your iMessage conversations across all your devices,” it says, “so that there’s no way for Apple to read your messages when they’re in transit between devices.”

The tech expert then went to claim that the "stark truth" is that Apple needs to change its approach, adding that an update is "critical" because privacy has been "compromised."

In an article for Forbes, he wrote: "The stark truth is that Apple needs to change its iCloud approach as a matter of urgency, to cease storing encryption keys and to avoid backup up end-to-end encrypted data unless its protection carries over or users have been specifically warned that their privacy is being compromised. This update is now critical."