iphonesecuritystock100625441orig

Researchers break Apple's iMessage encryption, will be fixed in iOS 9.3

The way the FBI tells it, the encryption on Apple’s iOS is so secure, nothing can break it. Well, not so fast. As reported by the Washington Post, researchers at Johns Hopkins University say they’ve found a bug that allows them to break the encryption of iMessages, decoding photos and videos.

The method requires the data to be in transit, not stored, so it wouldn’t actually help in the case of the San Bernardino shooter’s locked iPhone. By writing software to mimic an Apple server, researchers were able to intercept an encrypted transmission that contained a link to a photo on an iCloud server, as well as a 64-digit key that decrypts it. The key wasn’t visible, but the researchers were able to brute-force each digit. The team notified Apple, who says it paritally fixed the flaw in iOS 9, and will release the full fix on Monday in iOS 9.3.

The Johns Hopkins team is led by computer science professor Matthew Green, who says that the government shouldn’t force Apple to intentionally weaken the security of its own software, when the reality is that perfect encryption is incredibly hard if not impossible to achieve. Apple’s job should be plugging holes, not poking new ones.

“Even Apple, with all their skills—and they have terrific cryptographers—wasn’t able to quite get this right,” said Green, whose team of graduate students will publish a paper describing the attack as soon as Apple issues a patch. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”

The researchers’ full paper will be out Monday, once iOS 9.3 is released, and we’ll have more analysis from our “Private I” columnist Glenn Fleishman. Again, users don’t have to do anything but upgrade to be fully protected from this particular flaw. Let’s hope the same is true next time.

IDG Insider

PREVIOUS ARTICLE

« Researchers find flaw in Apple's iMessage, decrypt iCloud photo

NEXT ARTICLE

Near miss between drone and Lufthansa plane fuels demand for regulation »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

Poll

Do you think your smartphone is making you a workaholic?