iMessage Encryption Flaw Exposes Photos

NicoleMotta - March 21, 2016 - 12:01 PM

iMessage Encryption Flaw Exposes Photos

According to new reports, researchers from Johns Hopkins University have discovered a flaw in iMessage.

The Washington Post reports that these researchers, including computer science professor Matthew D. Green, discovered a vulnerability in Apple's messaging system that could allow skilled hackers to decrypt and view sent photos and videos, despite Apple's encryption. Green said that he suspected that there could be a bug in iMessage after he read an Apple security guide that detailed the encryption process. He alerted Apple of this potential issue, but after months without a patch, Green assembled his graduate students to prove they could exploit the flaw. The team successfully intercepted files from iPhones not using the latest OS on iMessage by using software that mimicked an Apple server. From there, the encrypted transmission intercepted contained a link to the photo stored in Apple's iCloud server and a 64-digit key to decrypt it. The key's digits were hidden, but the team was able to unlock it by guessing the letters and digits as the phone revealed which digits were correct. They probed the iPhone like this until the entire key was correct.

"Apple works hard to make our software more secure with every release," said Apple in a statement on the report. "We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability. Security requires constant dedication and we're grateful to have a community of developers and researchers who help us stay ahead." Apple said that it has partially fixed the problem with iOS 9 and said that iOS 9.3, set to be released today, will fully address the issue.

Photo: © iStock.
Add comment


Respond to Anonymous User