Encryption has become one of the hottest debates in the tech world at the current moment, as Apple and the FBI are battling in court over access to a criminal’s iPhone. But Apple has received a hit where it didn’t expect: the encryption of its messaging app.
According to researchers from Johns Hopkins University, whose findings were reported by the Washington Post, the iMessage has a severe security vulnerability that could allow hackers to gain access to photos and videos that have been sent between users.
This type of attack on iMessage will work on all iPhones and iPads that haven been updated to the version 9.3 of the iOS operating system – the latest version, that is.
Apple says the problem was “partially” fixed with iOS 9, but researchers believe “an attacker with nation-state resources could adapt the exploit to hit up-to-date devices as well.”
Thankfully, Apple will release today the iOS 9.3, which fixes the problem entirely. So upgrade as quickly as possible, then, and keep safe the pictures you send to your friends. Because the vulnerability won’t be fixed until later today, the researchers haven’t disclosed all the key details for now.
Apple thanked the John Hopkins team for identifying the bug and bringing it to the company’s attention. Thanks to their intervention, your iPhone can once again be safe.
As described in the Washington Post article, the researchers developed software that could mimic an Apple server, which then “methodically guessed the encryption key that protected a certain photo being transmitted.”
Considering the 64-digit key, this is usually an overwhelming task. However, it seems that the system would approve each time the team had correctly guessed a digit, which reduced the time and effort needed to verify different combinations.
While this flaw wouldn’t help in the Apple-FBI case over the San Bernardino shooter’s phone – which deals with bypassing the phone’s login security – the work of the Johns Hopkins researchers suggests using existing flaws to solve the case rather than asking tech firms to be accomplices.
At the same time, the newfound encryption flaw is a perfect reminder how it’s incredibly difficult to create an unhackable security system. However, there is a difference between an accidental and intentional security backdoor.
So shouldn’t we be worried about the conversation of adding backdoors to encryption when even basic encryption can be so easily hacked into?
Image Source: Canal iPhone