New iMessage Security Flaw Allows Decrypting Of Media

Apple / Security / Tech
iMessage security flaw

An iMessage security flaw discovered by Johns Hopkins University researchers allows hackers to intercept and decrypt images and video sent via Apple’s iMessage service. Certainly not the kind of news Apple wants reported just hours before a major Apple event. With the expected arrival of the iPhone SE today the news that iMessage has a significant security hole is very relevant to Apple users and our readers. The researchers at Johns Hopkins University were able to write code that masqueraded as an Apple server and intercept the iMessage activity from the targeted device then decrypt the encrypted images and video.

The transmission contained a link to a photo stored in Apple’s iCloud server as well as a 64-digit key to decrypt the photo.

While the students could not see the key’s digits, they guessed them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. The phone was probed in this way thousands of times until the team guessed the correct key and was able to retrieve the photo from Apple’s server.

Though the researchers discovered the iMessage security flaw a few months ago and reported it to Apple, the months passed and the flaw wasn’t fixed so they decided to demonstrate the flaw in action. Apple claims the security flaw was partially fixed with the release of iOS 9 and the flaw will be completely fixed with the release of iOS 9.3.

Apple works hard to make our software more secure with every release. We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability. Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead. -Apple statement-

This encryption hole goes to show that Apple’s strong encryption is indeed fallible, a fact the company would rather not shine a light on. This could actually be an argument Apple could use against the FBI. If Johns Hopkins can find a hole and decrypt encrypted media in iMessage, the FBI could potentially do this on their own.

What do you think of this iMessage security flaw? Let us know in the comments below or on Twitter, Facebook and Google+.

  Source: MacRumors
To Top