Hackers at John Hopkins University breached the encryption of Apple’s iMessage feature allowing them to decrypt the contents of iMessage attachments, such as photos and videos
Apple is a company that has maintained and reinforced the statement over and over again that it takes consumer privacy very seriously — This approach is indeed inspiring and admirable. But there are certain loopholes left in Apple’s data encryption mechanisms that point fingers upon the comprehensiveness of the claims made by Apple about the security of its products.
Such as, John Hopkins University’s team of researchers have identified that breaking encryption of iMessages is possible. This means it is also possible to spy upon images and videos that are usually exchanged via messaged by users of iPhones, iPads and Apple Macs.
The team of researchers was headed by Matthew Green, a computer science professor. They managed to intercept messages by creating software that imitated as an Apple server. After that, the team employed a brute-force approach to expose links to seemingly safe images and videos, according to Green’s official blog.
Green told The Washington Post that encrypted transmission that they targeted had a link to the images stored on Apple iCloud server and there was a 64-digit key as well, which could be used to decrypt the image.
“Although the students could not see the key’s digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. They probed the phone in this way thousands of times. And we kept doing that until we had the key,” said Green.
This discovery is somewhat ill-timed since Apple is already engaged in a very public legal battle with the FBI over letting the investigation agency access the data of the iPhone used by San Bernardino attacker.
The vulnerability, explained the team of researchers, affects only the data that is in transit and not on the information stored on a device. However, they are worried that the courts might force tech firms to encourage weaknesses into the security and encryption mechanisms of their products.
Green stated that even with all their skills and terrific cryptographers, Apple couldn’t get the job done perfectly, which scares him about “adding backdoors to encryption when we can’t even get basic encryption right.”
However, Apple has claimed to release iOS 9.3 after fixing the vulnerability. More information about this inherent weakness is supposed to be revealed by researchers afterwards.
Users are urged to update their Apple devices as soon as possible.