CHINA TOPIX

11/21/2024 08:00:18 pm

Make CT Your Homepage

Johns Hopkins University Researchers Find Flaw in Apple's iMessage

Johns Hopkins University notified Apple about their findings on the vulnerability of iMessage from encryption.

(Photo : Reuters) Johns Hopkins University notified Apple about their findings on the vulnerability of iMessage from encryption.

A team of security researchers from Johns Hopkins University revealed that they have discovered a way to decode encrypted photos or videos sent using Apple’s iMessage.

Led by science expert Matthew Green, the team discovered a bug in the iPad and iPhone maker's encryption protocols which allowed skilled cyberattackers to compromise iMessage sessions and decrypt content which users believed were sent securely to participants in a conversation. The researchers have developed software which mimicked an Apple server, leading to the discovery of a 64-digit key to decrypt the image. They were able to keep guessing until they hit a combination of digits and letters that would let them download the photo.

Like Us on Facebook

The discovery comes after a broader national discussion about encryption on smartphones and iPhones in particular. The FBI is seeking help to recover data on a phone used by one of the perpetrators of the December 2015 shooting in San Bernardino, California.

iMessage has been an encrypted messaging protocol ever since it was created. When a user sends an iMessage, the device opens a secure connection with Apple’s servers. Messages are encrypted on the phone using a private key, sent to Apple’s servers, and delivered to the recipient. The recipient’s phone then decrypts the message. Meaning, Apple does not have the key to decrypt these messages.

Apple has been notified of the researcher's findings. The Cupertino-based tech giant also mentioned that it partially fixed the problem last fall when it released its iOS 9 and it will fully address the problem through security improvements in its latest operating system iOS 9.3.

“Apple works hard to make our software more secure with every release. We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability. Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead,” the company said in a statement.

If these researchers can hack the Apple’s messaging app, it proves once again that encryption can never be perfect at all. There will always be security holes and hackers to find them, and big software makers like Apple will play catch-up to fix these holes. It is always recommended to download and install patches for various devices.

Real Time Analytics