Johns Hopkins University cryptographer Matthew Green spotted a potential weakness in iMessage encryption when he read an Apple security guide and mounted a staged attack with his graduate students after alerting the company to the issue.

Every time the researchers guessed one of the key's digits, and sent this to the target phone, the phone accepted any correct digits.

Speaking to the Washington Post about the discovery, Green said the weakness his team of researchers discovered has highlighted that the FBI's call for a backdoor made no sense when it was clear that bugs could already be exploited.

Apple is working on a fix for iMessage after researchers identified a flaw in its encryption system that meant hackers might be able to see your photos.

This type of attack on iMessage will work on all iPhones and iPads that haven been updated to the version 9.3 of the iOS operating system - the latest version, that is. Apple is aware of the bug in iMessage and appreciates that Green and his team brought it to the company's attention.

Apple says it partially fixed the flaw when it released iOS 9, a platform used by half of all active users, and thanked the university team for their research. Online shopping and banking has always been encrypted, but, as the technology has become more widely implemented in popular consumer products, law enforcement has warned that it is getting increasingly hard to gather evidence. The attack took several months. They publish their code and their designs, but the keys, which are generated by the sender and user, remain secret.

CareKit Is Apple's Ambitious New Health Monitoring And Tracking Tool
Willams also introduced a new open-source platform called CareKit , which gives patients the power to manage their own medical conditions and care.

It's the software that's built to be unlockable that has law enforcement anxious. "The funding is well below what it should be but they also don't have the skills", she said.

Susan Landau of Worcester Polytechnic Institute recommends that the government also disclose the bugs to the software's maker.

The "FBI is saying 'If you can get in, you have to let us in, '" said Stewart Baker, a partner in the Washington office of Steptoe & Johnson.

A vulnerability in iOS encryption could allow skilled attackers to intercept iMessages and decrypt iCloud photos.

Apple is fighting the court order on the grounds that it relies on a law, the All Writs Act, that does not give the government the authority to require it to write custom software and violates the company's rights. Apple reportedly does not have the technical capability to provide encrypted iMessage content in real time.

"We have to figure out how to lock the front doors", said a Hopkins researcher. That would allow the Federal Bureau of Investigation to electronically run possible combinations to open the phone without losing data.


SIMILAR ARTICLES

COMMENTS