Apple fixing iMessage flaw that lets hackers steal photos
Researchers discovered the hole, but today's release of iOS 9.3 will close it.
Apple has put a lot of work into making its phones hard to crack, much to the consternation of US law enforcement officials. It's still not perfect, however, as researchers from John Hopkins University have discovered a flaw that lets attackers intercept and decrypt video and images sent on iMessage. The exploit only works on versions prior to iOS 9, because Apple partially fixed the problem in that version. However, John Hopkins professor Matthew D. Green told the Washington Post that a modified exploit could possibly be developed for iOS 9 versions, provided hackers have skills of a "nation state."
The hack is pretty simple. The team first created software that emulates an Apple server in order to intercept files. iMessage photos and video only use 64-bit encryption and don't lock out invaders after multiple attempts to decrypt. That allowed the researchers to "brute force" video and image files and eventually decrypt them.
The iMessage flaw has nothing to do with the current dispute between the FBI and Apple, because the feds want to decrypt the San Bernardino shooter's entire phone, not just the messages.
The iMessage flaw has nothing to do with the current dispute between the FBI and Apple, because the feds want to decrypt the San Bernardino shooter's entire phone, not just the messages. However, last year Baltimore prosecutors asked Apple to decrypt iMessages from a suspect's phone. At the time, the company said that cracking them would be expensive and harmful to security, so prosecutors eventually dropped the request. However, Green told the Post that government experts could have easily found the flaw, too. "If you put resources into it, you will come across something like this."
Luckily, a fix is coming very soon. Apple has completely closed the hole in iOS 9.3, which is due to be released as part of Apple's big "loop you in" event later today. In a statement, Apple said "we appreciate the team of researchers that identified this bug and brought it to our attention ... security requires constant dedication and we're grateful to have a community of developers and researchers who help us stay ahead." Suffice to say, iOS users should update as soon as possible, especially if you use iMessage a lot.
