Researchers succeed in decrypting iMessages




A professor from the US Johns Hopkins University has discovered a vulnerability in iOS with students, which encrypted iMessage messages can be decrypted. Apple comes up with a patch in iOS 9.3.

The Washington Post reports the professor Matthew Green had a suspicion that Apple’s iMessage chat app was unsafe after he had read a safety manual for Apple over the encryption process of the software. When response from Apple was forthcoming on his report, he managed a number of students in a few months to break the encryption. For this, the researchers used self-written software, which it mimicked an Apple server. The study iPhones were used not turned the latest version of iOS.

The research team attempted to access an encrypted link to a picture on an iCloud server, which together with the 64-bit key was sent the photo to the decryption to the server. The team could not see the contents of the key, but managed to guess it by repeatedly changing a digit or a letter and send it back to the iPhone. Because the phone accepted the correct numbers or letters, the team knew when it had made a correct guess. By repeating this process thousands of times could finally find the key.

Green says that the attack had been working on newer iOS versions with some changes, but that this would require resources that can deploy only a state power. With a successful attack, it was possible to download the photo or video of the iCloud server without the user should have this in mind.

He adds that the discovered attack probably can not be used by the FBI to the data read out from the iPhone is one of the perpetrators of the attack in San Bernardino in December. The exact description of the attack published by the team of Green when Apple releases a patch for the vulnerability along with iOS 9.3. This update is expected Monday. According to Apple was a partial patch already available when iOS 9 was released. The company recommends users to perform the update to 9.3 on the moment it becomes available.

Green argues that “it scares him that Apple and all its agents failed to apply simple encryption in the right way, especially when there is a debate about backdoors is underway.



In: A Technology & Gadgets Asked By: [20969 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »