Notification Center

This is our new notification center. Inside, you will find updates on the most important things happening right now.

Notifications

Hmm, push notifications seem to be disabled in your browser. You can enable them from the 'Settings' icon in the URL bar of your browser.

www.phonearena.com

Apple will fix iMessages issue with iOS 9.3 update; problem allows encryption key to be guessed at by hacker

6
Apple will fix iMessages issue with iOS 9.3 update; problem allows encryption key to be guessed at
With encryption being such a hot button topic currently, it has been discovered that researchers at at Johns Hopkins University were able to crack the encryption code used by Apple for iMessages. As it turns out, a flaw in iMessages allowed the code to be broken. But iOS users will be happy to hear that with the iOS 9.3 update, this flaw will be corrected.

Perhaps the FBI should hire the Johns Hopkins team to try and crack the code that prevents them from unlocking the Apple iPhone 5c that was used by deceased terrorist Syded Farook. The government has successfully had a court order issued that complies Apple to unlock the phone. Apple refuses, saying that it needs to develop a unique OS to open the device. Apple argues that once that code is written, if it ends up in the wrong hands, no iPhone on the planet will be secure. Both sides will argue in court tomorrow.

However, the encryption used on the iPhone is different than the code used on iMessages. But don't take that comment to mean that the code for iMessages is a weak brew of tea. It still requires a knowledgeable team to pull off the encryption hack. And it employs a man-in-the-middle attack with the iPhone owner fooled into connecting to a phony server instead of the legit one used by Apple for the messaging service.

While this exploit would usually allow the hacker to steal encrypted messages, the bug also helps the hacker guess the encryption key. Johns Hopkins researcher Matthew D. Green, who leads the team of researchers that discovered the flaw, originally informed Apple about this issue. He waited for a fix that never came. As a result, he decided to create a proof of concept.

The flaw allows the hacker to guess the encryption code by allowing him/her to change a letter in the key and send it back to the iOS device. If the guess is correct, the device confirms it. This greatly reduces the number of steps and time needed to crack the code.


So now it is just a matter of waiting for iOS 9.3 to be disseminated by Apple, which should happen very soon.

source: WashingtonPost via TheGuardian

New reasons to get excited every week

Get the most important news, reviews and deals in mobile tech delivered straight to your inbox

FCC OKs Cingular\'s purchase of AT&T Wireless