Apple will fix iMessages issue with iOS 9.3 update; problem allows encryption key to be guessed at by hacker

Apple will fix iMessages issue with iOS 9.3 update; problem allows encryption key to be guessed at by hacker
With encryption being such a hot button topic currently, it has been discovered that researchers at at Johns Hopkins University were able to crack the encryption code used by Apple for iMessages. As it turns out, a flaw in iMessages allowed the code to be broken. But iOS users will be happy to hear that with the iOS 9.3 update, this flaw will be corrected.

Perhaps the FBI should hire the Johns Hopkins team to try and crack the code that prevents them from unlocking the Apple iPhone 5c that was used by deceased terrorist Syded Farook. The government has successfully had a court order issued that complies Apple to unlock the phone. Apple refuses, saying that it needs to develop a unique OS to open the device. Apple argues that once that code is written, if it ends up in the wrong hands, no iPhone on the planet will be secure. Both sides will argue in court tomorrow.

However, the encryption used on the iPhone is different than the code used on iMessages. But don't take that comment to mean that the code for iMessages is a weak brew of tea. It still requires a knowledgeable team to pull off the encryption hack. And it employs a man-in-the-middle attack with the iPhone owner fooled into connecting to a phony server instead of the legit one used by Apple for the messaging service.

While this exploit would usually allow the hacker to steal encrypted messages, the bug also helps the hacker guess the encryption key. Johns Hopkins researcher Matthew D. Green, who leads the team of researchers that discovered the flaw, originally informed Apple about this issue. He waited for a fix that never came. As a result, he decided to create a proof of concept.

The flaw allows the hacker to guess the encryption code by allowing him/her to change a letter in the key and send it back to the iOS device. If the guess is correct, the device confirms it. This greatly reduces the number of steps and time needed to crack the code.


So now it is just a matter of waiting for iOS 9.3 to be disseminated by Apple, which should happen very soon.

source: WashingtonPost via TheGuardian

FEATURED VIDEO

6 Comments

1. Adreno

Posts: 755; Member since: Mar 12, 2016

"Perhaps the FBI should hire the Johns Hopkins team to try and crack the code that prevents them from unlocking the iPhone 5c that was used by deceased terrorist Syed Farook" That's not going to be possible or easy. iMessage's encryption algorithm has sub differences versus the one in the iPhone-locking technique. AES-256 has sub-codings which varies from one element to another. There is no universal technique to decrypt all contents from different elements even if they're all locked by AES-256 encryption coding. The Johns Hopkins team will have to work their asses off for a long time to unlock it using the incompatible technique they used in finding a flaw in iMessage. :D

2. S-R-K

Posts: 304; Member since: Mar 15, 2016

No need for all this. The Fbi and government will make sure Apple complies, or else get heavily fined or take down Apple completely. Lmao.

4. Adreno

Posts: 755; Member since: Mar 12, 2016

They might heavily fine Apple. But they can't take down Apple, because of Apple's influental position in the US's economy. Apple is the richest US company ever in history.

6. AlikMalix unregistered

I have a feeling that the government will in future get Apple to comply. Government will keep playing dirty tricks, reversing patent cases, raising/crating certain regulations, make it difficult for apps to do business until they get what they want!!! Government long forgotten that they're elected by the people to work for the country - not have country work for them. They have more resources than Apple to keep pushing this.

3. Unordinary unregistered

Just discovered. Just fixed. Love it

5. AlikMalix unregistered

Beauty of iOS!

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.