Apple will fix iMessages issue with iOS 9.3 update; problem allows encryption key to be guessed at by hacker
Perhaps the FBI should hire the Johns Hopkins team to try and crack the code that prevents them from unlocking the Apple iPhone 5c that was used by deceased terrorist Syded Farook. The government has successfully had a court order issued that complies Apple to unlock the phone. Apple refuses, saying that it needs to develop a unique OS to open the device. Apple argues that once that code is written, if it ends up in the wrong hands, no iPhone on the planet will be secure. Both sides will argue in court tomorrow.
However, the encryption used on the iPhone is different than the code used on iMessages. But don't take that comment to mean that the code for iMessages is a weak brew of tea. It still requires a knowledgeable team to pull off the encryption hack. And it employs a man-in-the-middle attack with the iPhone owner fooled into connecting to a phony server instead of the legit one used by Apple for the messaging service.
While this exploit would usually allow the hacker to steal encrypted messages, the bug also helps the hacker guess the encryption key. Johns Hopkins researcher Matthew D. Green, who leads the team of researchers that discovered the flaw, originally informed Apple about this issue. He waited for a fix that never came. As a result, he decided to create a proof of concept.
The flaw allows the hacker to guess the encryption code by allowing him/her to change a letter in the key and send it back to the iOS device. If the guess is correct, the device confirms it. This greatly reduces the number of steps and time needed to crack the code.
So now it is just a matter of waiting for iOS 9.3 to be disseminated by Apple, which should happen very soon.
source: WashingtonPost via TheGuardian