Apple's iMessage security is broken, but the iOS 9.3 update will fix it

Apple's iMessage security is broken, but the iOS 9.3 update will fix it

Apple can't catch a break lately! While the Cupertino gang is fussing with the final arrangements in preparation for its upcoming event, iPhones are catching fire or leaking in blurry photos, and the FBI is waiting for it in court tomorrow. Today, the company has another headache to battle. Researchers at Johns Hopkins University said they successfully broke the iPhone's messaging encryption, letting skilled attackers decode intercept users' text, photo, and video communication.

The security flaw has to do with the way iMessage encrypts messages and routes them through Apple’s servers. An attacker would be able to take advantage of it to 'catch' a message and probe the originating device for the encryption key, which could let one decode it and access its iCloud copy. Therefore, a skilled attacker could decrypt text, photos and videos originally sent as secure instant messages.The discovery comes as the U.S. government and Apple engage in a legal battle in which the DOJ demands the company writes a software backdoor to help FBI agents peer into the encrypted contents of the iPhone used by Syed Rizwan Farouk, one of two attackers who were killed by police after the shooting rampage that claimed 14 lives in the 2015 San Bernandino terrorist attack. Computer science professor and research team leader Matthew Green reflected in this context: "Even Apple, with all their skills – and they have terrific cryptographers – wasn't able to quite get this right. So it scares me that we're having this conversation about adding back doors to encryption when we can't even get basic encryption right."

Apple is aware of the researchers' findings and is at work towards a patch that's to be introduced in iOS 9.3. The company said it partially fixed the problem last fall with iOS 9's release, and it will fully address the problem through security improvements. Users are compelled to update their iOS devices to version 9.3, otherwise they remain vulnerable.

Also read:


FEATURED VIDEO

11 Comments

2. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Hmmmm, maybe that MossBerg guy on TheVerge was right and Apple is losing their software edge. There is no end to the security holes and problems with iOS and OSX now. Wonder how long before they're completely crap again?

3. submar

Posts: 713; Member since: Sep 19, 2014

iOS is safe That's a joke.

16. Jairus24

Posts: 49; Member since: Jan 20, 2012

I somehow remember EDI from Mass Effect 2.

5. Wiencon

Posts: 2278; Member since: Aug 06, 2014

iOS 9.3 will be the best OS ever and new iPhone SE will eat all androids and it will be the best phone on market after 6s

13. iushnt

Posts: 3066; Member since: Feb 06, 2013

Hope so

6. Jimrod

Posts: 1605; Member since: Sep 22, 2014

So there is a "potential" for skilled attackers to break the encryption, though only been done in University testing - but it's already been fixed in iOS 9.3 (which many of us are already using as a Beta and will be released this week anyway). So it's not actually a problem.

21. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

Correction: It is known to be "proven" in university testing, not "only" in university testing. There's a difference. You do realize that unless a hacker breaks the code for the notoriety, or were paid for security testing, that they generally don't announce that they've done, right? Or, that a lot of hackers tend to be disenfranchised collegiates? Because it was done, yes it is actually a problem.

10. nodes

Posts: 1152; Member since: Mar 06, 2014

fix one bug, pop other bugs.

11. SIGPRO

Posts: 2810; Member since: Oct 03, 2012

Apple itself is broken and will continue to break mark my words!

14. darkkjedii

Posts: 30836; Member since: Feb 05, 2011

+1 lol.

15. oozz009

Posts: 520; Member since: Jun 22, 2015

Nothing is safe, everything is marketed as being safe.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.