Apple's iMessage security is broken, but the iOS 9.3 update will fix it
The security flaw has to do with the way iMessage encrypts messages and routes them through Apple’s servers. An attacker would be able to take advantage of it to 'catch' a message and probe the originating device for the encryption key, which could let one decode it and access its iCloud copy. Therefore, a skilled attacker could decrypt text, photos and videos originally sent as secure instant messages.
Even the toughest lock has a master key.The discovery comes as the U.S. government and Apple engage in a legal battle in which the DOJ demands the company writes a software backdoor to help FBI agents peer into the encrypted contents of the iPhone used by Syed Rizwan Farouk, one of two attackers who were killed by police after the shooting rampage that claimed 14 lives in the 2015 San Bernandino terrorist attack. Computer science professor and research team leader Matthew Green reflected in this context: "Even Apple, with all their skills – and they have terrific cryptographers – wasn't able to quite get this right. So it scares me that we're having this conversation about adding back doors to encryption when we can't even get basic encryption right."
Apple is aware of the researchers' findings and is at work towards a patch that's to be introduced in iOS 9.3. The company said it partially fixed the problem last fall with iOS 9's release, and it will fully address the problem through security improvements. Users are compelled to update their iOS devices to version 9.3, otherwise they remain vulnerable.