Researchers from Johns Hopkins University have found a vulnerability in iMessages that allowed them to decrypt both photos and videos sent via the service. Apple said that iOS 9 provided a partial fix – making the attack method more difficult – while it is fully fixed in iOS 9.3.
The Washington Post reports that the team advised Apple of the flaw, and will publish a paper as soon as iOS 9.3 has been officially released, expected for later today. The team has, however, explained in outline how their attack worked …
To intercept a file, the researchers wrote software to mimic an Apple server. The encrypted transmission they targeted contained a link to the photo stored in Apple’s iCloud server as well as a 64-digit key to decrypt the photo.
Although the students could not see the key’s digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. They probed the phone in this way thousands of times.
“And we kept doing that,” Green said, “until we had the key.”
Computer science professor Matthew D. Green said he suspected there might be a vulnerability in iMessage when he read an Apple security guide to the encryption process, and he’d initially alerted Apple at that time. When the company didn’t fix it, he and a team of students decided to try it in practice. The attack took several months.
Green says that the fact that such weaknesses still exist is support for Apple’s position against the FBI.
Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right. So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.
iOS 9.3 has been in public beta for some time, and is due to be released later today. It runs on all iPhones from the 4s onward, on all iPads since the iPad 2 and on the 5th- and 6-generation iPod Touch.