Ironic Security Hole In iPhone Encryption Found By Researchers In Apple iMessage App

Encryption is a hot topic right now, especially as it pertains to the differences of opinion between Apple and the FBI. In short, the FBI wants the courts to force Apple to assist it with thwarting security measures in place on an iPhone 5c model that belonged that one of the San Bernardino shooters, while Apple is so far refusing to help on the basis that doing so would compromise the security of hundreds of millions of iPhones. Ironically enough, that might already be the case, as researchers at Johns Hopkins University have uncovered a troubling bug in Apple's encryption.

The bug in question is limited to Apple's iMessage platform and doesn't really have any bearing on the FBI's case. However, it's notable for all iPhone owners because until Apple patches the vulnerability, a determined attacker could theoretically intercept and decrypt photos and videos sent as secure messages.

Apple iMessage

"Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right," Matthew D.Green, a computer science professor at Johns Hopkins University who led the team, told The Washington Post. "So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right."

Count Green among those who support Apple's position in not wanting to help the FBI by building what would essentially be a backdoor into the iPhone. As far as Green is concerned, forcing Apple to weaken its security doesn't make sense, especially when vulnerabilities in iOS that can exploited already exist.

Apple iMessage iPhone

Apple is aware of the bug in iMessage and appreciates that Green and his team brought it to the company's attention.

"Security requires constant dedication and we're grateful to have a community of developers and reseachers who help us stay ahead," Apple said.

Apple had addressed part of the vulnerability when it released iOS 9, but there are still ways that a savvy hacker could exploit the bug. If you're running an iOS device, look for an iOS 9.3 update sometime today that purports to fully patch the security hole.

Show comments blog comments powered by Disqus