Latest in Gear

Image credit:

Apple fixing iMessage flaw that lets hackers steal photos

Researchers discovered the hole, but today's release of iOS 9.3 will close it.
Steve Dent, @stevetdent
March 21, 2016
Share
Tweet
Share

Sponsored Links

Apple has put a lot of work into making its phones hard to crack, much to the consternation of US law enforcement officials. It's still not perfect, however, as researchers from John Hopkins University have discovered a flaw that lets attackers intercept and decrypt video and images sent on iMessage. The exploit only works on versions prior to iOS 9, because Apple partially fixed the problem in that version. However, John Hopkins professor Matthew D. Green told the Washington Post that a modified exploit could possibly be developed for iOS 9 versions, provided hackers have skills of a "nation state."

The hack is pretty simple. The team first created software that emulates an Apple server in order to intercept files. iMessage photos and video only use 64-bit encryption and don't lock out invaders after multiple attempts to decrypt. That allowed the researchers to "brute force" video and image files and eventually decrypt them.

The iMessage flaw has nothing to do with the current dispute between the FBI and Apple, because the feds want to decrypt the San Bernardino shooter's entire phone, not just the messages.

The iMessage flaw has nothing to do with the current dispute between the FBI and Apple, because the feds want to decrypt the San Bernardino shooter's entire phone, not just the messages. However, last year Baltimore prosecutors asked Apple to decrypt iMessages from a suspect's phone. At the time, the company said that cracking them would be expensive and harmful to security, so prosecutors eventually dropped the request. However, Green told the Post that government experts could have easily found the flaw, too. "If you put resources into it, you will come across something like this."

Luckily, a fix is coming very soon. Apple has completely closed the hole in iOS 9.3, which is due to be released as part of Apple's big "loop you in" event later today. In a statement, Apple said "we appreciate the team of researchers that identified this bug and brought it to our attention ... security requires constant dedication and we're grateful to have a community of developers and researchers who help us stay ahead." Suffice to say, iOS users should update as soon as possible, especially if you use iMessage a lot.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
The Morning After: iPhone owners can sign up for 'batterygate' settlements

The Morning After: iPhone owners can sign up for 'batterygate' settlements

View
Amazon has eliminated single-use plastic at its Indian fulfilment centers

Amazon has eliminated single-use plastic at its Indian fulfilment centers

View
You can now apply for your $25 iPhone 'batterygate' compensation

You can now apply for your $25 iPhone 'batterygate' compensation

View
Researchers made a medical wearable using a pencil and paper

Researchers made a medical wearable using a pencil and paper

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr