Latest in Gear

Image credit:

Apple fixing iMessage flaw that lets hackers steal photos

Researchers discovered the hole, but today's release of iOS 9.3 will close it.
46 Shares
Share
Tweet
Share
Save

Sponsored Links

Apple has put a lot of work into making its phones hard to crack, much to the consternation of US law enforcement officials. It's still not perfect, however, as researchers from John Hopkins University have discovered a flaw that lets attackers intercept and decrypt video and images sent on iMessage. The exploit only works on versions prior to iOS 9, because Apple partially fixed the problem in that version. However, John Hopkins professor Matthew D. Green told the Washington Post that a modified exploit could possibly be developed for iOS 9 versions, provided hackers have skills of a "nation state."

The hack is pretty simple. The team first created software that emulates an Apple server in order to intercept files. iMessage photos and video only use 64-bit encryption and don't lock out invaders after multiple attempts to decrypt. That allowed the researchers to "brute force" video and image files and eventually decrypt them.

The iMessage flaw has nothing to do with the current dispute between the FBI and Apple, because the feds want to decrypt the San Bernardino shooter's entire phone, not just the messages.

The iMessage flaw has nothing to do with the current dispute between the FBI and Apple, because the feds want to decrypt the San Bernardino shooter's entire phone, not just the messages. However, last year Baltimore prosecutors asked Apple to decrypt iMessages from a suspect's phone. At the time, the company said that cracking them would be expensive and harmful to security, so prosecutors eventually dropped the request. However, Green told the Post that government experts could have easily found the flaw, too. "If you put resources into it, you will come across something like this."

Luckily, a fix is coming very soon. Apple has completely closed the hole in iOS 9.3, which is due to be released as part of Apple's big "loop you in" event later today. In a statement, Apple said "we appreciate the team of researchers that identified this bug and brought it to our attention ... security requires constant dedication and we're grateful to have a community of developers and researchers who help us stay ahead." Suffice to say, iOS users should update as soon as possible, especially if you use iMessage a lot.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
46 Shares
Share
Tweet
Share
Save

Popular on Engadget

Behringer clones more well-known synths from Moog and Roland

Behringer clones more well-known synths from Moog and Roland

View
Instagram removes the IGTV button you weren't using

Instagram removes the IGTV button you weren't using

View
Lexus imagines space vehicles for humans on the Moon

Lexus imagines space vehicles for humans on the Moon

View
Boeing finds another software flaw that might delay 737 Max's return

Boeing finds another software flaw that might delay 737 Max's return

View
Law enforcement is using a facial recognition app with huge privacy issues

Law enforcement is using a facial recognition app with huge privacy issues

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr