IMessage_IconA flaw in Apple's encryption systems has been found that enables an attacker to decrypt photos and videos sent over its iMessage instant messenger service.

According to The Washington Post, the security hole in Apple's code was exploited by a group of Johns Hopkins University researchers, led by computer science professor Matthew D. Green.

Green reportedly alerted Apple to the problem last year after he read an Apple security guide describing an encryption process that struck him as weak. When a few months passed and the flaw remained, Green and his graduate students decided to mount an attack to show that they could break the encryption of photos and videos sent over iMessage.

The team succeeded by writing software that mimicked an Apple server and hijacked the encrypted transmission of the targeted phone. The transmission contained a link to a photo stored in Apple’s iCloud server as well as a 64-digit key to decrypt the photo.

While the students could not see the key's digits, they guessed them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. The phone was probed in this way thousands of times until the team guessed the correct key and was able to retrieve the photo from Apple's server.

Apple said that it partially fixed the problem last fall when it released iOS 9, and will fully address the issue through security improvements in iOS 9.3, which is expected to be released this week. The company's statement read:

Apple works hard to make our software more secure with every release. We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability. Security requires constant dedication and we're grateful to have a community of developers and researchers who help us stay ahead.

The news comes amid Apple's ongoing legal battle with the FBI in connection with the iPhone at the center of the San Bernadino shooter investigation. The FBI has requested help from Apple to unlock the phone, but the company has so far refused.

The FBI wants to access data stored on the iPhone in question, whereas the Johns Hopkins research focused on the interception of data transmitted between devices. However, Green believes that his team's work highlights the inherent security risks of the FBI's demands in the California case.

"Even Apple, with all their skills — and they have terrific cryptographers — wasn't able to quite get this right," Green told the newspaper. "So it scares me that we're having this conversation about adding backdoors to encryption when we can't even get basic encryption right."

Apple will face off against the FBI in court on Tuesday, one day after the company's March 21 event that will see the debut of the 4-inch iPhone SE and the 9.7-inch iPad Pro. MacRumors will post a direct link to Apple's media event once it becomes available.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

C DM Avatar
88 months ago
2016: The year of Apple security flaws.
Any year is the year of security flaws in pretty much any OS.
Score: 2 Votes (Like | Disagree)
profets Avatar
88 months ago
Good on Green for pointing this out. If Apple has partially fixed it in 9.0 and fully addressing it with 9.3 I wonder if they did so based on Green notifying them last year.
Score: 2 Votes (Like | Disagree)
Keane16 Avatar
88 months ago
but Apple's selling point has very long been "our walled garden has no security flaws"
No, no it has not. Apple have never said that.

Fanboys, fools and kids on the internet? Yes I've seen them claiming that.

You've got to separate what Apple actually say and what gets posted on the internet.
Score: 2 Votes (Like | Disagree)
Jimmy James Avatar
88 months ago
There's your "back door" FBI.
Score: 1 Votes (Like | Disagree)
d00d Avatar
88 months ago
It looks they are not as terrific as Mr. Green is.
I don't understand why after getting a warning about a security issue Apple always waits until someone actually makes a successful attack.
Successful encryption application is challenging task and often finding the flaw is easier than making the system to begin with.

Regarding disclosure, the current etiquette is to disclose at time of fix rather than announce a list of attack vectors for exploitation. Researchers generally disclose to vendors privately, then publicly sometime later if a response is not received in a timely (somewhat subjective) manner. Apple doesn't always wait until there's a successful attack. Join their security announcements mailing list. Every update they release has a series of vulnerabilities fixed and disclosed. Many (I'd probably characterize it as most) of them have no successful attacks in the wild.
Score: 1 Votes (Like | Disagree)
navaira Avatar
88 months ago
2016: The year of Apple security flaws.
Score: 1 Votes (Like | Disagree)

Popular Stories

iOS 16

Apple Releases iOS 16.1.2 With Carrier Improvements and Crash Detection Optimizations

Wednesday November 30, 2022 10:09 am PST by
Apple today released iOS 16.1.2, another minor bug fix update that comes one week after the release of iOS 16.1.1 and three weeks after the launch of iOS 16.1, an update that added support for iCloud Shared Photo Library, Matter, Live Activities, and more. The iOS 16.1.2 update can be downloaded on eligible iPhones over-the-air by going to Settings > General > Software Update. According...
Emergency SOS via Satellite iPhone YT

Apple's iPhone 14 Emergency SOS via Satellite Feature Saves Stranded Man in Alaska

Thursday December 1, 2022 4:37 pm PST by
With the launch of iOS 16.1, Apple rolled out a Emergency SOS via Satellite, which is designed to allow iPhone 14 owners to contact emergency services using satellite connectivity when no cellular or WiFi connection is available. The feature was put to the test in Alaska today, when a man became stranded in a rural area. In the early hours of the morning on December 1, Alaska State Troopers ...
General iOS 16 Feature Yellow

iOS 16.2 for iPhone Launching This Month With These 8 New Features

Thursday December 1, 2022 8:44 am PST by
Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg's Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far. iOS 16.2 introduces a number of new features, including Apple's new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide...
applefifthavenue

Man Robbed After Buying 300 iPhones From Apple Fifth Avenue

Tuesday November 29, 2022 11:54 am PST by
An unnamed 27-year-old man who purchased 300 iPhones from Apple Fifth Avenue on Monday morning was robbed shortly after leaving the store, according to 1010Wins Radio in New York. He was carrying 300 iPhone 13s in three bags and walking to his car at 1:45 a.m. when another car pulled up next to him. Two men jumped out and demanded that he hand over the bags. Not wanting to hand over 300...
14 vs 16 inch mbp m2 pro and max feature 1

'M2 Max' Geekbench Scores Leak Online, Revealing Rumored Specs and Performance

Wednesday November 30, 2022 2:39 am PST by
Geekbench scores allegedly for the upcoming "M2 Max" chip have surfaced online, offering a closer look at the performance levels and specific details of the forthcoming Apple silicon processor. The Geekbench results, first spotted on Twitter, are for a Mac configuration of with the M2 Max chip, a 12-core CPU, and 96GB of memory. The Mac listed has an identifier "Mac14,6," which could be...
iPad 10 Battery Pull Tabs

iPad 10 Teardown Reveals Why Device Isn't Compatible With Apple Pencil 2

Thursday December 1, 2022 10:48 am PST by
Do-it-yourself repair website iFixit today shared a video teardown of Apple's new 10th-generation iPad, providing a closer look inside the tablet and revealing why the device lacks support for the second-generation Apple Pencil. The teardown reveals the internal layout of the iPad, including its two-cell 7,606 mAh battery, logic board with the A14 Bionic chip, and more. As suspected, the...
Apple Park View

Elon Musk Meets With Apple CEO Tim Cook Amid Claims of Twitter App Store Dispute [Updated]

Wednesday November 30, 2022 12:43 pm PST by
Twitter CEO Elon Musk today met with Apple CEO Tim Cook at the Apple Park campus in Cupertino, California, according to a tweet shared by Musk this afternoon. Musk thanked Cook for taking him around Apple's headquarters, with no mention of what the two might have discussed. The meeting comes just after Musk on Monday claimed that Apple has "mostly stopped" offering ads on Twitter, and that...
eufy camera

Anker's Eufy Cameras Caught Uploading Content to the Cloud Without User Consent [Updated]

Tuesday November 29, 2022 1:01 pm PST by
Anker's popular Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on. The information comes from security consultant Paul Moore, who last week published a video outlining the issue. According to Moore, he purchased a Eufy Doorbell Dual, which was meant to be a device that stored video...
app store awards 2021

Apple Announces 2022 App Store Award Winners, Highlighting Best Apps of the Year

Tuesday November 29, 2022 3:10 am PST by
Apple today announced its 2022 App Store Award winners, highlighting the 16 best apps and games selected by Apple's global App Store editorial team. The top apps were chosen by Apple for their quality, innovative technology, creative design, positive cultural impact, and ability to deliver "exceptional experiences." Apple CEO Tim Cook said: This year's App Store Award winners reimagined...
iOS 16

Apple Still Has These 5 Things to Release Heading Into 2023

Thursday December 1, 2022 7:12 am PST by
The calendar has turned to December and that means Apple has only one month left to fulfill its promises of releasing an Apple Music Classical app and expanding its self-service repair program to Europe before the end of 2022. Delays are always possible, of course, so the plans could be pushed back to 2023. In any case, we have put together a list of five things that Apple still has to release...