IMessage_IconA flaw in Apple's encryption systems has been found that enables an attacker to decrypt photos and videos sent over its iMessage instant messenger service.

According to The Washington Post, the security hole in Apple's code was exploited by a group of Johns Hopkins University researchers, led by computer science professor Matthew D. Green.

Green reportedly alerted Apple to the problem last year after he read an Apple security guide describing an encryption process that struck him as weak. When a few months passed and the flaw remained, Green and his graduate students decided to mount an attack to show that they could break the encryption of photos and videos sent over iMessage.

The team succeeded by writing software that mimicked an Apple server and hijacked the encrypted transmission of the targeted phone. The transmission contained a link to a photo stored in Apple’s iCloud server as well as a 64-digit key to decrypt the photo.

While the students could not see the key's digits, they guessed them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. The phone was probed in this way thousands of times until the team guessed the correct key and was able to retrieve the photo from Apple's server.

Apple said that it partially fixed the problem last fall when it released iOS 9, and will fully address the issue through security improvements in iOS 9.3, which is expected to be released this week. The company's statement read:

Apple works hard to make our software more secure with every release. We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability. Security requires constant dedication and we're grateful to have a community of developers and researchers who help us stay ahead.

The news comes amid Apple's ongoing legal battle with the FBI in connection with the iPhone at the center of the San Bernadino shooter investigation. The FBI has requested help from Apple to unlock the phone, but the company has so far refused.

The FBI wants to access data stored on the iPhone in question, whereas the Johns Hopkins research focused on the interception of data transmitted between devices. However, Green believes that his team's work highlights the inherent security risks of the FBI's demands in the California case.

"Even Apple, with all their skills — and they have terrific cryptographers — wasn't able to quite get this right," Green told the newspaper. "So it scares me that we're having this conversation about adding backdoors to encryption when we can't even get basic encryption right."

Apple will face off against the FBI in court on Tuesday, one day after the company's March 21 event that will see the debut of the 4-inch iPhone SE and the 9.7-inch iPad Pro. MacRumors will post a direct link to Apple's media event once it becomes available.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

C DM Avatar
85 months ago
2016: The year of Apple security flaws.
Any year is the year of security flaws in pretty much any OS.
Score: 2 Votes (Like | Disagree)
profets Avatar
85 months ago
Good on Green for pointing this out. If Apple has partially fixed it in 9.0 and fully addressing it with 9.3 I wonder if they did so based on Green notifying them last year.
Score: 2 Votes (Like | Disagree)
Keane16 Avatar
85 months ago
but Apple's selling point has very long been "our walled garden has no security flaws"
No, no it has not. Apple have never said that.

Fanboys, fools and kids on the internet? Yes I've seen them claiming that.

You've got to separate what Apple actually say and what gets posted on the internet.
Score: 2 Votes (Like | Disagree)
Jimmy James Avatar
85 months ago
There's your "back door" FBI.
Score: 1 Votes (Like | Disagree)
d00d Avatar
85 months ago
It looks they are not as terrific as Mr. Green is.
I don't understand why after getting a warning about a security issue Apple always waits until someone actually makes a successful attack.
Successful encryption application is challenging task and often finding the flaw is easier than making the system to begin with.

Regarding disclosure, the current etiquette is to disclose at time of fix rather than announce a list of attack vectors for exploitation. Researchers generally disclose to vendors privately, then publicly sometime later if a response is not received in a timely (somewhat subjective) manner. Apple doesn't always wait until there's a successful attack. Join their security announcements mailing list. Every update they release has a series of vulnerabilities fixed and disclosed. Many (I'd probably characterize it as most) of them have no successful attacks in the wild.
Score: 1 Votes (Like | Disagree)
navaira Avatar
85 months ago
2016: The year of Apple security flaws.
Score: 1 Votes (Like | Disagree)

Popular Stories

iOS 16

Apple Releases iOS 16.0.2 With Bug Fixes for iPhone 14 Pro Camera Vibration, Copy/Paste Issue and More

Thursday September 22, 2022 1:04 pm PDT by
Apple today released iOS 16.0.2, addressing a number of bugs that iPhone 14 owners have been experiencing since the new devices launched. iOS 16.0.2 comes two weeks after the launch of iOS 16, and it follows iOS 16.0.1, an update made available to iPhone 14 owners on launch day. The update is available for all iPhones that are capable of running iOS 16. The iOS 16.0.2 update can be...
maxresdefault

Video Review: Four Days With the iPhone 14 Pro Max

Wednesday September 21, 2022 7:49 am PDT by
Apple on Friday released the new iPhone 14 models, and MacRumors videographer Dan picked one up on launch day. He's been using the iPhone 14 Pro Max non-stop since it came out, and over on the MacRumors YouTube channel, has shared his initial thoughts on the day-to-day experience with the latest iPhone. Subscribe to the MacRumors YouTube channel for more videos. Dan's mini review highlights...
iPad Pro Big Ol Logo

Five Features Rumored for the New iPad Pro Expected Next Month

Wednesday September 21, 2022 1:36 am PDT by
Rumors suggest Apple will announce new 11-inch and 12.9-inch iPad Pro models as soon as next month. The new iPads will be the first update to the iPad Pro series since April 2021 and will be an overall incremental upgrade that brings new capabilities and functionality to the highest-end iPad. According to reports, Apple is planning an event for October to announce the new iPad Pro models, a...
ios 16 lock screen feature

Some iOS 16 Users Complain About Slow Spotlight Search and Battery Drain

Wednesday September 21, 2022 4:25 am PDT by
It's been nine days since Apple released iOS 16 to the public, bringing major changes to the Lock Screen, Messages, Maps, and more. In the days following the release, some users have encountered several issues on their iPhones, ranging from slow system performance to battery drain. In the past few days, iPhone 14 Pro users have shared specific bugs related to Apple's latest high-end iPhones, ...
Dynamic Island For Android Users Feature

Android App Copying iPhone 14 Pro's Dynamic Island Released on Play Store

Thursday September 22, 2022 7:57 am PDT by
A copycat version of the iPhone 14 Pro's Dynamic Island has arrived on Android's Google Play Store in the form of an app called "dynamicSpot." The app, still in beta, offers customers several different experiences at the top of their smartphones. In its current form, dynamicSpot offers playback control for songs, timers, battery status, and more features coming soon, according to the app's...
facebook meta

Meta Sued Over Tracking iPhone Users Despite Apple's Privacy Features

Thursday September 22, 2022 5:12 am PDT by
Meta is facing a new proposed class action lawsuit that accuses it of tracking and collecting the personal data of iPhone users, despite features and policies made by Apple which are meant to stop that same type of tracking. In August, it was revealed that with the Facebook and Instagram apps, Meta can track all of a user's key taps, keyboard inputs, and more, when using the in-app browser....
apple watch ultra reddit 1

Lucky Customer Gets New Apple Watch Ultra Two Days Early

Wednesday September 21, 2022 2:03 pm PDT by
With millions of devices shipping out to customers with every Apple launch, there's occasionally someone who gets lucky and gets a new product ahead of schedule. This time around, Redditor playalisticadillac received an Apple Watch Ultra from AT&T two days before the official debut, sharing some images on the social media site. The images include an unboxing and comparisons to the...
new airpods pro ear tips

Apple Explains Why Second-Generation AirPods Pro Ear Tips Are Incompatible With Original AirPods Pro

Thursday September 22, 2022 3:12 pm PDT by
Apple today explained why the new silicone ear tips for the second-generation AirPods Pro are not officially compatible with the original AirPods Pro. In an updated support document, Apple said the original AirPods Pro ear tips have "noticeably denser mesh" than the second-generation ear tips. Apple did not provide any additional details, but the mesh density could result in acoustical...