A research team from Johns Hopkins University has successfully cracked Apple's iMessage encryption by exploiting a bug that would enable hackers to decode photos and videos sent as secure instant messages. The researchers wrote software to emulate an Apple server, and the encrypted transmission they targeted had a link to a photo stored in Apple's iCloud server and a 64-digit decryption key. The team guessed the digits by changing a digit or a letter in the key and sending it back to the target phone to see what would be accepted, and they repeated this process thousands of times until the key was revealed.
Johns Hopkins professor Matthew D. Green says this breakthrough disproves the notion that strong commercial encryption is hack-proof for either hackers or law enforcement. He also says such methods make court orders compelling companies to create software to open security unnecessary. "It scares me that we're having this conversation about adding backdoors to encryption when we can't even get basic encryption right," Green says. He urges users to update their phones and laptops to iOS 9.3 as a preventive measure.
The American Civil Liberties Union's Christopher Soghoian says the exploit illustrates the danger of companies building their own encryption without independent vetting.
From The Washington Post
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA