Apple’s encryption practises have been getting a lot of attention lately for being secure, much to the dismay of the FBI. However, a team of researchers at John Hopkins University have unearthed a security flaw that lets you see photos, videos and files sent using iMessage.
In the research, which was released to The Washington Post, the team demonstrated that while they couldn’t decrypt the text in messages, they were able to intercept images, videos and other files.
It’s worth noting that the security hole is only present in versions older than iOS 9 but as professor Matthew D Green pointed out to the Washington Post, it wouldn’t take much for a determined hacker develop a modified version for newer OS.
How does it work? Well, Apple typically uses a 64-bit encryption key for files so the researchers were able to create a server mimicking Apple’s to gain access to the images, videos and files by attempting various keys. Lucky for them, Apple doesn’t block anyone out after even thousands of attempts to decrypt messages.
While this research won’t help in the case of the FBI wanting to unlock the phone belonging to the San Bernardino shooter, it certainly could have been used in previous cases.
Apple is due to release iOS 9.3 today at its “Loop you in” keynote and so, the hole is set be closed. What it does prove is how important it is to keep your devices up to date since encryption truly is just a game of cat-and-mouse.
➤ Johns Hopkins researchers poke a hole in Apple’s encryption [The Washington Post]