Apple will fix iMessages issue with iOS 9.3 update; problem allows encryption key to be guessed at by hacker
With encryption being such a hot button topic currently, it has been discovered that researchers at at Johns Hopkins University were able to crack the encryption code used by Apple for iMessages. As it turns out, a flaw in iMessages allowed the code to be broken. But iOS users will be happy to hear that with the iOS 9.3 update, this flaw will be corrected.
Perhaps the FBI should hire the Johns Hopkins team to try and crack the code that prevents them from unlocking the Apple iPhone 5c that was used by deceased terrorist Syded Farook. The government has successfully had a court order issued that complies Apple to unlock the phone. Apple refuses, saying that it needs to develop a unique OS to open the device. Apple argues that once that code is written, if it ends up in the wrong hands, no iPhone on the planet will be secure. Both sides will argue in court tomorrow.
While this exploit would usually allow the hacker to steal encrypted messages, the bug also helps the hacker guess the encryption key. Johns Hopkins researcher Matthew D. Green, who leads the team of researchers that discovered the flaw, originally informed Apple about this issue. He waited for a fix that never came. As a result, he decided to create a proof of concept.
The flaw allows the hacker to guess the encryption code by allowing him/her to change a letter in the key and send it back to the iOS device. If the guess is correct, the device confirms it. This greatly reduces the number of steps and time needed to crack the code.
So now it is just a matter of waiting for iOS 9.3 to be disseminated by Apple, which should happen very soon.
source: WashingtonPost via TheGuardian
However, the encryption used on the iPhone is different than the code used on iMessages. But don't take that comment to mean that the code for iMessages is a weak brew of tea. It still requires a knowledgeable team to pull off the encryption hack. And it employs a man-in-the-middle attack with the iPhone owner fooled into connecting to a phony server instead of the legit one used by Apple for the messaging service.
While this exploit would usually allow the hacker to steal encrypted messages, the bug also helps the hacker guess the encryption key. Johns Hopkins researcher Matthew D. Green, who leads the team of researchers that discovered the flaw, originally informed Apple about this issue. He waited for a fix that never came. As a result, he decided to create a proof of concept.
The flaw allows the hacker to guess the encryption code by allowing him/her to change a letter in the key and send it back to the iOS device. If the guess is correct, the device confirms it. This greatly reduces the number of steps and time needed to crack the code.
"Apple works hard to make our software more secure with every release,” the company said in a statement. “We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability. . . . Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead."-Apple
So now it is just a matter of waiting for iOS 9.3 to be disseminated by Apple, which should happen very soon.
Things that are NOT allowed: