Researchers from Johns Hopkins University have discovered a flaw that allows skilled attackers to intercept and decrypt video and images sent on iMessage. Apple partially fixed the flaw in the latest iOS 9, but the exploit leaves versions prior vulnerable. However, Johns Hopkins professor Matthew D. Green expressed to the Washington Post, that a modified version of the exploit could possibly be developed for iOS 9 versions.
This iMessage vulnerability is not connected with the current court battle Apple is facing with the FBI, as the bureau is attempting to decrypt the entire phone of the San Bernardino shooter, and not just the messages. However, it does disillusion the belief that strong encryption from companies leaves no openings for law enforcement and hackers alike. “Even Apple, with all their skills – and they have terrific cryptographers – wasn’t able to quite get this right,” said Green. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”
Apple issued a statement that read “Apple works hard to make our software more secure with every release. We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability.” The patched iOS 9.3 is scheduled to be released today during Apple’s “Loop You In” event.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.