iOS 9.3 to Fix Flaw Exposing Encrypted iMessage Photos and Video

| News

Researchers from Johns Hopkins University found a flaw in iMessage's encryption that lets hackers see photos and videos sent through Apple's instant messaging system. Details of the flaw will be coming, but not until after iOS 9.3 is released with a patch for the security weakness.

Researchers find encryption flaw in Apple's iMessage systemResearchers find encryption flaw in Apple's iMessage system

Apple partially fixed the issue in iOS 9.0, and will fully patch the flaw with iOS 9.3, expected to ship after the company's "Let us loop you in" media event on Monday, March 21.

What we know right now is that researchers found a way to intercept encrypted photos and video, along with the 64-digit decryption key. Then they used a brute force attack to find the characters in the key, aided by the target iPhone accepting each correct digit or letter, according to the Washington Post.

Addressing the security issue will make it even more difficult for government agencies and hackers to find ways into our iPhones, and likely won't sit well with the U.S. Department of Justice. The DOJ is currently tangled in a fight with Apple over encryption because the company is refusing to comply with a court order to create a less secure version of iOS.

The DOJ and FBI want the security weakened operating system so they can launch a brute force attack on the passcode for the iPhone 5c recovered from Syed Farook after he, and his wife Tashfeen Malik, shot and killed 14 and injured 22 of their San Bernardino County coworkers.

The two were killed in a shootout with police who then recovered his phone. The iPhone had been issued to him the county, although there wasn't any mobile device management system in place to bypass the passcode. Apple helped the FBI recover as much data as possible but refused to write a version of iOS that strips out security measures.

The FBI and Apple are scheduled to appear in court on Tuesday, March 22nd, to defend their positions.

This iMessage security flaw wouldn't have helped the FBI hack into Mr. Farook's encrypted data, and once users update their iPhone, iPad, and iPod touch to iOS 9.3, it won't help any potential hackers, either.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

There are enough security weaknesses in our personal devices without the government ordering companies to intentionally add more. Good on Johns Hopkins for withholding details of the iMessage encryption weakness from the public and for working with Apple to patch the flaw.

Popular TMO Stories

No Comments

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account