Apple iMessage flaw let researchers read users’ iPhone messages, report claims
The problem will be fixed in iOS 9.3, the next version of Apple’s software for iPhones and iPads, which is set to be released very soon
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A flaw in Apple’s iMessage system allowed messages to be intercepted and read, according to a new report.
The encryption technology used to ensure that messages are only read by their sender and intended recipient has been broken into, allowing for the potential diversion of messages, reports the Washington Post.
The researchers said that the weakness could help Apple in its fight against the FBI, over whether or not it should be forced to break into a phone used by one of the San Bernardino shooters. The discovery shows the importance of strong security, the report claims, and researchers said that it should show the importance of encryption measures that not even law enforcement can crack.
“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” said Matthew D Green, a computer science professor at John Hopkins University who led the research. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”
Apple partially fixed the problem with iOS 9, the operating system for iPhones and iPads that was released late last year. But a full fix will be coming imminently, when the company releases the iOS 9.3 update.
The company said that it “appreciate[d]” the work that the Johns Hopkins researchers had done to find the bug. “Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.”
The bug works by allowing a user to create a computer that would pretend to be an Apple server. That computer could keep probing at the phone until it correctly guessed the passcode that is meant to keep the messages safe, and once it did so it was able to see a photo stored on Apple’s iCloud server.
If a user was hit by the problem, there would have been no way of knowing, the researchers said.
The researchers haven’t yet published a paper describing exactly how the problem works, for fear that it would be exploited by malicious users. They will publish that as soon as the flaw is fixed, the Washington Post reported.
The problem was found after Mr Green read a report describing encryption and spotted a potential weakness, according to reports. He alerted the company’s engineers to his concern but the problem went unfixed, which led Mr Green to work with his graduate students to show that he could exploit the flaw himself.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments