Matthew D. Green, computer science professor at Johns Hopkins University, said the flaw in Apple’s iMessage platform questions the safety provided by the commercial encryption, which leaves an opening for hackers and law enforcement.
The research team wrote a software to simulate an Apple server, in order to intercept a file. The encrypted transmission targeted a link to the photo stored in Apple’s iCloud server and a 64-digit key to decrypt the photo. They guessed the key’s digits after a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Every time they guessed a digit correctly, the phone accepted it. Lastly, they broke the code, so they could retrieve the photo.
Apple appreciates the results provided by Johns Hopkins research team, saying that this is an opportunity to strengthen their software. The company states the issue was partially fixed last fall when iOS 9 operating system was released, and it will address the security improvements in its latest operating system, iOS 9.3, released on 21 March.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now