iMessage Encryption Cracked by Security Researchers
Apple’s very own messaging service counts as one of the safest alternatives to WhatsApp and other popular messengers, when it comes to encryption, privacy and data safety. Security researchers at the John Hopkins University have now revealed to the Washington Post that this is not the case with respect to some aspects of the protocol. Photos and videos sent via iMessage have been decrypted in attacks exploiting a severe mistake in Apple’s cryptography. But there’s also a good side to this issue.
Decrypted: Photos and videos sent via iMessage
According to an interview in the Washington Post, a team of security researchers successfully compromised Apple’s iMessage security. Usually, iMessages and their attachments are not readable for any third party, which has made the protocol a thorn in the FBI’s and other law enforcement agencies’ side. The government would prefer an official loophole, so that the private communication of iPhone users could be tracked and analyzed easily. Apple sees this as a major breach of trust towards its customers and refrained from adding such measures. This latest security bulletin however punches a hole in Apple’s PR image: Researchers had contacted Cupertino and waited months for a resolution of the glaring security problem, despite notifying Apple of the Exploit.
Professor Matthew D. Green and his team were able to conduct a successful attack on Apple’s iMessage security that was inspired by reading an official iOS security guide about the encryption process and discovering a weakness. The researchers built a tool that mimicked an Apple server and effectively guessed the encryption key via brute force, in thousands of attempts.
Fortunately, Apple has already patched this vulnerability in iOS 9.3, which you can download as of today, for free, via an OTA update or manually in your iDevice’s settings.