The timing couldn’t have been worse for Apple. After getting pwned at Pwn2Own and having to fight a battle to not be forced to unlock an iPhone with the FBI (tune in tomorrow to see how that goes as that’s when Apple faces off with the FBI in court), Apple now has a flaw in the way Apple encrypts iMessage traffic that could allow an extremely skilled attacker to see iMessages. Here’s the details via The Washington Post:
To intercept a file, the researchers wrote software to mimic an Apple server. The encrypted transmission they targeted contained a link to the photo stored in Apple’s iCloud server as well as a 64-digit key to decrypt the photo.
Although the students could not see the key’s digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. They probed the phone in this way thousands of times.
“And we kept doing that,” Green said, “until we had the key.”
Now this attack works in every version of iOS except the upcoming iOS 9.3 which may be released today. Thus you should likely upgrade to iOS 9.3 to mitigate this threat. Plus Apple is already aware of this threat and has been making incremental improvements since iOS 9. Finally, you would have to be a really skilled hacker to leverage this. Thus this is one of those flaws that could have been really bad, but will end up being a footnote in history. But at the same time, it is also one of those flaws that shows that companies like Apple need to be on their toes at all times as everyone and their dog are watching for their mistakes.
Like this:
Like Loading...
Related
This entry was posted on March 21, 2016 at 8:16 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Encryption Flaw Allows Decryption Of iMessages
The timing couldn’t have been worse for Apple. After getting pwned at Pwn2Own and having to fight a battle to not be forced to unlock an iPhone with the FBI (tune in tomorrow to see how that goes as that’s when Apple faces off with the FBI in court), Apple now has a flaw in the way Apple encrypts iMessage traffic that could allow an extremely skilled attacker to see iMessages. Here’s the details via The Washington Post:
To intercept a file, the researchers wrote software to mimic an Apple server. The encrypted transmission they targeted contained a link to the photo stored in Apple’s iCloud server as well as a 64-digit key to decrypt the photo.
Although the students could not see the key’s digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. They probed the phone in this way thousands of times.
“And we kept doing that,” Green said, “until we had the key.”
Now this attack works in every version of iOS except the upcoming iOS 9.3 which may be released today. Thus you should likely upgrade to iOS 9.3 to mitigate this threat. Plus Apple is already aware of this threat and has been making incremental improvements since iOS 9. Finally, you would have to be a really skilled hacker to leverage this. Thus this is one of those flaws that could have been really bad, but will end up being a footnote in history. But at the same time, it is also one of those flaws that shows that companies like Apple need to be on their toes at all times as everyone and their dog are watching for their mistakes.
Share this:
Like this:
Related
This entry was posted on March 21, 2016 at 8:16 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.