iMessage Exploit Allows Photo Theft From Apple Devices
Amidst FBI vs. Apple court battle in connection with San Bernardino terrorist attack, a team of security researchers have uncovered vulnerabilities in the company's messaging service.
The messaging service uses encryption during transmission which was overcome by at Johns Hopkins University researchers using an existing vulnerability in iOS. Through the exploit, researchers were able to demonstrate the possibility of image theft during transmission. Apple has partially fixed the flaw and a full fix will be available with release of iOS 9.3 on Monday.
"Even Apple, with all their skills - and they have terrific cryptographers - wasn't able to quite get this right," Matthew D. Green, a computer science professor at the university, told The Washington Post. Green's team has not disclosed details of the exploit but will publish a paper after Apple releases a fix.
"So it scares me that we're having this conversation about adding back doors to encryption when we can't even get basic encryption right," he said referring to the San Bernardino court battle.
The exploit allows hackers to mimic an Apple server and get hold of the decryption key to an image in transmission; the 64-bit key could be systematically guessed through brute-force computing, a task impossible without the exploit that informed researchers when they got each digit right!
"We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability," Apple reportedly said.
Apple is expected to release iOS 9.3 along with an updated OS X at its Monday event. The much anticipated iPhone SE is also expected to be debut. A 4-inch phone with rumored specs of iPhone 6, the device is aimed at fence-sitters averse to large-screen iPhones. Apple is expected to unveil an upgraded iPad and expand its range of color options for Watch.