Apple’s iMessage encryption is ‘weak’, but at least one critical flaw will get iOS 9.3 patch
Tim Cook’s defense against the FBI in the now infamous San Bernardino iPhone 5c unlocking case has been as simple as it was reasonable from the get-go. There’s no way to decrypt just one phone without making sure the resulting “backdoor” wouldn’t be used on many other devices, and causing a precedent for law enforcement to then seek similar “assistance” in less serious investigations feels like a very bad idea.
But while Apple avoided to make this argument for obvious reasons, there’s also the question of whether its encryption methods are truly impenetrable. Some security experts think not, and a skilled group of Johns Hopkins University researchers even managed to put something unrelated but illustrative into practice.
Namely, they found the privacy-protection features of iMessage rather “weak”, and after a few months of diligent work, they cracked the app’s code and intercepted photos sent between iPhones that were technically safeguarded.
Granted, data sent through an instant messenger service isn’t the same as information locally stored on an iDevice. But, as computer science professor and research lead Matthew D. Green puts it, “even Apple, with all their skills – and they have terrific cryptographers – wasn’t able to quite get this right”, with other “basic” areas of encryption probably needing work before “we can have a conversation about adding back doors” to hack-susceptible phones.
Bottom line, nothing’s unbreakable to a computer expert with sufficient time on their hands, the right knowledge and tools. Clearly therefore, the FBI’s beef with Apple is about control and obedience.
As far as this specific iMessage vulnerability goes, there’s only a few more hours to wait for a fix, baked into iOS 9.3 off the bat. One problem down, many still to go.
Source: The Washington Post