Like us on Facebook “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right”. According to Apple, the bug was fixed on fall of 2015 when the iOS 9 was released, and said it will address the encryption issue through security improvements in the upcoming release of the iOS 9.3 this week.
Advertisement
Following the researchers’ encryption breach, Apple issued a statement saying that the company “works hard” to make its systems “more secure with every release”.
Apple thanked the John Hopkins team for identifying the bug and bringing it to the company’s attention.
This attack may imply that Apple’s encryption is easier to crack than the Federal Bureau of Investigation claims, but it may apply only to secure communications, not to the different kind of encryption used to secure the data stored on an iPhone. If the device were to stay on the compromised network long enough for the attack to be successful, the owner of the device would have no indication that the attack had taken place.
iMessages are encrypted messages that can be sent between Apple devices, including iPhones, iPads and even Macs running the OS X platform. The research team has found a serious security breach as the bug can let users see photo, videos and documents sent using iMessage. Back then BBM offered up encryption as a security measure to prevent messages and emails from being intercepted and read by hackers, but fast forward to today, encryption is pretty much expected of all messaging and email apps/services. Over the course of several months they were able to figure out a method that worked on phones with older operating systems. Phones and laptops that are not updated will still be vulnerable.
Apparently this flaw is rooted in the way iMessage encrypts itself, and how it is sent through Apple’s servers.
“If you put resources into it, you will come across something like this”, he told The Post.
The FBI has said that hacking phones and computers using software bugs is not something it can do easily or at scale.
Advertisement
Law enforcement agencies have been constantly bashing software companies over their use of strong encryption and privacy measure.
