While the iMessage has been the mainstay messaging app for many iOS device users, it contains both the benefits and risks that come with strong encryption. In a new research held by a team from John Hopkins University, they’ve shown that Apple’s security isn’t as secure as you, or even the company itself, would have thought.
Security Flaw Found in iMessage
The team from John Hopkins University stated that they have found the bug in the iMessage application. This flaw would allow hackers, under certain circumstances, to decrypt some of the messages found within the device.
The team’s report is extremely critical with regards to the app’s encryption technology as they have cited “significant vulnerabilities that can be exploited by a sophisticated hacker.” Therefore, looking at the problem in the long-term should allow the technology to either be fixed immediately or replaced with a more modern security function. The team’s paper was recently published after the tech giant released a patch after fully fixing the aforementioned bug. However, these findings were first reported to Apple back in November of last year.
Even though the problem has reportedly been fixed, what is more alarming is that this discovery puts a blow to the recent arguments between the government and Apple’s encryption technology. This makes it even more of a challenge for law enforcers to decrypt the stored information within an iOS device, especially when an investigation requires to do so. Apple maintains their stand with regards to the iMessage app and its encryption to be top-of-the-line and that the security is similar to the ones used by the military and banks.
Ian Miers, a computer science doctoral student at John Hopkins in Blatimore, along with one of their paper’s authors, stated, “the main point is that encryption is hard to get right. Imagine the number of things that could go wrong if you have more complicated requirements like a back door.”
Apple has already come under fire for refusing to cooperate with the government to provide a software tool to assist in investigations to crack an encrypted iPhone used by one of the killers in the San Bernardino mass shooting. The firm defended their plight that in doing so would threaten data security for their millions of users just to create what would be a “master key” that can later be duplicated and used against their other phones.
The company had already released a statement recently which states the appreciation about the John Hopkins University team’s efforts in bringing the aforementioned issue to the firm’s attention. The report also notes that some other problems have been identified in the research were fixed with the fall release of the iOS 9.