Researchers Discover Defect in Apple’s iMessage, Decrypt iCloud Photo

Published: 13 April 2016

Researchers discover defect in Apple's iMessage, decrypt iCloud photo

Apple’s iMessage system has a cryptography defect that enabled researchers to decrypt a photo kept in iCloud, the Washington Post reported on Sunday.  The researchers, headed by cryptography pro Matthew D. Green of Johns Hopkins University, wrote software that mimicked an Apple server and then targeted an encrypted photo saved on iCloud when it was sent as a link in a message, the publication reported.  They could have the decryption key by repeatedly thinking each of its 64 digits. When a right digit was figured, the telephone let them know if it was right. Additional technical details weren’t accessible.  Apple’s iMessage program uses end to end encryption, which suggests the company doesn’t store any encryption keys. A susceptibility in iMessage would mean that attackers would have a method to circumvent that security and view private content.  Saving the encryption keys on the devices rather than essential servers is considered a great security practice. But researchers have pointed out weaknesses in Apple’s system and the way it would, in theory, be possible for the company to send copies of iMessages to another party.  The Washington Post report prompted many opinions on Twitter after it was seemingly erroneously posted previously on Sunday but then removed. The report afterward ran only after midnight Monday U.S. East Coast time.  Apple is quoted as saying the defect will soon be patched in iOS 9.3, which is expected for launch Monday. Apple officials could not immediately be reached.

Ian Miers, a computer science doctoral student at Johns Hopkins, wrote on Twitter on Sunday a website post, specialized paper and much more details will likely be published after Apple issues a patch.  “And now you have 14 hours to guess what the attack is,” Miers wrote in a different tweet. “As a hint, no, it’s not a bug in how Apple stores or encrypts attachments.”  The Post reported the vulnerability WOn’t really help the U.S. government unlock the telephone of San Bernardino shot Syed Rizwan Farook.  Apple is in a legal conflict together with the authorities above a court order that needs the company to produce a particular variation of iOS that will enable researchers to attempt to unlock Farook’s telephone.  Farook’s iPhone 5c in question might have a security feature enabled that will ruin a decryption key for its data in the event the passcode is entered 10 times erroneously.  The government needs access to six weeks’ worth of data saved just on the device and wasn’t backed up to Farook’s iCloud account, which Apple turned over to researchers.  Apple panics creating such software will introduce dangers to millions of customers if it was got by other parties.


Product Information Only

This website and its content (including links to other websites) are presented in general form and are provided for informational purposes only. does not sell any products on this site and, to the maximum extent permitted by law, excludes all liability and makes no warranties or representations that the products written about on this site are fit for any particular purpose, or are suitable for any particular use or by any particular person. is not responsible for the practices of owners of other websites and makes no representations or warranties about the products available for sale on those other sites.

Please check product content information carefully before purchasing any product on another site via a link provided on this site or otherwise.