Apple iMessage Encryption Flaw Gets A Patch With iOS 9.3

Apple just can't get a break.

On the day of its big event for a smaller iPhone and a new iPad, amid the hailstorm of news regarding Apple's defiance of the government, the Cupertino-based company had another issue to resolve.

No, we're not talking about that random iPhone spontaneously combusting whilst airborne on a major airliner. We're talking about a more serious issue referring to a security hole in Apple's iMessage encryption.

Johns Hopkins University researchers broke news that they've successfully broken the iPhone's messaging encryption over iMessage. The security breach could potentially allow skilled hackers to decode an iPhone user's messages which include texts, photos, and video communications.

Nonetheless, Apple acknowledged the flaw and promsied a fix. The company says it's known about the problem since last fall and has provided a partial fix for the flaw during iOS 9's initial release. A complete solution to the researcher's discovery is now included in the last iOS 9.3 update.

The weakness discovered in iMessage has to do with the way iMessage encrypts a user's messages and how those messages get routed through Apple's servers. An attacker would be able to retrieve one of those messages in rotation, trace it back to the device sending it to dig up the encryption key, and thus decoding the message and all its contents while even gaining access to a copy of it living in Apple's iCloud.

"Even Apple, with all their skills - and they have terrific cryptographers - wasn't able to quite get this right. So it scares me that we're having this conversation about adding back doors to encryption when we can't even get basic encryption right," reveals Matthew Green, the lead researcher in the discovery.

"Description: An issue existed in the parsing of SMS URLs. This issue was addressed through improved URL validation," Apple reveals in its support notes for iOS 9.3 security content.

"Description: A cryptographic issue was addressed by rejecting duplicate messages on the client," adds the company.

Even before the fix, however, the likelihood of this specific flaw in Apple iMessage software would not have helped the FBI and the Department of Justice in finding clues that may or may not be contained in the San Bernardino shooter's iPhone.

It does, however, reveal that no matter how much Apple touts its leading security features and its strong stance on protecting its customer's date, there's always a way to break through Apple's walls.

Photo: Daniel Dudek-Corrigan | Flickr

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics