A vulnerability in iOS encryption could allow skilled attackers to intercept iMessages and decrypt iCloud photos. Researchers told The Washington Post the flaw could be exploited “to decrypt photos and videos sent as secure messages” via the iMessage service.
While most people probably didn’t read Apple’s security guide which described its encryption process, cryptography expert and Johns Hopkins University professor Matthew Green did. It sounded “weak” to him; Green suspected there was a flaw in iMessage and brought the issue to Apple’s attention. Yet when nothing was done about it for several months, Green and his team set out to exploit the flaw.
The researchers developed software to mimic an Apple server and set about intercepting an encrypted photo stored on Apple’s iCloud when it was sent as a link via iMessage. The link to the photo included a 64-digit key to decrypt it, but they could not see the digits. It took a few months of brute forcing, but each time they got a digit right, the phone would accept it. Thousands of attempts later, the researchers had the correct 64-digit key to decrypt the photo.
There is nothing about the attack that would alert a user if he or she was targeted. Apple told The Post the flaw was partially patched in iOS 9. Yet devices will be vulnerable unless they are updated to iOS 9.3 which will be released today.
A more technically detailed explanation of the attack is being withheld by Green and his team until after Apple releases the patch. Green told The Post:
Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right. So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.
“A modified version of the attack would work on later operating systems,” Green explained, but since it’s not a simple hack, he suspects it would mainly be exploited by skilled nation-state attackers.
While the iMessage vulnerability would not have helped the FBI decrypt the San Bernardino shooter’s phone, Green told The Post that it wouldn’t be hard for the NSA to have found this flaw. “If you put resources into it, you will come across something like this,” he said.
However, Green also noted that law enforcement could use the flaw to obtain and decrypt photos and videos sent via iMessage.
If you don’t use iMessage very much that doesn’t necessarily mean your device is safe. It’s interesting to note that Ian Miers, one of the researchers on Green’s team, warned that the attack affects more than just iMessage. He tweeted:
You should update your iOS device to iOS 9.3 ASAP.