Researchers, Apple collaborate to fix iMessage security hole with today's release of iOS 9.3A bug has been discovered in Apple's iMessage encryption by security researchers at Johns Hopkins University, who have collaborated with the company to help patch the issue in the upcoming iOS 9.3 software update, set to be released to the public today.
Johns Hopkins will withhold publishing the details of flaw until after iOS 9.3 is released to the public, according to The Washington Post. Researchers claim that the security hole could allow hackers to decrypt photos and videos sent via iMessage.
Apple issued a statement on the team's findings, saying the problem was partially fixed with iOS 9. Today's release of iOS 9.3, expected after the company's "iPhone SE" media event, will apparently fully resolve the issue.
"Apple works hard to make our software more secure with every release," the statement reads. "We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability."
The head of the research team, Matthew D. Green, said the flaw likely wouldn't have helped the FBI in its investigation of the San Bernardino shooter's iPhone 5c. But the team also stands by Apple in its encryption battle with the U.S. government, saying the flaw only serves to highlight the fact that there are other ways the government could break into mobile devices without forcing Apple to make a backdoor.
"Even Apple, with all their skills — and they have terrific cryptographers — wasn't able to quite get this right," Green said. "So it scares me that we're having this conversation about adding back doors to encryption when we can't even get basic encryption right."
Security researchers have repeatedly praised Apple's iMessage protocol for being highly secure, sometimes to the ">chagrin of law enforcement. But the research by Johns Hopkins shows that even the most robust encryption can have serious flaws.
iMessages are encrypted messages that can be sent between Apple devices, including iPhones, iPads and even Macs running the OS X platform. The service launched with iOS 5 back in 2011.
On Topic: Security
- Apple's differential privacy in iOS 10 is opt-in, limited to four use cases
- Inside iOS 10: Apple doubles down on security with cutting edge differential privacy
- No warrant needed to obtain location data held by cellphone carriers, US court rules
- Courts predicted to side with law enforcement on fingerprint warrants for Apple's Touch ID
- US regulators probe Apple, Google, Verizon & others on security patches