Guest User

Johns Hopkins researchers discover flaw in Apple iMessage

a guest
Mar 20th, 2016
616
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Johns Hopkins researchers discovered encryption flaw in Apples' iMessage
  2.  
  3. Originally posted on Washington Post but quickly removed. Below is what was discovered using Google's news search preview.
  4. https://www.washingtonpost.com/world/national-security/johns-hopkins-researchers-discovered-encryption-flaw-in-apples-imessage/2016/03/20/a323f9a0-eca7-11e5-a6f3-21ccdbc5f74e_story.html
  5.  
  6. But a group of Johns Hopkins University researchers has found a bug in the company's vaunted encryption, one that would enable a skilled ...
  7.  
  8. Federal investigators have been stymied when trying to intercept iMessage content. Last year, Apple and prosecutors in Baltimore wrangled for months in court over the issue, with the government trying to compel the firm to find ...
  9.  
  10. Apple said it has fixed the problem through security improvements and new protections in its latest operating system, iOS 9.3, which will be released Monday. Green suspected there might be a flaw in iMessage last year after he read an Apple security guide describing the encryption process and it struck him as weak ...
  11.  
  12. When a few months passed and the flaw remained, he and his graduate students decided to mount an attack to show that they could pierce the encryption on photos or videos sent through iMessage.
  13.  
  14. It took a few months, but they succeeded, targeting phones that were not using the latest operating system on iMessage, which launched in 2011
  15.  
  16. Although the students could not see the key's digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and ...
  17.  
  18. Each time they guessed a digit correctly, the phone accepted it. They probed the phone in this way thousands of times. “And we kept doing that,” Green said, “until we had the key.” A modified version of the attack would also work on later operating systems, Green said, adding that it would likely have taken the hacking skills of a nation-state.
  19.  
  20. The encrypted transmission they targeted contained a link to the photo stored in Apple's iCloud server as well as a 64-digit key to decrypt the photo.
  21.  
  22. With the key, the team was able to retrieve the photo from Apple's server
  23.  
  24. The tech company says a fix will be available on Monday.
  25.  
  26. To prevent the attack from working, users should update their devices to iOS 9.3. Otherwise, their phones and laptops could still be vulnerable, Green said. Christopher Soghoian, principal technologist at the American Civil Liberties Union, said that Green's attack highlights the danger of companies building their own encryption without independent review.
  27.  
  28. This specific flaw in Apple's iMessage platform likely would not have helped the FBI pull data from an iPhone recovered in December's San ...
  29.  
  30. Apple's growing arsenal of encryption techniques — shielding data on devices as well as real-time video calls and instant messages — has spurred the U.S .. has left no opening for law enforcement and hackers, said Matthew D. Green, a computer science professor at Johns Hopkins University who led the research team.
  31.  
  32.  
  33. Green said that technologists such as those at the National Security Agency could easily have found the same flaw. “If you put resources into it
  34.  
  35. Cryptographers such as Green say that asking a court to compel a tech company such as Apple to create software to undo a security feature
  36.  
  37. The FBI has said that hacking phones and computers using software bugs is not something it can do easily or at scale. Officials argue it is more ...
  38.  
  39. Also, certain tools might be classified for use by intelligence agencies and not available to criminal investigators. FBI Director James B. Comey ...
RAW Paste Data