Report: iOS 9.3 Fixes iMessage Encryption Bug


If you needed a reason to upgrade to a more current version of iOS, here's one: a group of Johns Hopkins University researchers found a bug that allows an attacker to decrypt photos and videos sent via iMessage on older versions of iOS.

Apple devices running a version of iOS 8 or earlier are most at risk. Apple partially patched the problem with last year's release of iOS 9, a modified exploit could be developed for more up-to-date gadgets. So upgrading to iOS 9.3 when it arrives is a must.

As reported by The Washington Post, researchers wrote software to mimic an Apple server, intercepted files, then "brute forced" their way past an encrypted 64-bit key to nab photos and videos sent via iMessage.

"Apple works hard to make our software more secure with every release. We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability," Apple said in a statement. "Security improvements in iOS 9.0 blocked external attackers from performing the message intercept necessary to perform the attack identified in this report. Further targeted protections have been added in the beta version of iOS 9.3 and will be included in the public release for all users. Security requires constant dedication and we're grateful to have a community of developers and researchers who help us stay ahead."

Apple is expected to release iOS 9.3 at its "Loop You In" event this afternoon. Green urged all iDevice owners to update to iOS 9.3 as soon as possible.

According to the Post, this bug likely would not have been much help to the FBI in its bid to unlock the phone of the San Bernardino shooter. For one thing, Green's team was "focused on intercepting data in transit between devices," the newspaper said, while the feds want to crack a physical phone. But the main point they want to drive home is that cracking Apple's encryption is not impossible.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    7 Ways Cloud Computing Propels IT Security

    A spate of high-profile public and private cloud security breaches is helping to push advancements in security such as encryption.Here's a look at 7 ways the cloud may be the largest driver of IT security today.
  • 5300c769af79e

    Feds Raid Home, Require Residents to Unlock Phones

    California police recently served a warrant that allowed them to require everyone in a residence to unlock mobile devices that were secured with a fingerprint.On May 9, the Department of Justice requested that local law enforcement officers enter a residence in Lancaster and access all smartphones at that location.
  • 5300c769af79e

    This headband promises to zap your cerebellum so you can sleep better, work harder

    The Elf Emmit is the latest wearable to hit crowd-funding website Indiegogo, and it uses low frequency pulses to influence and change your brainwaves, to help you work harder, sleep better, and minimize the stress of everyday life.The Elf Emmit is a subtle headband with an electromagnetic coil inside that’s worn around the back of the head, so it can send electromagnetic pulses right at your cerebellum.
  • 5300c769af79e

    Google Home Adds Support for 34 New Actions, Domino's and Todoist Included

    Today, the device is receiving support for a lot more of them, including Actions to work with 3rd-party services such as Domino’s pizza, WebMD, The Bartender, and many others.” You can even track your order via Google Home with the command “OK Google, talk to Domino’s and track my order.