Researchers at Johns Hopkins University (JHU), led by Matthew D. Green, have found a bug in Apple’s encryption. It can allow a skilled attacker to decrypt secure photos and videos sent as messages.
The flaw might not have been used by the FBI to recover information on the San Bernardino terrorist’s iPhone, but it proves that encryption isn’t fool proof. Green is a cryptographer and said that a court compelling Apple to undo its own security makes no sense as there are already bugs which can be exploited.
The method requires the data to be in transit, not stored, so it wouldn’t actually help in the case of the San Bernardino shooter’s locked iPhone. By writing software to mimic an Apple server, researchers were able to intercept an encrypted transmission that contained a link to a photo on an iCloud server, as well as a 64-digit key that decrypts it. The key wasn’t visible, but the researchers were able to brute-force each digit. The team notified Apple, who says it partially fixed the flaw in iOS 9, and will release the full fix today in iOS 9.3 Update.
He said, “Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right.” Green’s team of graduate students will publish a paper describing the bug as soon as Apple issues a patch for it. Green said that it’s frightening that “we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”
Latest posts by Frederick Damasus (see all)
- Kapersky Lab Discovers Zero-Day Vulnerability Attacks on Asian and African Banks - November 24, 2016
- This South African School is Offering Degree course in Gaming - November 19, 2016
- Paystack introduces online payment for Nigerian merchants with Shopify Accounts. - November 15, 2016
- Samsung’s Exploding Device Problem: The Galaxy Note 7 isn’t Alone as Samsung Recalls its Top-Loading Washers - November 5, 2016
- Kaspersky Lab to improve cybersecurity in Africa, signs MoU with Smart Africa Alliance - October 31, 2016