Hole in Apple encryption found by researchers
Attackers are able to intercept and decrypt Apple iMessages via a zero-day vulnerability in iOS encryption.
Attackers are able to intercept and decrypt Apple iMessages via a zero-day vulnerability in iOS encryption, according to a report in The Register. With this capability, they are able to decrypt photos and videos sent as secure instant messages.
Matthew Green, a professor at Johns Hopkins University, along with a team of his students, guessed a key that provided access to encrypted iCloud photos and videos.
The team accessed an Apple server and sent key digit guesses to an iPhone running an old version of iOS which then attested when each key was right, according to The Register. It took the team thousands of tries, but they eventually cracked the key.
As Apple goes up against a court order from the FBI to decrypt an iPhone belonging to Syed Rizwan Farouk, the shooter in San Bernardino, Calif., Green said a court ordering a tech company such as Apple to refashion software to workaround a security implementation makes no sense — particularly when there likely already are vulnerabilities that can be exploited.
“Even Apple, with all their skills...wasn't able to quite get this right,” Green told The Washington Post.
His team announced they would publish a paper explaining the attack once Apple releases a patch. “So it scares me that we're having this conversation about adding back doors to encryption when we can't even get basic encryption right,” Green said.
Lamar Bailey, director of security research and development for cybersecurity company Tripwire, in comments emailed to SCMagazine.com, said, “The use of end-to-end encryption can prevent all users from being exposed when a central server is breached. This forces attackers to target individual end devices making attacks more costly and time consuming."
This incident does have a parallel with the FBI vs. Apple case, Bailey wrote, as many technologists have speculated that the FBI could access the shooter's phone, if they decide to put in the effort. "For example, the secure enclave can be backed up and the CPU serial number read so that the autowipe is bypassed or the encryption can be cracked offline. This is of course undesirable for the FBI as the process takes time and money on a much different scale from what it took when Apple could simply bypass the security measures of phones.”