Skip to main content

Apple promises to patch iMessage encryption flaw with iOS 9.3

how to save text messages
Although Apple’s encryption standards are quite high, the company’s software is not immune to hacks. Recently, a group of Johns Hopkins University researchers found a flaw in Apple’s iMessage platform that would allow a skilled hacker to decrypt photos and videos.

The flaw stems from the way in which iMessages are encrypted and how they’re then sent through Apple’s servers. Professor Michael Green, a computer scientist at JHU who led the research, told the Washington Post that he first began to suspect issues with the iMessage encryption last year after reading an Apple security guide on the encryption process. To test out his theory, he began poking around with iPhones that were not using the latest operating system on iMessage.

“We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability.”

Green and his colleagues attempted to intercept iMessages by writing software that pretended to be an Apple server. The encrypted transmission the team targeted was photo stored on Apple’s iCloud server and the 64-digit key needed to decrypt the photo. Although the researchers were unable to actually see the key’s digits, they could use a process of trial and error to figure it out. The team changed a single digit or letter in the key and resubmitted it to the target phone. Every time they guessed right, the phone accepted it. After thousands of attempts, they had the complete key.

Once the researchers had the key, they were able to grab the photo directly from Apple’s server in a move that would’ve been totally undetectable by the user. Of course, this hack requires a great deal of skill and dedication, so it’s unlikely that your iMessages are under attack.

Even so, Apple responded quickly to the news, thanking the researchers for alerting the company about the flaw in iMessage.

“Apple works hard to make our software more secure with every release,” the company said in a statement. “We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability … Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.”

Apple promised a full fix with the release of iOS 9.3 on March 21. In order to fully protect iMessages from this hack, Green urges users to update their software as soon as iOS 9.3 comes through.

“It scares me that we’re having this conversation about adding back doors when we can’t even get basic encryption right.”

He also referred to the importance of sealing holes in encrypted products in light of the upcoming Apple vs. FBI court case.

For those who haven’t been following the saga, the case revolves around Apple’s refusal to create a back door for the government and U.S. law enforcement. The back door would allow the FBI to circumvent iOS security features and hack into one of the San Bernardino shooters’ iPhones. Apple argues that creating a back door would be dangerous and open up its devices to greater attacks from hackers. It could also set a dangerous precedent that would allow law enforcement to demand access to any Apple device.

Based on his statements, Green agrees with Apple in the encryption debate. He stated that the iMessage flaw would not have helped the FBI gain access to the shooter’s iPhone and warned that creating unassailable encryption is hard enough without there being a pre-existing back door for hacking into a secure device.

“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” says Professor Michael Green, who led the team responsible for discovering the bug. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”

Green’s team is slated to publish a paper on their findings in the near future.

Editors' Recommendations

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
iOS 17: Apple didn’t add the one feature I’ve been waiting for
Multiwindow on Galaxy S23 Ultra (on left) and multiwindow with popup window on Oppo Find X6 Pro (on right).

Multiwindow on the Samsung Galaxy S23 Ultra (left) and multiwindow with pop-up window on the Oppo Find X6 Pro (right). Prakhar Khanna/Digital Trends

I’m a big-screen phone advocate. While I like the comfort of holding a compact phone (such as the Samsung Galaxy S23 with a 6.1-inch display), I prefer using devices like the Galaxy S23 Ultra, Oppo Find X6 Pro, Xiaomi 13 Pro, and iPhone 14 Pro Max.

Read more
iOS 17 isn’t the iPhone update I was hoping for
iMessage stickers in iOS 17

Apple gave us a jam-packed WWDC 2023 keynote, and it was one of the most significant ones in years. After all, it introduced a brand new product category for Apple with the Vision Pro mixed reality headset. It’s basically as significant as when Steve Jobs revealed the iPhone in 2007, then the iPad in 2010, and when Tim Cook showed off the Apple Watch in 2014.

But the headset isn’t the only thing we got in the WWDC keynote. Since it’s a developer conference, it’s also about the software for all of our devices. This includes iOS 17 for the iPhone, along with iPadOS 17, watchOS 10, and macOS 14 Sonoma.

Read more
iOS 17’s coolest new feature is horrible news for Android users
iOS 17 contact posters

At the end of 2022, Google implored Apple to “get the message” and end the green-versus-blue bubble controversy by adopting RCS messaging. Apple’s response eventually came at WWDC 2023, where it introduced a new iOS 17 feature called Contact Posters, which instead of bringing everyone together, only furthers the us-versus-them split between Android and iOS.

If you thought the green/blue iMessage arguments could get fiery, there’s a lot more to come.
Blue good, green bad

Read more