Skip to main content

Apple promises to patch iMessage encryption flaw with iOS 9.3

how to save text messages
Kritchanut/Shutterstock
Although Apple’s encryption standards are quite high, the company’s software is not immune to hacks. Recently, a group of Johns Hopkins University researchers found a flaw in Apple’s iMessage platform that would allow a skilled hacker to decrypt photos and videos.

The flaw stems from the way in which iMessages are encrypted and how they’re then sent through Apple’s servers. Professor Michael Green, a computer scientist at JHU who led the research, told the Washington Post that he first began to suspect issues with the iMessage encryption last year after reading an Apple security guide on the encryption process. To test out his theory, he began poking around with iPhones that were not using the latest operating system on iMessage.

Recommended Videos

“We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability.”

Please enable Javascript to view this content

Green and his colleagues attempted to intercept iMessages by writing software that pretended to be an Apple server. The encrypted transmission the team targeted was photo stored on Apple’s iCloud server and the 64-digit key needed to decrypt the photo. Although the researchers were unable to actually see the key’s digits, they could use a process of trial and error to figure it out. The team changed a single digit or letter in the key and resubmitted it to the target phone. Every time they guessed right, the phone accepted it. After thousands of attempts, they had the complete key.

Once the researchers had the key, they were able to grab the photo directly from Apple’s server in a move that would’ve been totally undetectable by the user. Of course, this hack requires a great deal of skill and dedication, so it’s unlikely that your iMessages are under attack.

Even so, Apple responded quickly to the news, thanking the researchers for alerting the company about the flaw in iMessage.

“Apple works hard to make our software more secure with every release,” the company said in a statement. “We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability … Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.”

Apple promised a full fix with the release of iOS 9.3 on March 21. In order to fully protect iMessages from this hack, Green urges users to update their software as soon as iOS 9.3 comes through.

“It scares me that we’re having this conversation about adding back doors when we can’t even get basic encryption right.”

He also referred to the importance of sealing holes in encrypted products in light of the upcoming Apple vs. FBI court case.

For those who haven’t been following the saga, the case revolves around Apple’s refusal to create a back door for the government and U.S. law enforcement. The back door would allow the FBI to circumvent iOS security features and hack into one of the San Bernardino shooters’ iPhones. Apple argues that creating a back door would be dangerous and open up its devices to greater attacks from hackers. It could also set a dangerous precedent that would allow law enforcement to demand access to any Apple device.

Based on his statements, Green agrees with Apple in the encryption debate. He stated that the iMessage flaw would not have helped the FBI gain access to the shooter’s iPhone and warned that creating unassailable encryption is hard enough without there being a pre-existing back door for hacking into a secure device.

“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” says Professor Michael Green, who led the team responsible for discovering the bug. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”

Green’s team is slated to publish a paper on their findings in the near future.

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
If your iPhone can handle iOS 18.2, it can probably handle iOS 19
An iPhone 15 Pro Max running iOS 18, showing its home screen.

The last few iPhone updates have brought a lot of changes with them. Just take a look at iOS 18.2: It introduced a ton of AI-powered features that had never before been available. If you have an older phone, it's easy to worry that its hardware won't be up to snuff for the next round of updates. For now, you can breathe easy: If your iPhone can handle iOS 18, then it should also work with iOS 19, according to a new leak.

The news comes from the French site iPhoneSoft. Although Apple guarantees five years of support for its devices, some devices get supported for longer periods of time, but this tip suggests that any phone currently capable of downloading and installing iOS 18 will also work with iOS 19, although some features could be limited.

Read more
The next iOS 18 update is on its way. Here’s what we know
The iPhone 16 sitting on top of orange mums.

When iOS 18.2 released just over a week ago, it unlocked a lot of long-awaited features like Image Playground, Visual Intelligence, and improvements to writing tools. Now, it seems like another update could be just around the corner: version 18.2.1.

MacRumors found evidence of the update in their analytic logs, a source that has supposedly revealed quite a few iOS versions before release. Given that this is a minor update, it isn't likely to come with new features or anything groundbreaking. Instead, it will most likely be targeted at bug fixes, although no specific problems have been named. You should expect this update to drop either in late December or early January, but a year-end release is more likely.

Read more
Things still aren’t looking good for Apple’s iOS 19 update
iPhone 16 Pro Max in Desert Titanium.

The latest version of iOS 18.2 rolled out to (most) iPhone users yesterday, and it brought with it a slew of new features that fans have eagerly waited for. These include Visual Intelligence for iPhone 16, Genmoji, and Image Playground. However, this slower rollout of iOS 18 features is having an impact on development times for its next iteration, and that means iOS 19 might be delayed.

There have been whispers of delays before, so this doesn't come as a huge surprise — particularly when you think about how the production flow at Apple usually goes. In a Threads post, Bloomberg's Mark Gurman said: "I continue to hear that the gradual rollout of features across iOS 18 to iOS 18.4 is leading to delays of some features scheduled for iOS 19. That will lead to a long-term rollout of features next cycle as well. Engineers are stuck working on iOS 18 projects when they’d usually already be on to the following OS."

Read more