Flaw in Apple’s iMessage platform allows hackers to access photos and videos with ease
The Apple’s iMessage platform has a serious vulnerability which allows hackers to intercept and see your images and videos. The flaw was discovered by a group of researchers from Johns Hopkins University and affects all versions of iMessage prior to iOS 9. While, if you are using the latest iOS version you are safe enough, the researchers stated that, it wouldn’t take much for a determined hacker develop a modified version for newer OS.
In the research, which was released to The Washington Post, the team demonstrated that while they couldn’t decrypt the text in messages, they were able to intercept images, videos and other files. Professor Matthew D. Green and his team of graduate students mounted an attack to show that they could break the encryption that is meant to protect photos and videos sent on iMessage.
The exploit involves the creation of a software that emulates an Apple server which the hacker can use to intercept files. As the software is a clone of Apple server, hackers can gain full access to the encrypted transmission. In the demonstration by the Professor and his team, they targeted a link to a photo stored on Apple’s iCloud server, along with the 64-digit encryption key required to decrypt the photo.
While the students were unable to see the digits, they simply took to guessing the decryption code by a brute force technique that saw them repeatedly change a digit or a letter of the key before sending it back to the targeted phone. Whenever a correct digit was guessed, the iPhone accepted it.
The researchers said that while it could take humans hundreds of repeated attempts to guess the code, a machine could do it in seconds using brute force. With this key, the research team was able to retrieve the photo from Apple’s server.
Professor Green revealed that a modified version of the exploit would also work on later versions of iOS and warned that a determined hacker could crack the future versions using the same flaw. That said, the flaw in iOS 9.2 will be patched as Apple is releasing the iOS 9.3 today at “Loop you in” keynote.
It is recommended iOS users update to the latest version of iOS, as soon as possible.
The Apple’s iMessage platform has a serious vulnerability which allows hackers to intercept and see your images and videos. The flaw was discovered by a group of researchers from Johns Hopkins University and affects all versions of iMessage prior to iOS 9. While, if you are using the latest iOS version you are safe enough, the researchers stated that, it wouldn’t take much for a determined hacker develop a modified version for newer OS.
In the research, which was released to The Washington Post, the team demonstrated that while they couldn’t decrypt the text in messages, they were able to intercept images, videos and other files. Professor Matthew D. Green and his team of graduate students mounted an attack to show that they could break the encryption that is meant to protect photos and videos sent on iMessage.
The exploit involves the creation of a software that emulates an Apple server which the hacker can use to intercept files. As the software is a clone of Apple server, hackers can gain full access to the encrypted transmission. In the demonstration by the Professor and his team, they targeted a link to a photo stored on Apple’s iCloud server, along with the 64-digit encryption key required to decrypt the photo.
While the students were unable to see the digits, they simply took to guessing the decryption code by a brute force technique that saw them repeatedly change a digit or a letter of the key before sending it back to the targeted phone. Whenever a correct digit was guessed, the iPhone accepted it.
The researchers said that while it could take humans hundreds of repeated attempts to guess the code, a machine could do it in seconds using brute force. With this key, the research team was able to retrieve the photo from Apple’s server.
Professor Green revealed that a modified version of the exploit would also work on later versions of iOS and warned that a determined hacker could crack the future versions using the same flaw. That said, the flaw in iOS 9.2 will be patched as Apple is releasing the iOS 9.3 today at “Loop you in” keynote.
It is recommended iOS users update to the latest version of iOS, as soon as possible.