Researchers at Johns Hopkins University (JHU), led by Matthew D. Green, have found a bug in Apple’s encryption. It can allow a skilled attacker to decrypt secure photos and videos sent as messages.
The flaw might not have been used by the FBI to recover information on the San Bernardino terrorist’s iPhone, but it proves that encryption isn’t fool proof. Green is a cryptographer and said that a court compelling Apple to undo its own security makes no sense as there are already bugs which can be exploited.
The method requires the data to be in transit, not stored, so it wouldn’t actually help in the case of the San Bernardino shooter’s locked iPhone. By writing software to mimic an Apple server, researchers were able to intercept an encrypted transmission that contained a link to a photo on an iCloud server, as well as a 64-digit key that decrypts it. The key wasn’t visible, but the researchers were able to brute-force each digit. The team notified Apple, who says it partially fixed the flaw in iOS 9, and will release the full fix today in iOS 9.3 Update.
He said, “Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right.” Green’s team of graduate students will publish a paper describing the bug as soon as Apple issues a patch for it. Green said that it’s frightening that “we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”
Post a Comment Blogger Facebook