Apple comes Monday night with iOS 9.3, which among other include one or more updates to remove a serious vulnerability that could allow an attacker to decrypt your photos and videos that have been sent as attachments to messages in iMessage.
decryption attachments
There is a group of researchers at Johns Hopkins University, with Professor Matthew D. Green at the helm, who discovered the vulnerability. The details of the vulnerabilities have not yet been made public, but the Washington Post tells Green that researchers managed to intercept files by creating software that mimics an Apple server.
They could then capture a link to an image stored a iCloud server by Apple, and a 64-bit key to decrypt the image.
Certainly, should not students Green have been able to see the digits of the key, so they had to guess each of the digits. But for every key they guessed, they were told about this from the iPhone they tested. Thus, the number of possible combinations they needed to test, greatly reduced.
This experiment was admittedly made with an older version of iOS, but a modified version of the attack to work with newer versions of iOS. It is suggested, however, that this will claimants to resources that only sovereign states usually have access to.
Scary
– Although Apple with all their expertise – and they have some fantastic cryptographers – were not able to do this properly, says Green of the Washington Post.
– So it scares me that we have this discussion about entering backdoors in encryption, we can not even manage to do basic encryption right, says Green.
In a Statements of the US newspaper says Apple that the company appreciates that the group of security researchers have identified the error and the company familiar with it.
More Applications
Ian Miers, a doctoral student who has been involved in the work, writes dog in a twitter message that the attack not only concerns attachments and prejudice more apps than iMessage . It will be necessary for Apple to correct errors in several other apps too, but so far it is not clear what these are.
In another twitter message writes Miers that vulnerability is not related to how Apple stores or encrypts attachments.
More details about the vulnerability and the attack will be made public after the iOS 9.3 has been available.
No comments:
Post a Comment