In 2016, we're busting the myth of Apple's invulnerability to security problems. So far we've talked about the major weakness in Mac security and a way iPhones and iPads are vulnerable to malicious apps. Now there are reports of a new problem.
A year ago, researchers at John Hopkins University noticed a flaw in the way Apple handles encryption for its iMessages. Encryption scrambles the message so hackers who intercept it can't read it. Unfortunately, while Apple made its encryption strong, it has a flaw. That means iMessages containing pictures and videos are vulnerable to being snooped on.
To test their theory, the researchers sent a picture in an iMessage and intercepted it using a specially coded server that mimicked a legitimate Apple server. Then they set about cracking the encryption.
The flaw in the encryption is how it handles wrong guesses. If someone submits the wrong decryption key, the software should just reject it entirely. However, Apple's system accepts individual correct numbers.
That means the team could just start submitting possible characters for the first digit until they hit the right one and then move on to the next digit. Think of it like the safe cracking you see in the movies. And while it took a while, and thousands and thousands of guesses, the team was finally able to break through.
Granted, they were attacking an older version of iMessage. However, they say that newer versions have the same flaw, even though it would take the resources of a nation-state to run the hack. Still, we know of several nation-states that like hacking into citizen's personal lives, so it isn't that far-fetched.
Fortunately, Apple is fixing the problem. It released a partial fix in iOS 9, and the full fix is coming in iOS 9.3, which should be out later today. So, if you're using an Apple gadget you definitely want to update.