Researchers claim to have discovered a crack in iPhone’s encryption

21 Mar 2016

Researchers at John Hopkins University claim to have found a vulnerability in Apple's encryption that lets them intercept iMessage photos and videos

Researchers at John Hopkins University claim to have found a bug in iOS 9.3 that enables them to decrypt media sent across Apple’s iMessage platform.

Apple is currently caught up in a battle against the White House and the FBI over the encryption of the iPhone at the centre of investigations into the San Bernardino killings in California.

Apple has steadfastly refused to compromise the security of encryption on the iPhone because it maintains that once that happens all iPhone users will be at risk of having their privacy compromised.

However, according to the Washington Postresearchers at John Hopkins University have found a bug in the encryption of Apple’s iMessage in iOS 9.3 that would enable a skilled attacker to decrypt photos and videos sent as secure instant messages.

The team, led by computer science expert Matthew Green, developed software that mimicked an Apple server and this gave them the opportunity to intercept iMessage transmissions and target a data packet that contained a link to a photo stored in the Apple iCloud server.

Brute force

The captured data packet also included a 64-digit key required to decrypt the message.

They were then able to use brute force techniques that were eventually accepted by the mobile device.

However, this kind of security weakness – which will be removed by the time iOS 9.3 is fully released later today – would not be enough to enable the FBI to pull data from an iPhone.

But it does indicate that no matter how strong the encryption is, there will always be a weakness somewhere.

iPhone image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years