Researchers find encryption flaw in Apple's iMessage system
Apple partially fixed the issue in iOS 9.0, and will fully patch the flaw with iOS 9.3, expected to ship after the company's “Let us loop you in” media event on Monday, March 21.
What we know right now is that researchers found a way to intercept encrypted photos and video, along with the 64-digit decryption key. Then they used a brute force attack to find the characters in the key, aided by the target iPhone accepting each correct digit or letter, according to the Washington Post.
Addressing the security issue will make it even more difficult for government agencies and hackers to find ways into our iPhones, and likely won't sit well with the U.S. Department of Justice. The DOJ is currently tangled in a fight with Apple over encryption because the company is refusing to comply with a court order to create a less secure version of iOS.
The DOJ and FBI want the security weakened operating system so they can launch a brute force attack on the passcode for the iPhone 5c recovered from Syed Farook after he, and his wife Tashfeen Malik, shot and killed 14 and injured 22 of their San Bernardino County coworkers.
The two were killed in a shootout with police who then recovered his phone. The iPhone had been issued to him the county, although there wasn't any mobile device management system in place to bypass the passcode. Apple helped the FBI recover as much data as possible but refused to write a version of iOS that strips out security measures.
The FBI and Apple are scheduled to appear in court on Tuesday, March 22nd, to defend their positions.
This iMessage security flaw wouldn't have helped the FBI hack into Mr. Farook's encrypted data, and once users update their iPhone, iPad, and iPod touch to iOS 9.3, it won't help any potential hackers, either.