- U.S. gamers create as much carbon dioxide as 5 million cars 4 Years Ago
- Disney+ TV characters like Ms. Marvel will appear in MCU movies 4 Years Ago
- Apple TV+ offers something for younger viewers with ‘Helpsters’ 4 Years Ago
- How to watch ‘The Mandalorian’ 4 Years Ago
- ‘Snoopy in Space’ is a delightful kids show that parents will love too Today 7:08 AM
- How to watch ‘Lady and the Tramp’ Today 7:00 AM
- Netflix’s ‘Let It Snow’ delivers a stocking full of rom-com coal Today 6:41 AM
- Student allegedly posted roommate’s ‘missing’ flyer on Instagram before being charged with her murder Monday 11:45 PM
- Reddit AITA: Man verbally abused partner through cat impersonations Monday 7:18 PM
- Facebook finally lets you kill distracting navigation bar notifications Monday 6:14 PM
- Artist says Thinx underwear campaign ripped off their memes (updated) Monday 5:48 PM
- Google reportedly gathering millions of Americans’ personal health records Monday 5:00 PM
- Trina goes off on Walmart shopper who allegedly called her the ‘N-word’ Monday 4:14 PM
- Bored of Helvetica? iOS users finally have some new font options Monday 4:00 PM
- Amid panic, YouTube says new terms of service won’t impact creators Monday 3:56 PM
Flaw in Apple’s iMessage encryption puts your photos, videos at risk
Encryption researchers at Johns Hopkins say they found a flaw in Apple’s iMessage encryption.
That’s the bad news. The good news is, Apple’s latest version of their operating system, iOS 9.3, which will be released today, patches the bug.
The team of John Hopkins researchers notified Apple of the flaw on Nov. 13, 2015, lead researcher Matthew Green told the Daily Dot via email. “Given the number of devices they support,” said Green, “[the patch] was fairly quick.”
“The fix was somewhat involved and affected more than just iMessage, so it took them some time to work out and test,” co-researcher Ian Miers told the Daily Dot via email.
Miers did not have a list of other Apple services effected by the security flaw, but he noted that the encryption protocol for iMessage is used several other places within Apple’s operating system. Miers said Apple wouldn’t comment on what other applications were effected.
Encryption is a mathematical algorithm that scrambles the contents of computer data so that only someone with the correct key can decrypt and read it. It is use to protect banking transactions, instant messages, Web searches, and in many other areas of technology and the Internet.
“Apple works hard to make our software more secure with every release,” Apple said in a statement to the Washington Post, which first reported the researchers’ findings. “We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability. … Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.”
In a statement to the Post, Green invoked the current high-stakes legal battle between Apple and the Federal Bureau of Investigation, which obtained a court order compelling Apple to create specialized software to bypass security measures on the iPhone of San Bernardino shooter Syed Farook.
“Even Apple, with all their skills—and they have terrific cryptographers—wasn’t able to quite get this right,” Green told the Post. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”
Apple, civil-society groups, and the academic encryption community fear that compelling a software company to introduce a “backdoor” into their encryption or to write and develop software that would circumvent security features on the phone undermines the security and privacy of all iPhone users and could set a dangerous legal precedent.
Apple is fighting the court order on the grounds that it relies on a law, the All Writs Act, that does not give the government the authority to require it to write custom software and violates the company’s rights.
The FBI and the Justice Department originally contended the motion only concerns one phone, but judges from different states have said they would use a victory in order to unlock other iPhone’s currently in the court’s possession.
Green said there may be a bug in Apple’s encryption after reading technical details of the encryption process as described in the Apple security guide.
Apple and the FBI will appear in court to argue the iPhone order on Tuesday, March 22.
Once named one of Forbes’ 20 Under 20 and hired as a staff writer for the Daily Dot when he was still a senior in high school, William Turton is a rising tech reporter focusing on information security, hacking culture, and politics. Since leaving the Daily Dot in April 2016, his work has appeared on Gizmodo, the Outline, and Vice News Tonight on HBO.