- Former developer at software company deletes his code to protest its ties to ICE Saturday 4:21 PM
- A mysterious website is doxing Hong Kong protesters and journalists Saturday 1:44 PM
- The best ‘Skyrim’ followers and how to get them Saturday 1:26 PM
- Why Joel Osteen gets cyberbullied every time Houston floods Saturday 12:40 PM
- How to stream Jets vs. Patriots in Week 3 Saturday 12:39 PM
- 10 indie dating simulator games you should be playing Saturday 12:31 PM
- How to stream Packers vs. Broncos in Week 3 Saturday 12:14 PM
- Saudi crown prince’s former adviser suspended from Twitter Saturday 11:57 AM
- How to stream Cowboys vs. Dolphins in Week 3 Saturday 11:57 AM
- YouTuber to pay restitution after a teen fan died copying her video Saturday 10:36 AM
- Antonio Brown sent ‘intimidating’ texts to an accuser, including a pic of her children Saturday 9:38 AM
- Facebook suspended tens of thousands of apps after Cambridge Analytica scandal Saturday 8:24 AM
- How to stream Browns vs. Rams on Sunday Night Football Saturday 6:00 AM
- How to watch ‘NFL Primetime’ on ESPN+ Saturday 5:00 AM
- How to stream Liverpool vs. Chelsea Friday 6:45 PM
Flaw in Apple’s iMessage encryption puts your photos, videos at risk
Encryption researchers at Johns Hopkins say they found a flaw in Apple’s iMessage encryption.
That’s the bad news. The good news is, Apple’s latest version of their operating system, iOS 9.3, which will be released today, patches the bug.
The team of John Hopkins researchers notified Apple of the flaw on Nov. 13, 2015, lead researcher Matthew Green told the Daily Dot via email. “Given the number of devices they support,” said Green, “[the patch] was fairly quick.”
“The fix was somewhat involved and affected more than just iMessage, so it took them some time to work out and test,” co-researcher Ian Miers told the Daily Dot via email.
Miers did not have a list of other Apple services effected by the security flaw, but he noted that the encryption protocol for iMessage is used several other places within Apple’s operating system. Miers said Apple wouldn’t comment on what other applications were effected.
Encryption is a mathematical algorithm that scrambles the contents of computer data so that only someone with the correct key can decrypt and read it. It is use to protect banking transactions, instant messages, Web searches, and in many other areas of technology and the Internet.
“Apple works hard to make our software more secure with every release,” Apple said in a statement to the Washington Post, which first reported the researchers’ findings. “We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability. … Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.”
In a statement to the Post, Green invoked the current high-stakes legal battle between Apple and the Federal Bureau of Investigation, which obtained a court order compelling Apple to create specialized software to bypass security measures on the iPhone of San Bernardino shooter Syed Farook.
“Even Apple, with all their skills—and they have terrific cryptographers—wasn’t able to quite get this right,” Green told the Post. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”
Apple, civil-society groups, and the academic encryption community fear that compelling a software company to introduce a “backdoor” into their encryption or to write and develop software that would circumvent security features on the phone undermines the security and privacy of all iPhone users and could set a dangerous legal precedent.
Apple is fighting the court order on the grounds that it relies on a law, the All Writs Act, that does not give the government the authority to require it to write custom software and violates the company’s rights.
The FBI and the Justice Department originally contended the motion only concerns one phone, but judges from different states have said they would use a victory in order to unlock other iPhone’s currently in the court’s possession.
Green said there may be a bug in Apple’s encryption after reading technical details of the encryption process as described in the Apple security guide.
Apple and the FBI will appear in court to argue the iPhone order on Tuesday, March 22.
Once named one of Forbes’ 20 Under 20 and hired as a staff writer for the Daily Dot when he was still a senior in high school, William Turton is a rising tech reporter focusing on information security, hacking culture, and politics. Since leaving the Daily Dot in April 2016, his work has appeared on Gizmodo, the Outline, and Vice News Tonight on HBO.