The logo of the Apple company. (Photo : Getty Images/Peter Macdiarmid)
Researchers from John Hopkins University have found a flaw in the iMessage encryption system by Apple. The new research has revealed that Apple's security is not perfect as the company promised.
The university's team has uncovered a problem in iMessage which is the encrypted messaging platform used on Apple's phones and other gadgets, according to The Salt Lake Tribune. Hackers can take advantage of this flaw under certain circumstances to decrypt some messages.
iMessage's encryption technology was the focus of the team's paper. It discussed the significant weaknesses that can be used by a hacker. It also suggested that the technology should be changed with a better modern mechanism in the long term.
After Apple released a patch that fully fixed the bug, the team's paper was published on March 21, Monday. The team's findings were reported to Apple last year in November.
This discovery is a blow to the government arguments that Apple's encryption technology is impenetrable and impossible for law enforcement to access information. Apple still maintained that iMessage's encryption is still the best and it is the same kind as what is used by the military and banks.
Matthew D. Green, a computer science professor and leader of the research team, suspected that there was a problem in iMessage last year after he read an Apple security guide, according to The Washington Post. The guide described the encryption process and that made him think that it was weak.
A few months passed but the flaw remained which made Green and his graduate students decide to mount an attack to prove that the flaw was present. It only took few months for them to succeed and only targeted phones that were not using the latest operating system on iMessage.
There could be a modified version of the attack that could penetrate later operating systems, according to Green. He added that it would need the hacking skills of a nation-state.
Updating to iOS 9.3 prevented the attack from working, Green advised. Phones and laptops that are not updated will still be vulnerable.
The same flaw could easily have been found by technologists like from the National Security Agency, according to Green. He added that they only need to put resources to come across something like this.
Watch Tim Cook defends Apple's encryption policy video below:
