The high-profile FBI vs. Apple case is nearing its court date, but if you’ve followed the story closely you probably know everything there is to know about it. In short, the FBI wants Apple to create an iOS backdoor that will let it access data on a locked iPhone 5c that belonged to one of the San Bernardino shooters. Apple, meanwhile, says that taking such a course is very dangerous for the safety of iPhone users and would set a dangerous precedent by opening a door to hackers.
While each side has argued its case in the media over the last few weeks, some intrepid researchers from John Hopkins have found a hole in Apple’s iPhone encryption that can be exploited successfully to retrieve data.
According to The Washington Post, “a skilled attacker” with knowledge of the security issue could decrypt photos and videos sent as secure iMessages that are encrypted by default.
This is precisely the kind of security hole the FBI would love to gain access to, as it could open the contents of encrypted iMessages. In fact, this might be exactly the kind of exploit the NSA already has access to – it may have even found this particular attack.
“If you put resources into it, you will come across something like this,” said Johns Hopkins University computer science professor Matthew D. Green, who explained that technologists such as those at the NSA could easily have found the flaw.
The professor suspected last year that there might be a flaw in iMessage encryption that allows for malicious attacks. He contacted Apple about it, but the flaw remained. A few months later, he and his graduate students decided to do something about it: Mount an attack that shows how to break iPhone encryption on photos or videos sent through iMessage.
Apple has fixed part of the issue with its iOS 9 release, with iOS 9.3, due Monday, expected to completely close the loop.
What Green did was to target phones that were not using the latest operating system on iMessage. The researchers wrote software to mimic an Apple server and then tried to access a photo in an iMessage. The encrypted transmission they targeted contained a link to the image stored in iCloud and the 64-digit key needed to decrypt it.
The researchers would not see the key, but hey kept guessing each digit and sending it back to the target phone. Each time they guessed a digit correctly, the phone accepted it. After thousands of attempts, they found the key, and they were able to retrieve the photo from Apple’s servers. This all happens without the knowledge of the user whose image is stolen in such a manner.
The same kind of attack is apparently possible on iPhones running iOS 9 though it would require the U.S. government’s resources to pull off.