Skip to main content

Apple promises to patch iMessage encryption flaw with iOS 9.3

how to save text messages
Kritchanut/Shutterstock
Although Apple’s encryption standards are quite high, the company’s software is not immune to hacks. Recently, a group of Johns Hopkins University researchers found a flaw in Apple’s iMessage platform that would allow a skilled hacker to decrypt photos and videos.

The flaw stems from the way in which iMessages are encrypted and how they’re then sent through Apple’s servers. Professor Michael Green, a computer scientist at JHU who led the research, told the Washington Post that he first began to suspect issues with the iMessage encryption last year after reading an Apple security guide on the encryption process. To test out his theory, he began poking around with iPhones that were not using the latest operating system on iMessage.

Recommended Videos

“We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability.”

Please enable Javascript to view this content

Green and his colleagues attempted to intercept iMessages by writing software that pretended to be an Apple server. The encrypted transmission the team targeted was photo stored on Apple’s iCloud server and the 64-digit key needed to decrypt the photo. Although the researchers were unable to actually see the key’s digits, they could use a process of trial and error to figure it out. The team changed a single digit or letter in the key and resubmitted it to the target phone. Every time they guessed right, the phone accepted it. After thousands of attempts, they had the complete key.

Once the researchers had the key, they were able to grab the photo directly from Apple’s server in a move that would’ve been totally undetectable by the user. Of course, this hack requires a great deal of skill and dedication, so it’s unlikely that your iMessages are under attack.

Even so, Apple responded quickly to the news, thanking the researchers for alerting the company about the flaw in iMessage.

“Apple works hard to make our software more secure with every release,” the company said in a statement. “We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability … Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.”

Apple promised a full fix with the release of iOS 9.3 on March 21. In order to fully protect iMessages from this hack, Green urges users to update their software as soon as iOS 9.3 comes through.

“It scares me that we’re having this conversation about adding back doors when we can’t even get basic encryption right.”

He also referred to the importance of sealing holes in encrypted products in light of the upcoming Apple vs. FBI court case.

For those who haven’t been following the saga, the case revolves around Apple’s refusal to create a back door for the government and U.S. law enforcement. The back door would allow the FBI to circumvent iOS security features and hack into one of the San Bernardino shooters’ iPhones. Apple argues that creating a back door would be dangerous and open up its devices to greater attacks from hackers. It could also set a dangerous precedent that would allow law enforcement to demand access to any Apple device.

Based on his statements, Green agrees with Apple in the encryption debate. He stated that the iMessage flaw would not have helped the FBI gain access to the shooter’s iPhone and warned that creating unassailable encryption is hard enough without there being a pre-existing back door for hacking into a secure device.

“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” says Professor Michael Green, who led the team responsible for discovering the bug. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”

Green’s team is slated to publish a paper on their findings in the near future.

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
A hidden iOS 18.1 upgrade made it harder to extract data from iPhones
A person holding the Apple iPhone 16 Plus.

Apple Intelligence was the most notable upgrade that arrived on iPhones with the iOS 18 series of updates. But it seems Apple reinforced the security protocols in the background that could prevent bad actors from gaining unauthorized access to iPhones that haven’t been unlocked in a while by their legitimate owner.

Earlier this month, 404Media reported that law enforcement officials are troubled by iPhones that are mysteriously rebooting. Citing a report courtesy of officials in Michigan, the outlet notes that the reboots are hampering the ability to access what’s stored on the phones through brute-force unlock methods.

Read more
Apple quietly nixed this Apple Intelligence feature from iOS 18.2
Image Playground on iPad.

One of the most highly anticipated features of Apple Intelligence, Image Playground, has finally launched in the iOS 18.2 developer and public betas. This artificial intelligence tool, announced in June, enables users to create cartoon-like images from text descriptions. Unfortunately, at least in the beta version, one of Image Playground's announced features is missing.

As first noted on X (formerly Twitter) by @nicolas09f9 (via MacRumors), Image Playground was once expected to feature three design styles: Animation, Illustration, and Sketch. For whatever reason, the latter isn't a choice in the beta.

Read more
iOS 18.2 may make charging your iPhone even easier. Here’s how
A close-up view of the App Library page on the iPhone 16.

We've all been in a situation where we need to charge our phone quickly, but it can be hard to gauge just how much time it needs to spend on the charger before it gets a usable amount of juice. A feature coming to iOS 18.2 will tell you how much more time your phone needs, although we aren't quite sure yet when it will be released.

On Monday, iOS 18.2 beta 2 was released to developers. 9to5Mac spotted the codebase for this feature in their breakdown, stating that it will calculate the amount of time needed to reach a certain charge threshold based on how powerful the charger is. The framework was dubbed "BatteryIntelligence" within the code, but although it was present, the feature isn't finished. That likely means it has been added in for testing purposes, but won't be ready for full deployment for some time yet.

Read more