Sources Contact Advanced Search Tutorials

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

August 15, 2016 10:00 pm

Serious Flaws In iMessage Crypto Allow For Message Decryption

Reader Trailrunner7 writes: New research from a team at Johns Hopkins University shows that there are serious problems with the way Apple implemented encryption on its iMessage system, leaving it open to retrospective decryption attacks that can reveal the contents of all of a victim's past iMessage texts. The iMessage system, like much of what Apple does, is opaque and its inner workings have not been made available to outsiders. One of the key things that is known about the system is that messages are encrypted from end to end and Apple has said that it does not have the ability to decrypt users' messages. The researchers at JHU, led by Matthew Green, a professor of computer science at the school, reverse engineered the iMessage protocol and discovered that Apple made some mistakes in its encryption implementation that could allow an attacker who has access to encrypted messages to decrypt them.The team discovered that Apple doesn't rotate encryption keys at regular intervals (most encryption protocols such as OTR and Signal do). This means that the same attack can be used on iMessage historical data, which is often backed up inside iCloud. Apple was notified of the issue as early as November 2015 and it rolled out a patch for the iMessage protocol in iOS 9.3 and OS X 10.11.4.

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot