Home » Topics » Cybersecurity » Researchers break hole in Apple’s ‘unbreakable’ encryption

Researchers break hole in Apple’s ‘unbreakable’ encryption

Avatar photoby Ben Rossi

Apple has put a lot of work in making its devices hard to crack. For the past few months the FBI has been hounding Apple about the strength of its encryption techniques, demanding that they create easier ways for them to circumvent security in the iPhone's OS for reasons of national security.

But now a group of researchers from Johns Hopkins University, Maryland, say they have found a major flaw in Apple's encryption that allows them to break the encryption of iMessages, decoding photos and videos.

The team is due to publish a paper today revealing how they wrote software to mimic an Apple server, intercepting an encrypted transmission and decrypting videos and image files.

> See also: Apple iPhone 7 rumours: the top 5 FAQs answered 

'Even Apple, with all their skills – and they have terrific cryptographers – wasn’t able to quite get this right,' lead researcher Matthew Green told the Washington Post. 'So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.'

Technologists such as those at the National Security Agency could easily have found the same flaw, added Green: 'If you put resources into it, you will come across something like this,' he said.

Although the particular bug wouldn't help unlock the iPhone of the San Bernadino shooter who killed 14 people in December, it eradicates the idea that Apple's encryption is impenetrable to hackers and law enforcement.

> See also: Not all wearables are created equal: how to design a wearable security strategy for the new ecosystem

Green said law enforcement such as the FBI could use his discovered method to intercept photos and messages sent via iMessage during a criminal investigation.

Last year, Apple resisted calls from prosecuters to create a backdoor into iMessage, refusing to allow them to intercept iMessage content in a case in Baltimore. 

The team has notified Apple, who says it will release the full fix to the issue in the latest OS update, iOS 9.3. The version is due out today, and Green recommends that users update their devices as soon as possible to prevent a possible attack.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise