Apple has put a lot of work in making its devices hard to crack. For the past few months the FBI has been hounding Apple about the strength of its encryption techniques, demanding that they create easier ways for them to circumvent security in the iPhone's OS for reasons of national security.
But now a group of researchers from Johns Hopkins University, Maryland, say they have found a major flaw in Apple's encryption that allows them to break the encryption of iMessages, decoding photos and videos.
The team is due to publish a paper today revealing how they wrote software to mimic an Apple server, intercepting an encrypted transmission and decrypting videos and image files.
> See also: Apple iPhone 7 rumours: the top 5 FAQs answered
'Even Apple, with all their skills – and they have terrific cryptographers – wasn’t able to quite get this right,' lead researcher Matthew Green told the Washington Post. 'So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.'
Technologists such as those at the National Security Agency could easily have found the same flaw, added Green: 'If you put resources into it, you will come across something like this,' he said.
Although the particular bug wouldn't help unlock the iPhone of the San Bernadino shooter who killed 14 people in December, it eradicates the idea that Apple's encryption is impenetrable to hackers and law enforcement.
> See also: Not all wearables are created equal: how to design a wearable security strategy for the new ecosystem
Green said law enforcement such as the FBI could use his discovered method to intercept photos and messages sent via iMessage during a criminal investigation.
Last year, Apple resisted calls from prosecuters to create a backdoor into iMessage, refusing to allow them to intercept iMessage content in a case in Baltimore.
The team has notified Apple, who says it will release the full fix to the issue in the latest OS update, iOS 9.3. The version is due out today, and Green recommends that users update their devices as soon as possible to prevent a possible attack.