Researchers have reportedly found a flaw in Apple's encryption that could allow hackers to access photos and videos sent as instant messages.
The discovery undermines the idea of completely secure encryption that leaves no back door for government agencies or criminals - as Apple's data battle with the FBI heads to the courts.
Johns Hopkins University cryptographer Matthew Green spotted a potential weakness in iMessage encryption when he read an Apple security guide and mounted a staged attack with his graduate students after alerting the company to the issue.
They successfully targeted phones using pre-2011 versions of iMessage and were able to download a photo from Apple's servers after a few months, the Washington Post reported.
Mr Green warned a modified version of the attack would work on later operating systems - but would require nation-state level hacking skills.
The hack would not have helped the FBI pull data from the recovered San Bernardino terrorist iPhone as that case involves data stored on a phone, rather than information travelling between devices.
But Mr Green said his team's findings raise concerns about data security - particularly in light of Apple's titanic struggle with the US government.
He told the Post: "Even Apple, with all their skills - and they have terrific cryptographers - wasn't able to quite get this right.
"So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right."
The Johns Hopkins team is due to release details of its research after Apple has had a chance to fix the bug.
Apple said it partially fixed the problem when it released its iOS 9 operating system, and will fully address the problem through security improvements in its latest operating system, iOS 9.3, due to be released later.
The company said: "Apple works hard to make our software more secure with every release.
"We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability."
0 komentar: