Researchers at Johns Hopkins University discovered a bug in Apple’s iMessage software which allowed them to decrypt photos and video sent through the secure messaging service, The Washington Post reports. Apple says it partially addressed the problem with the release of iOS 9 last fall and will fully fix the issue with the release of iOS 9.3. “We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability,” Apple said in a statement. “Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.”
Apple’s security encryption has been front and center in the public debate surrounding the company’s refusal to help the FBI unlock the iPhone of San Bernardino shooter Syed Rizwan Farouk. Matthew D. Green, the computer science professor at Johns Hopkins University who led the research team which hacked iMessage, said his team’s ability to compromise Apple’s security shatters the idea that strong commercial encryption has left no openings for law enforcement and malicious hackers. “Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” Green said. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.” Green’s team of graduate students plans to publish a paper describing the attack as soon as Apple issues its patch.
