Researchers exploit iMessage bug to decrypt photos and videos

Researchers at Johns Hopkins University discovered a bug in Apple’s iMessage software which allowed them to decrypt photos and video sent through the secure messaging service, The Washington Post reports. Apple says it partially addressed the problem with the release of iOS 9 last fall and will fully fix the issue with the release of iOS 9.3. “We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability,” Apple said in a statement. “Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.”
Apple’s security encryption has been front and center in the public debate surrounding the company’s refusal to help the FBI unlock the iPhone of San Bernardino shooter Syed Rizwan Farouk. Matthew D. Green, the computer science professor at Johns Hopkins University who led the research team which hacked iMessage, said his team’s ability to compromise Apple’s security shatters the idea that strong commercial encryption has left no openings for law enforcement and malicious hackers. “Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” Green said. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.” Green’s team of graduate students plans to publish a paper describing the attack as soon as Apple issues its patch.


Dan Pye was a news editor at iLounge. He's been involved with technology his whole life, and started writing about it in 2009. He's written about everything from iPhone and iPad cases to Apple TV accessories.