Hacked: Hacking Finance

Apple iMessage Flaw Allows Hackers to Steal Photos


Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.


Alleged FBI Hacker Lauri Love Ordered to US Extradition by UK Home Secretary 15th November, 2016

The Largest Breach of 2016: 412 Million FriendFinder Accounts Exposed 14th November, 2016


Apple iMessage Flaw Allows Hackers to Steal Photos

Posted on .

A group of researchers from Johns Hopkins University have found a bug in Apple’s iMessage platform that would allow attackers to intercept and decrypt video and images sent on iMessage.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

An exploit that affects versions of iMessage prior to iOS9 was initially discovered and partially patched by Apple last fall, during the release of iOS9. However, Professor Matthew D. Green from John Hopkins University has revealed to the Washington Post that he had long suspected a possible flaw in Apple’s encryption process that was specifically used for iMessage.

Sure enough, he and his graduate students mounted an attack to show that they could break the encryption that is meant to protect photos and videos sent on iMessage.

The fundamentally simple hacking exploit involves the creation of a software that emulates an Apple server that is then used to intercept files. The encrypted transmission that was targeted by the professor and his students contained the link to a photo stored on Apple’s iCloud server, along with the 64-digit encryption key required to decrypt the photo.

While the students were unable to see the digits, they simply took to guessing the decryption code by a brute force technique that saw them repeatedly change a digit or a letter of the key before sending it back to the targeted phone. Whenever a correct digit was guessed, the phone accepted it. Through thousands of repeated attempts, quickly achieved by a modern computer using brute-force, they had the key.

With the key, the team was able to retrieve the photo from Apple’s server. Notably, Green revealed that a modified version of the exploit would also work on later versions of iOS. He added, that the hacking skills required to come up with such an exploit would require a nation state pulling the strings behind it.

The flaw itself has nothing to do with the current stand-off between Apple and the FBI with the latter demanding that Apple help them install a backdoor to gain access to the entire phone, not just the iMessages platform. Furthermore, gain access to a user’s phone comes with encryption that does not allow brute-force methods to guess the user’s passkey.

For its part, Apple has completely patched the exploit with the release of iOS 9.3 which is due to be released today. The release comes as a part of a wider event where further updates to software and even hardware releases such as new versions of the iPhone are rumored to be announced.

It is recommended iOS users update to the latest version of iOS, as soon as possible.

Featured image from Pexels.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

There are no comments.

View Comments (0) ...
Security researchers and white hat hackers have, on the very…