Apple iMessage Flaw Allows Hackers to Steal Photos | Hacked: Hacking Finance
user

Apple iMessage Flaw Allows Hackers to Steal Photos

Introduction

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.


LATEST POSTS

Total Coverage 22nd August, 2017

ChronoPay Looks to Kickstart Bitcoin Adoption in Russia 29th May, 2017

Cybersecurity

Apple iMessage Flaw Allows Hackers to Steal Photos

Posted on .
This article was posted on Monday, 13:21, UTC.

A group of researchers from Johns Hopkins University have found a bug in Apple’s iMessage platform that would allow attackers to intercept and decrypt video and images sent on iMessage.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

An exploit that affects versions of iMessage prior to iOS9 was initially discovered and partially patched by Apple last fall, during the release of iOS9. However, Professor Matthew D. Green from John Hopkins University has revealed to the Washington Post that he had long suspected a possible flaw in Apple’s encryption process that was specifically used for iMessage.

Sure enough, he and his graduate students mounted an attack to show that they could break the encryption that is meant to protect photos and videos sent on iMessage.

The fundamentally simple hacking exploit involves the creation of a software that emulates an Apple server that is then used to intercept files. The encrypted transmission that was targeted by the professor and his students contained the link to a photo stored on Apple’s iCloud server, along with the 64-digit encryption key required to decrypt the photo.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

While the students were unable to see the digits, they simply took to guessing the decryption code by a brute force technique that saw them repeatedly change a digit or a letter of the key before sending it back to the targeted phone. Whenever a correct digit was guessed, the phone accepted it. Through thousands of repeated attempts, quickly achieved by a modern computer using brute-force, they had the key.

With the key, the team was able to retrieve the photo from Apple’s server. Notably, Green revealed that a modified version of the exploit would also work on later versions of iOS. He added, that the hacking skills required to come up with such an exploit would require a nation state pulling the strings behind it.

The flaw itself has nothing to do with the current stand-off between Apple and the FBI with the latter demanding that Apple help them install a backdoor to gain access to the entire phone, not just the iMessages platform. Furthermore, gain access to a user’s phone comes with encryption that does not allow brute-force methods to guess the user’s passkey.

For its part, Apple has completely patched the exploit with the release of iOS 9.3 which is due to be released today. The release comes as a part of a wider event where further updates to software and even hardware releases such as new versions of the iPhone are rumored to be announced.

It is recommended iOS users update to the latest version of iOS, as soon as possible.

Featured image from Pexels.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

There are no comments.

View Comments (0) ...
Navigation
The team:
Dmitriy Lavrov
Analyst
Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
Jonas Borchgrevink
Founder
Jonas Borchgrevink is the founder of Hacked.com and CryptoCoinsNews.com. He is a serial entrepreneur, trader and investor. He shares his own personal journey on Hacked.com. // -- Discuss and ask Read More
Mate Csar
Analyst
Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
Mati Greenspan
Analyst
Senior Market Analyst at Etoro.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
Rakesh Upadhyay
Analyst
Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
Pamela Meropiali
Account Manager
Pamela Meropiali is responsible for users on Hacked.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
Joseph Young
Journalist
Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
Security researchers and white hat hackers have, on the very…