John Hopkins researchers were able to exploit a vulnerability in iOS 9.3 and decrypt media sent across the iMessage platform.
Researchers from John Hopkins University have discovered a flaw in Apple's iMessage service which allows images and videos sent and stored in iCloud to be decrypted.
The research team, led by computer science expert Matthew Green, came across a bug in the iPad and iPhone maker's encryption protocols which enabled skilled cyberattackers to compromise iMessage sessions and decrypt content which users believed were sent securely to participants in a conversation.
As
reported by the Washington Post, the flaw lies within iMessage encryption, which struck Green as "weak" and piqued his interest.
After several months of work, Green and his team of researchers developed software which mimicked an Apple server. This gave the team the opportunity to intercept iMessage transmissions, and through testing, they were able to target communication which contained a link to a photo stored in the Apple iCloud server.
This captured packet also included a 64-digit key required to decrypt the image.
While the security researchers were unable to see the key's individual digits, they were able to use brute force techniques -- repeating the process of testing letters and digits individually and sending these guesses back to the target phone -- which were then accepted by the mobile device when the correct digit was pinged.
Eventually, this led the team to the correct 64 digits and the ability to decrypt the image. Green said the attack, if levied against your average user, would not have raised any alarm bells.
"A modified version of the attack would also work on later operating systems," Green told the publication.
source:zdnet
