Researchers from Jonhs Hopkins University punch hole in iOS encryption

21 Mar 2016

Contrary to what the FBI had been claiming about encryption on Apple's iOS being unbreakable, The Washington Post reported that researchers at Johns Hopkins University had found a bug that allowed them to break the encryption of iMessages, decoding photos and videos.

The method required the data to be in transit, not stored, so it would not really help in the case of the San Bernardino shooter's locked iPhone. The researchers wrote software to mimic an Apple server, and were able to intercept an encrypted transmission that contained a link to a photo on an iCloud server, as also a 64-digit key that decrypted it.

Though the key was not visible, the researchers were able to brute-force each digit. The team notified Apple, who said it partially fixed the flaw in iOS 9, and would release the full fix today in iOS 9.3.

Computer science professor Matthew Green leader of the Johns Hopkins team, said that the government should not force Apple to intentionally weaken the security of its own software, when the reality was that perfect encryption was incredibly hard if not impossible to achieve.

''Even Apple, with all their skills - and they have terrific cryptographers -wasn't able to quite get this right,'' said Green, whose team of graduate students will publish a paper describing the attack as soon as Apple issues a patch,macworld.com reported.

''So it scares me that we're having this conversation about adding back doors to encryption when we can't even get basic encryption right.''

Meanwhile, the iPhone maker's expanding array of encryption techniques - shielding data on devices as also real-time video calls and instant messages - had prompted the US government to sound the alarm that such tools were putting the communications of terrorists and criminals out of the reach of law enforcement.