Researchers, Apple collaborate to fix iMessage security hole with today's release of iOS 9.3
A bug has been discovered in Apple's iMessage encryption by security researchers at Johns Hopkins University, who have collaborated with the company to help patch the issue in the upcoming iOS 9.3 software update, set to be released to the public today.
Johns Hopkins will withhold publishing the details of flaw until after iOS 9.3 is released to the public, according to The Washington Post. Researchers claim that the security hole could allow hackers to decrypt photos and videos sent via iMessage.
Apple issued a statement on the team's findings, saying the problem was partially fixed with iOS 9. Today's release of iOS 9.3, expected after the company's "iPhone SE" media event, will apparently fully resolve the issue.
"Apple works hard to make our software more secure with every release," the statement reads. "We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability."
The head of the research team, Matthew D. Green, said the flaw likely wouldn't have helped the FBI in its investigation of the San Bernardino shooter's iPhone 5c. But the team also stands by Apple in its encryption battle with the U.S. government, saying the flaw only serves to highlight the fact that there are other ways the government could break into mobile devices without forcing Apple to make a backdoor.
"Even Apple, with all their skills -- and they have terrific cryptographers -- wasn't able to quite get this right," Green said. "So it scares me that we're having this conversation about adding back doors to encryption when we can't even get basic encryption right."
Security researchers have repeatedly praised Apple's iMessage protocol for being highly secure, sometimes to the ">chagrin of law enforcement. But the research by Johns Hopkins shows that even the most robust encryption can have serious flaws.
iMessages are encrypted messages that can be sent between Apple devices, including iPhones, iPads and even Macs running the OS X platform. The service launched with iOS 5 back in 2011.
Johns Hopkins will withhold publishing the details of flaw until after iOS 9.3 is released to the public, according to The Washington Post. Researchers claim that the security hole could allow hackers to decrypt photos and videos sent via iMessage.
Apple issued a statement on the team's findings, saying the problem was partially fixed with iOS 9. Today's release of iOS 9.3, expected after the company's "iPhone SE" media event, will apparently fully resolve the issue.
"Apple works hard to make our software more secure with every release," the statement reads. "We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability."
The head of the research team, Matthew D. Green, said the flaw likely wouldn't have helped the FBI in its investigation of the San Bernardino shooter's iPhone 5c. But the team also stands by Apple in its encryption battle with the U.S. government, saying the flaw only serves to highlight the fact that there are other ways the government could break into mobile devices without forcing Apple to make a backdoor.
"Even Apple, with all their skills -- and they have terrific cryptographers -- wasn't able to quite get this right," Green said. "So it scares me that we're having this conversation about adding back doors to encryption when we can't even get basic encryption right."
Security researchers have repeatedly praised Apple's iMessage protocol for being highly secure, sometimes to the ">chagrin of law enforcement. But the research by Johns Hopkins shows that even the most robust encryption can have serious flaws.
iMessages are encrypted messages that can be sent between Apple devices, including iPhones, iPads and even Macs running the OS X platform. The service launched with iOS 5 back in 2011.
Comments
I say I prefer the way iMessage handle it. Send or not send. No draft. That's simpler.
what possible relevance does the number of devices owned by your family have? or how many stocks you supposedly have? absolutely no relevance.
this is not a missing feature of iOS. it's an unnecessary complication of android.
Plus I can imagine the security overhead for keeping a draft of an iMessage in memory.
FWIW, though, I don't personally know a single iPhone user who prefers SMS over iMessage. Delivery confirmation, optional read notification, the ability to read/send messages on devices other than your phone (iPads, Macs), conversations synced among devices, reliable end-to-end encryption, etc. And the phone does automatically use SMS when sending to non-Apple devices. But to each his own...
As mentioned previously, if you need to think it over or work on it intermittently, an email would be preferable, along with draft capability, for longer memos or text. Hmmm, maybe that's why they're simply called Messages on iOS rather than Text Messages. In any case, there are always different use cases, and I agree that more functionality is usually a good thing, but not necessarily at the expense of simplicity and expediency.