Your Nudes Could Be Exposed Due to a Glitch in iMessage Encryption
Send nudes? If you're using an iPhone, stay on top of those updates — otherwise, your sexts could fall prey to prying eyes.
As the Washington Post reported, a team of researchers at Johns Hopkins University recently succeeded in cracking Apple's iMessage encryption, gaining access to the photos and videos sent by iPhones using dated operating systems. It's bad news for anyone who puts off installing Apple's all-too-frequent software updates.
"Apple works hard to make our software more secure with every release," a statement from the company read, according to the Post. "We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability."
Which is precisely what the company hopes to do with the release of its iOS 9.3 on Monday. But Matthew D. Green, a professor of computer science at Hopkins and the team leader, noticed the possible security hole in 2015. He broached the subject with Apple, which apparently didn't act on the tip, so Green did, assembling graduate students to help him break iMessage code.
Green and his researchers simulated an Apple server, and targeted an encrypted transmission in iCloud that contained a photo link. The investigators were able to grab both the links and their respective 64-digit encryption codes, cracking them through slow and methodical guess work. They won't be releasing a paper on their findings until after Apple issues the patch, but as the Post reported, older operating systems were particularly vulnerable.
And messages sent from iPhone to iPhone aren't the only ones at risk. Both laptops and iPads have iMessaging capabilities — they're susceptible to hackers, too.
According to the Verge, the implications reach beyond those nude selfies that are so popular with the youths of our day. "Sophisticated nation-state actors" could exploit the glitch, as could authorities embroiled in "active criminal investigations."
That likely does not include the FBI's current effort to force Apple to unlock the iPhone of San Bernardino shooter Syed Rizwan Farook, an issue that has sparked heated debate nationwide. Apple's head of product security and privacy, Eric Neuenschwander, who will appear in court on Tuesday as a witness during the first hearing in the case.
The Post reported that this hole in Apple's defenses doesn't mean much for Farook's phone, but anyone who has been procrastinating on their software updates should take note.