Sign In

Communications of the ACM

Home/News/Johns Hopkins Researchers Poke a Hole in Apple's Encryption/Full Text
ACM TechNews

Johns Hopkins Researchers Poke a Hole in Apple's Encryption

By The Washington Post
March 21, 2016
Comments
View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon
Share on Tweeter Share on Facebook
Share
Apple Store

A research team from Johns Hopkins University has successfully cracked Apple's iMessage encryption by exploiting a bug that would enable hackers to decode photos and videos sent as secure instant messages. The researchers wrote software to emulate an Apple server, and the encrypted transmission they targeted had a link to a photo stored in Apple's iCloud server and a 64-digit decryption key. The team guessed the digits by changing a digit or a letter in the key and sending it back to the target phone to see what would be accepted, and they repeated this process thousands of times until the key was revealed.

Johns Hopkins professor Matthew D. Green says this breakthrough disproves the notion that strong commercial encryption is hack-proof for either hackers or law enforcement. He also says such methods make court orders compelling companies to create software to open security unnecessary. "It scares me that we're having this conversation about adding backdoors to encryption when we can't even get basic encryption right," Green says. He urges users to update their phones and laptops to iOS 9.3 as a preventive measure.

The American Civil Liberties Union's Christopher Soghoian says the exploit illustrates the danger of companies building their own encryption without independent vetting.

From The Washington Post
View Full Article – May Require Free Registration

 

Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA

 

No entries found

Comment on this article

Signed comments submitted to this site are moderated and will appear if they are relevant to the topic and not abusive. Your comment will appear with your username if published. View our policy on comments

(Please sign in or create an ACM Web Account to access this feature.)

Create an Account

Log in to Submit a Signed Comment

Sign In »

Sign In

Signed comments submitted to this site are moderated and will appear if they are relevant to the topic and not abusive. Your comment will appear with your username if published. View our policy on comments
Forgot Password?

Create a Web Account

An email verification has been sent to youremail@email.com
ACM veriŞes that you are the owner of the email address you've provided by sending you a veriŞcation message. The email message will contain a link that you must click to validate this account.
NEXT STEP: CHECK YOUR EMAIL
You must click the link within the message in order to complete the process of creating your account. You may click on the link embedded in the message, or copy the link and paste it into your browser.
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Read CACM in a free mobile app!
Access the latest issue, plus archived issues and more
ACM Logo
  • ACM CACM apps available for iPad, iPhone and iPod Touch, and Android platforms
  • ACM Digital Library apps available for iOS, Android, and Windows devices
  • Download an app and sign in to it with your ACM Web Account
Find the app for your mobile device
ACM DL Logo