A group of security researchers at John Hopkins University led by well-known cryptographer Matthew D. Green have discovered a security flaw in Apple’s encrypted iMessage service. The flaw can let hackers access private messages sent between individuals and even get access to photos and videos stored on Apple’s iCloud servers.
Matthew Green revealed the weakness in Apple iMessage just a day before the company is set to go against the FBI in the court over creating a backdoor in iOS. FBI wanted to gain access to password-protected iPhone used by Syed Rizwan Farook, who shot San Bernardino, but the Cupertino-based company denied to create backdoor.
Green warned about the security flaw in Apple iMessage to the company last year.
Matthew D. Green spotted the security flaw last year and even warned the company regarding the potential problem, but Apple didn’t reply. The Cupertino-based company partially fixed the flaw in iOS 9 released last September. But according to Green, hackers could still exploit the flaw on iPhones running on the latest software.
Green said to the Washington Post:
“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right. So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”
The iPhone-maker didn’t comment on this, but they provide The Washington Post with this statement:
“Apple works hard to make our software more secure with every release. We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability. Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.”
The details about the security flaw in Apple iMessage will be published by the John Hopkins University’s researchers only after Apple fixes this issue.