“A group of Johns Hopkins University researchers has found a bug in the company’s vaunted encryption, one that would enable a skilled attacker to decrypt photos and videos sent as secure instant messages,” Ellen Nakashima reports for The Washington Post.
“This specific flaw in Apple’s iMessage platform likely would not have helped the FBI pull data from an iPhone recovered in December’s San Bernardino, Calif., terrorist attack, but it shatters the notion that strong commercial encryption has left no opening for law enforcement and hackers, said Matthew D. Green, a computer science professor at Johns Hopkins University who led the research team,” Nakashima reports. “Cryptographers such as Green say that asking a court to compel a tech company such as Apple to create software to undo a security feature makes no sense — especially when there may already be bugs that can be exploited.”
“‘Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,’ said Green, whose team of graduate students will publish a paper describing the attack as soon as Apple issues a patch. ‘So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right,'” Nakashima reports. “”
Read more in the full article here.
MacDailyNews Take: Every bug found is a bug that can be squashed.
Apple works hard to make our software more secure with every release. We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability… Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead. — Apple’s statement to the Post
[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]