“Apple has implemented a series of short- and long-term defenses to its iMessage protocol after several issues were discovered by a team of researchers at Johns Hopkins University,” Tim Hardwick reports for MacRumors.
Overall, our determination is that while iMessage’s end-to-end encryption protocol is an improvement over systems that use encryption on network traffic only (e.g., Google Hangouts), messages sent through iMessage may not be secure against sophisticated adversaries. — Johns Hopkins University researchers
“Apple was notified of the issue as early as November 2015 and patched the iMessage protocol in iOS 9.3 and OS X 10.11.4 as a result,” Hardwick reports. “Since that time, the company has been pushing out further mitigations recommended by the researchers through monthly updates to several of its products.”
Hardwick reports, “However, the team’s long-term recommendation is that Apple should replace the iMessage encryption mechanism with one that eliminates weaknesses in the protocol’s core distribution mechanism.”
More info and links in the full article here.
MacDailyNews Take: The more hardened, the better!