Researchers discover security flaw in Apple messaging

“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” professor Matthew Green, whose team of graduate students discovered the flaw, said in a Washington Post report. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”

Related Story: http://www.washingtonexaminer.com/article/2584612

Green suggested that if his team was able to discover a flaw in iMessages, it was likely that other flaws exist on Apple products that law enforcement officials should be able to discover. He said the idea for breaking into the system came to him last fall. He first notified the company, but after several months passed and nothing was done to correct it, he took action himself.

In a statement, Apple said it was grateful for assistance from Green and his team and was working to fix the flaw.

“Apple works hard to make our software more secure with every release,” the company said. “We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability…. Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.”

Apple stated that it partially fixed the problem with the release of its iOS 9 operating system, and that it would be fully resolved with the release of iOS 9.3 on Monday. Following the release, researchers said, they would publish the details of their of study.

The flaw would not assist authorities in breaking into the iPhone used by terrorists in California’s December attack, but it does indicate the scope of vulnerabilities that exist, even for a leading company like Apple.

Related Story: http://www.washingtonexaminer.com/article/2585232

“If you put resources into it, you will come across [a flaw] like this,” Green said.