Johns Hopkins researchers poke a hole in Apple’s encryption
Apple‘s growing arsenal of encryption techniques — shielding data on devices as well as real-time video calls and instant messages — has spurred the U.S. government to sound the alarm that such tools are putting the communications of terrorists and criminals out of the reach of law enforcement.
But a group of Johns Hopkins University researchers has found a bug in the company’s vaunted encryption, one that would enable a skilled attacker to decrypt photos and videos sent as secure instant messages.
This specific flaw in Apple’s iMessage platform probably would not have helped the FBIpull data from an iPhone recovered in December’s San Bernardino, California, terrorist attack, but it shatters the notion that strong commercial encryption has left no opening for law enforcement and hackers, said Matthew Green, a computer science professor at Johns Hopkins University who led the research team.
The discovery comes as the U.S. government and Apple are locked in a widely watched legal battle in which the Justice Department is seeking to force the company to write software to help FBI agents peer into the encrypted contents of the iPhone used by Syed Rizwan Farouk, one of two attackers who were killed by police after the shooting rampage that claimed 14 lives.