As Apple prepares to argue in court this week against being forced to further help investigators access data from a slain terror suspect’s iPhone, researchers claim they’ve found a way to decode encrypted photos and videos sent between devices using the company’s most current, supposedly uncrackable operating system.
Cryptologists at Johns Hopkins University in Baltimore said Monday they were able to compromise the encryption used to protect media sent between Apple devices by exploiting a weakness that affects iMessage, the company’s proprietary communication protocol.
Specifically, researchers used a brute-force attack to make thousands of guesses until they could figure out a 64-digit key needed to decrypt media hosted on Apple’s iCloud server.
“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” Matthew Green, an assistant professor at the Johns Hopkins Information Security Institute, told The Washington Post. “So it scares me that we’re having this conversation about adding backdoors to encryption when we can’t even get basic encryption right.”
Apple confirmed the exploit Monday, and the company plans on correcting the vulnerability by rolling out a new operating system later in the day.
“Apple works hard to make our software more secure with every release,” the company said in a statement. “We appreciate the team of researchers that identified this bug and brought it to our attention so we could patch the vulnerability. … Security requires constant dedication and we’re grateful to have a community of developers and researchers who help us stay ahead.”
Justice Department attorneys are expected Tuesday to tell a federal court judge in California that Apple should be ordered to unlock an allegedly impenetrable iPhone 5c owned Fyed Sarook — one-half of the married couple that went on a mass shooting spree in San Bernardino in December, killing 14 before dying in a showdown with police.
Investigators believe the phone may hold evidence related to that terror plot and potentially others, but are unable to access its data because of three separate security features enabled on the device.
Attorneys for the FBI say they should be allowed to compel Apple for help by invoking the All Writs Act of 1789, but the tech titan has refused by arguing that the government’s demands would require the company to create a new operating system purposely designed to be exploited, in turn establishing an alarming precedent regarding what authorities can ask of private businesses.
Microsoft, Facebook, Google and the American Civil Liberties Union have all filed friend-of-the-court briefs in support of Apple. Edward Snowden, the former government contractor wanted for leaking National Security Agency secrets, called it “the most important tech case in a decade.”
“The outcome of this case could not be more important for the future of privacy and security in the digital age,” Alex Abdo, a staff attorney for the ACLU, said in a statement Monday. “If the FBI wins, it will have gained the power to force the tech companies to hack their customers. This is a reckless pursuit that threatens to undermine the security of all our devices, not just the one phone at issue in the case.”
Researchers at Johns Hopkins only tested their attack on older iPhones, but Mr. Green told The Post that a nation-state should be able to use a modified version to access encrypted videos and photos sent over phones running Apple’s most current operating system.
“If you put resources into it, you will come across something like this,” he said.
FBI Director James Comey testified earlier this month that the bureau has unsuccessfully appealed to NSA and other agencies for help hacking the phone.
Copyright © 2019 The Washington Times, LLC.