New Security Concerns For Apple’s iMessage
MobileNews March 24, 2016 Arianna Gael
Apple’s iPhone has been making news headlines for the past few weeks following a superior court ruling which stated the tech manufacturer was required to rewrite its OS operating system in order to create a “backdoor” for the FBI to break into a phone. Apple has steadfastly refused to attempt such a thing, even if it was possible; the company feels that this move would allow the FBI or any other government or law enforcement entity to use this backdoor whenever they chose. The FBI, however, has promised to only use it in this one specific case involving the San Bernardino, California, terrorist attack in December of 2015.
As it turns out though, that’s not really what Apple should be worrying about.
As an article for CBS explained, “A team from Johns Hopkins University says it found a security bug in iMessage, the encrypted messaging platform used on Apple’s phones and other devices. The bug would allow hackers under certain circumstances to decrypt some messages. The team’s paper is extremely critical of iMessage’s encryption technology, citing ‘significant vulnerabilities that can be exploited by a sophisticated attacker.’ And it argues that in the long term, the technology needs to be replaced with a more modern mechanism.”
So what? Some of the best security systems in the world have been hacked. But this news does have serious implications for the company and for its customers.
First, it will hopefully serve as yet another warning that nothing is secure. Tech users who put all their eggs in the proverbial security basket are going to be highly disappointed in the result, namely that a hacker with the right capabilities can probably get in. Of course, it’s finding that hacker to do the dirty work that is the problem.
As second, the government has found out. The supposed inherent vulnerabilities in Apple’s system mean (again) a hacker can get in. So why is the government taking legal action against Apple in order to create a work around that provides access to the bad guys’ phones? Could it possibly be because they want this access available at all times, on every iPhone? Why bother invoking a hacker’s skill when you can break into a citizen’s phone at the touch of a button, a button that was provided by the manufacturer and therefore guaranteed to work?
The truly interesting news with regards to this flaw is the official response from Apple. While the company issued a statement saying that several of the noted flaws were already fixed in recent patches and updates, Apple thanked the team for bringing these further concerns to light so that they can be addressed.