Series Encryption Flaws In iMessage Found And Fixed By Apple
On Monday, Apple revealed by an update that the address of its iOS & Mac OS X operating systems faces the serious defects that affected the messaging protocol of company's iMessage that is used for reporting to send messages up to 200,000 in every second.
According to a research team of Johns Hopkins University that is lead by Mathew Green who is the expert of Cryptography that found a new attacking method which performs in very specific conditions that have the power to decrypt the attachments of iMessage like - videos & photos.
After the releasing of fix issues of Apple even in a blog post of research paper that is published on Monday that the experts briefly explained that a remote hacker who could prevail the ciphertexts of iMessage that can quietly decrypt the attachments of messages of the device of that sender or receiver who is online at that time.
And you know what this dangerous attack is made by certificate pinning which is a mechanism of security that is designed for preventing to the using of the fraudulent certificates. But the hacker was very clever because he knows about it, and found the way to access the server of Apple.
According to the adviser's flaw that assigned the identifiers such as CVE-2016-1788. Apple also found that the hacker needs the certificate pinning for the bypass that records the encrypted attachments &also injects the messages for attacking.
Even in November 2015, the Apple was informed about the vulnerabilities. But the company already initiated the deployed the aggressive certificate pinning in iOS applications that made a potential attack for more difficulties. Here is also released on Monday that is proposed by a short-term mitigation of the students that were involved in the research which was implemented in iOS 9.3 & Mac OS X EI captain 10.11.4.
Even Green believes that Apple has more secure than iMessage such as Open Whisper Systems that is an open-source messaging application signal which is already in an encrypted form and also relies on the management protocol of Axolotl cryptographic key.
Whereas this new harmful attack is also not easy that is also to use to pull off due to high security it provides the issue of Apple's encryption.
According to the researchers said, "While these flaws do not render iMessage completely insecure, some flaws reduce the level of security to that of the TLS encryption used to secure communications between end- user devices and Apple’s servers. This finding is surprising given the protection claims advertised by Apple."
And Apple also introduced the various security issues due to the addition of the iMessage vulnerability such as software products that includes the iOS, OS X, watchOS, tvOS, Xcode, OS X Server and Safari.
Apple and Government, both are preparing to face each other in the court due to the headlines of encryption of Apple that create a backdoor and after that this would allow the investigators to access the information of inside the company. But on Monday, the government may discover the way to break the San Bernardino shooter's iPhone and this would not be possible without the help of Apple.