A group of Johns Hopkins University researchers found a bug in Apple’s encryptionthat would let a
skilled attacker decrypt photos and videos that were sent as secure instant messages. (Matthias Schrader/AP)
Posted on 03/21/2016 2:37:59 PM PDT by Swordmaker
Apple’s growing arsenal of encryption techniques — shielding data on devices as well as real-time video calls and instant messages — has spurred the U.S. government to sound the alarm that such tools are putting the communications of terrorists and criminals out of the reach of law enforcement.
But a group of Johns Hopkins University researchers has found a bug in the company’s vaunted encryption, one that would enable a skilled attacker to decrypt photos and videos sent as secure instant messages.
This specific flaw in Apple’s iMessage platform probably would not have helped the FBI pull data from an iPhone recovered in December’s San Bernardino, Calif., terrorist attack, but it shatters the notion that strong commercial encryption has left no opening for law enforcement and hackers, said Matthew D. Green, a computer science professor at Johns Hopkins University who led the research team.
(Excerpt) Read more at washingtonpost.com ...
So, they took a byte out of the Apple?..................
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Nah, just a nibble.
Did they find a worm in it?............
We need to just get this over with once and for all. I say everyone in America sends a photo of their penis straight to the NSA. They are never gonna rest until they can see them all.
Once you peel the onion back on Apple’s products you always find some shortcuts.
I ran into a classic adding an SSD to a 2011 MBP.
Apple specs showed a 6mb/s interface to the HDD.
After swapping out the HDD for an SSD I received an error and researched it. Turned out the little ribbon cable was only spec’d out to 3mb/s. Just a little shortcut that cost me $50 to swap the cable out.
Hence their Proprietary internals.
That has to blow the applelib engineers egos up.
“it shatters the notion that strong commercial encryption has left no opening for law enforcement and hackers”
No, properly implemented, with a large enough key, current encryption techniques are still unbreakable.
That’s why the FBI needs Apple’s help to be able to retrieve the private keys, which are secured with lesser methods, from the phone. But that means being able to get past the lock screen, which they could easily brute force if not for the fact that the phone will be wiped after too many unsuccessful attempts to enter the unlock code.
But the FBI, or whoever, still has no hope of actually cracking (for example) 512-bit RSA encryption (never mind 1024 bit) with current computing technologies in our lifetimes. Not even with huge server farms or distributed computing on a massive scale (like if you could put every device on earth to work breaking it).
Here is how I think its done.
The s-box portion of AES256 is a known array lookup table and since Apple currently doesn’t use Intel’s fairly new AES instructions, the s-box code is in memory.
Once you find the s-box code, you can sequence thru memory until you find the key being loaded.
Using Intel AES instructions should eliminate this vulnerability.
You still need to get past Apple security to look at system memory so its not a sure thing.
Correct me if I’m wrong in my thinking, but it seems to me that I have read that Apple iPhones will ‘self destruct’ or wipe it’s memory if the incorrect password is given more than a certain number of times.
Being in electronics, but not familiar with Apple circuitry, it seems to me that if you would take the memory chips off the circuit board or disabled by lifting the power pin, to where they could not be accessed by the phone’s microprocessor and you could use a computer programmed to hack away at the password innumerable times to gain access to the data.Or you installed them into another iPhone that you could access them directly.
If the data is encrypted on the memory chips, then reading them is not a problem, only the encryption method used to ‘unscramble’ them is. If the algorithm used to encrypt the data is known, then it seems that you could unscramble the data with a computer programmed to try every possible iteration of the data until something readable comes up.
This whole mess isn’t really about ‘the data’ on a particular iPhone, but about The Government wanting Apple to provide to them a quick and easy method of decrypting the data on ANY iPhone via some method.
Or am I wrong?.............................
It boils down to it’s all software. Software sends the signals to wipe the system. Replace a few bytes in memory and that won’t happen anymore. It might write ‘Hello Bob’ on the screen instead.
Just another nibble. I was shocked and overwhelmed by their new 4 inch phone. I’d never heard of a 4 inch phone until I looked into my pocket.
No one appreciates bombastic, completely over-the-top comments like this one more than I do! I couldn't agree more! :-)
Somewhere on a memory chip a ‘key’ is stored to unlock the data. If that can be accessed outside the iPhone...........................
"Messages sent via iMessage are vulnerable to interception by a fake Apple server. Using such a server, the researchers repeatedly sent a single photo between iOS devices, subtly making minor changes to the photo each time and checking to see how that affected the encrypted version. After thousands of tries, they finally deduced the 128-bit encryption key.The team's original attack require targeted devices to not be updated to the most recent version of iOS (by implication, any version of iOS 9), but a modified version of the attack could affect even iPhones fully patched through yesterday.
The vulnerability was closed with yesterday's update to iOS 9.3.
Why? It was an extremely complicated procedure that required thousands of attempts using willing a sender to modify a photo subtly and measure what they got with multiple thousands of sends. . . this allowed the researchers to eventually calculate the 128 bit AES key. This is a major undertaking not suitable for an average hacker or even a sophisticated hacker to accomplish. It can only be done with some organization with lots of resources and lots of time. As I quoted above.
This vulnerability was really hard to accomplish. It was not something your average hacker had the equipment to be able to do:
"Messages sent via iMessage are vulnerable to interception by a fake Apple server. Using such a server, the researchers repeatedly sent a single photo between iOS devices, subtly making minor changes to the photo each time and checking to see how that affected the encrypted version. After thousands of tries, they finally deduced the 128-bit encryption key.The team's original attack require targeted devices to not be updated to the most recent version of iOS (by implication, any version of iOS 9), but a modified version of the attack could affect even iPhones fully patched through yesterday.
The vulnerability was closed with yesterday's update to iOS 9.3.
In any case, it was not any poor reflection on the Apple engineers at all.
Their huge egos and self righteousness makes them look like they see themselves superior to the potential good of the rest of us.
First of all, the algorithm to encrypt them isn't known. Secondly, the key that was used to encrypt them is constructed using the passcode that isn't known, entangled with an unknown Unique ID that isn't known or recorded anywhere, also entangled with a group ID that is known, also entangled with a purely random number that came from a purely entropic input from four sensors (camera, microphone, accelerometer, and one other Apple doesn't list) in the iPhone that were read when the original passcode was input and entangled themselves to provide a truly random number . . . but the last three of those things, the UID, GID, and the random number are stored inside a special area called the Encryption Engine inside the A6 processor which even the data processor of the A6 cannot reach.
The first item, the passcode, has to be input anew each time by the user. . . and another algorithm converts it into a one-way hash that will be compared with a stored one-way hash that is kept with the other items in the Encryption Engine that was generated the first time the passcode was entered. If the two match, the iPhone is unlocked, the encryption algorithm builds the encryption/decryption key by using the passcode, the UID, GID, and random number, and the data can be deciphered.
BUT, it has to have all four of those things, and they are not anywhere on the flash drive . . . and three of them are locked away in the Encryption Engine, completely unreadable by the A6 processor and the fourth can only be input by the user from the touch screen. . . and all of them only manipulable by the Encryption Engine itself inside itself.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.