Posted on 03/22/2016 12:32:08 AM PDT by Utilizer
Apple has quickly released a patch for a flaw in its encryption capability for the iOS mobile and OS X desktop operating systems which could allow attackers to unscramble protected iMessage photos and videos.
First reported by the Washington Post, a group of researchers led by cryptographer Matthew Green at John Hopkins University discovered they could intercept iMessage content stored in Apple's iCloud by brute-force guessing the encryption key.
With the encryption key at hand, attackers could retrieve files from iCloud accounts without users knowing. Attackers would need to be able to bypass Apple’s TLS certificate pinning, which associates the iCloud server with expected digital credentials, to take advantage of the vulnerability, the company said.
(Excerpt) Read more at itnews.com.au ...
Implementing crypto is harder than it looks. Folks like Matt Green are serious adversaries. It’s good that Apple was able to patch.
Let’s says there was an attack in Brussels, scores dead and wounded, an iPhone left behind by the terrorists. It is encrypted. Will Apple help decent people or side again with the terrorists right to privacy?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.