
Johns Hopkins researchers poke a hole in Apple’s encryption - runesoerensen
https://www.washingtonpost.com/world/national-security/johns-hopkins-researchers-discovered-encryption-flaw-in-apples-imessage/2016/03/20/a323f9a0-eca7-11e5-a6f3-21ccdbc5f74e_story.html
======
bsimpson
“Even Apple, with all their skills — and they have terrific cryptographers —
wasn’t able to quite get this right,” said Green, whose team of graduate
students will publish a paper describing the attack as soon as Apple issues a
patch.

reminds me of John Oliver's fake Apple ad from last week:

"We're barely one step of hackers at any time,"
[https://www.youtube.com/watch?v=zsjZ2r9Ygzw#t=15m50](https://www.youtube.com/watch?v=zsjZ2r9Ygzw#t=15m50)

~~~
unabst
All the FBI or anyone with a locked phone has to do is wait without updating
the phone. Eventually an exploit for that version will emerge. It appears
they've already caught up to iphone5 and iOS 8.

[http://www.ebay.com/sch/i.html?_odkw=ios+passcode&_osacat=0&...](http://www.ebay.com/sch/i.html?_odkw=ios+passcode&_osacat=0&_from=R40&_trksid=p2045573.m570.l1313.TR12.TRC2.A0.H0.Xios+ip+box.TRS0&_nkw=ios+ip+box&_sacat=0)

~~~
rm_-rf_slash
Nothing wrong with that. Hacking goes both ways.

------
themartorana
Good. Awesome! Not that the hole exists, but that people are finding and
reporting them to Apple. When the NSA finds an exploit they don't report it
and we all end up surveyed.

Thanks JH researchers for finding it, thanks Apple for patching it.

------
tristanj
> _Apple said it ... will fully address the problem through security
> improvements in its latest operating system, iOS 9.3, which will be released
> Monday._

Whoops, looks like the Washington Post just leaked the iOS 9.3 release date
with this article. Now we know what Apple has in store for their keynote
tomorrow morning ;)

~~~
tdkl
There has been 7 betas of 9.3 and an upcoming event was planned for new
hardware, it doesn't take much to put that together.

------
runesoerensen
Related tweets from one of the researchers:

\- Christina Garman,@matthew_d_green, Gabriel Kaptchuk, Michael Rushanan, and
I found some crypto exploits in iMessage

\- Details, blog post, paper, etc to come after Apple ships the patch.

\- And now you have 14 hours to guess what the attack is. As a hint, no, its
not a bug in how Apple stores or encrypts attachments.

[https://twitter.com/secparam](https://twitter.com/secparam)

~~~
joshfraser
from the article it sounds like they allow people to brute force the key.
possibly via a timing attack?

~~~
madaxe_again
From the article it sounds like bull - unless something is seriously awry you
should be getting no indication that individual bits of your key are right or
wrong, as they describe.

I'll await the paper.

~~~
IceyEC
I think it's generally called an oracle and are usually very useful when it
comes to breaking crypto

~~~
doomrobo
Oracles normally operate on plaintext or ciphertext, not key material
directly.

------
ge0rg
_Although the students could not see the key’s digits, they guessed at them by
a repetitive process of changing a digit or a letter in the key and sending it
back to the target phone._

That sounds like a timing attack against the iMessage servers, probably also
involving the unpatched client.

~~~
jlgaddis
It also kinda sounds like the same kind of "attack" that weev went to prison
for.

~~~
maxerickson
Weev repetitively accessed information that he knew he was not authorized to
access on a server owned by someone else.

These researchers took a phone they owned and setup a situation where a server
they controlled sent messages the phone interpreted as coming from Apple.
Those messages were used to extract the key from the phone they owned. They
then used that key to access an account they owned and were the authorized
user of.

Is there a technical case of unauthorized access if they used a non Apple
client to access the photo? Maybe. Did they establish the same pattern as
Weev, accessing information related to many other users? No.

~~~
ceejayoz
> Weev repetitively accessed information that he knew he was not authorized to
> access on a server owned by someone else.

Not to mention giving the hack to Gawker before notifying AT&T, getting caught
with cocaine, violating a gag order, and saying "I won't nearly be as nice
next time" shortly before his sentencing.

~~~
EdHominem
All largely irrelevant to the issue that no real crime was committed. In any
rational world, there has to be some difficulty to a hack before it is a
"hack".

No locks were broken - not even the weakest 1bit password. Weev only
incremented a number of a public endpoint.

The prosecution in his case, as in Aaron Swartz's, conspired to use their
legal enforcement powers to intimidate the innocent. They literally,
knowingly, tried to charge people for things they knew at the time weren't
crimes, because they had been "humiliated" by losing earlier.

(*Innocent of the charges at hand - questions of someone's "other" guilt are
out of scope.)

~~~
maxerickson
Walking through an open door can be criminal trespass (especially if you know
you don't have permission to do so).

The problem isn't that easy hacks can be criminal, it's that the punishments
are out of line with the harm done.

~~~
EdHominem
A 1-bit lock would be like "Employees only. Are you an employee? Yes/No". It's
just enough to establish that you knew you were supposed to stay out.

And yes, a guilty-verdict and a one-cent fine wouldn't be too big of a deal.
But ideally the courts just wouldn't even hear the case.

------
danjoc
"Some academics have advocated that law enforcement use software
vulnerabilities to wiretap targets. That, they said, is preferable to building
in a back door to enable access, which they said would broadly damage
security."

Door in the face technique: Ask for a backdoor to all mobiles. Settle for
keeping security holes private and leaving those mobiles vulnerable.

Snowden told us about the latter and there was outrage. Now it's an acceptable
trade off because the FBI is threatening to take Apple's signing keys? Classic
door in the face technique.

------
awinter-py
> but it shatters the notion that strong commercial encryption has left no
> opening for law enforcement and hackers

Not sure what cave this guy was living in, unless he's using 'strong'
literally (in which case the statement is wrong).

Biggest reason not to trust 'consumer-grade' encryption is that consumers
aren't under constant attack, or aren't aware if they are. If I buy a car, I
know when it breaks down. Consumer Reports can say if it sucks. There are way
fewer 'educated consumers' for encryption technology.

------
mtgx
Another iMessage/iOS design flaw (in the context of its "end-to-end
encryption") is that you can't disable iCloud sync for the messages alone.
It's an all or nothing proposition. It would be good if in iOS 9.3 they'd
allow iMessage sync to be disabled, or even better _keep it disabled_ by
default, even when you enable "iCloud sync" (it is after all supposed to be
_end-to-end encryption_ , not "end-to-end encryption with centralized storage
in our cloud", at which point saying iMessage is E2E is just a misnomer).

~~~
pfg
It's my understanding that iMessage encrypts messages using the public keys of
all devices the recipient owns. The server would only store that ciphertext,
which is useless without the private key only available to the recipient.

Is this different when iCloud is enabled?

~~~
madeofpalk
This is true for transit.

However once the message has been delivered onto the device, they're either
stored in plaintext, or backed up in plaintext (with the backup itself being
encrypted with a key Apple has)

In saying that... I'm now wondering why they aren't encrypting the messages
using the passcode like other sensitive data. I guess so the backup can be
restored onto another phone and have the messages persist.

~~~
rdl
The problem is iCloud Backup -- it really should work in a way which doesn't
give Apple unlimited access. Yet, allow restore onto new devices, without
requiring users memorize long passwords, and without a bunch of confusing
options or steps for most users.

It's a fairly hard problem to do very well. What they do today isn't
particularly close to "very well", so even some easy improvements could make
it a lot better.

------
runesoerensen
The blog post and paper has been submitted here:
[https://news.ycombinator.com/item?id=11332377](https://news.ycombinator.com/item?id=11332377)

------
userbinator
Unfortunately (or fortunately?) not a jailbreak.

------
Bud
Wish we could ban WaPo links unless accompanied by a way to actually read
them. WaPo's firewall is incredibly annoying lately.

~~~
PascalsMugger
It would be nice if all links to a paywall had a "(Paywall)" in the title,
that way we'd get less complaining about paywalls, and less complaining about
complaining about paywalls.

~~~
JoeAltmaier
...and less solutions to complaining about complaining about paywalls!

