Hacker News new | past | comments | ask | show | jobs | submit login
Johns Hopkins researchers poke a hole in Apple’s encryption (washingtonpost.com)
173 points by runesoerensen on Mar 21, 2016 | hide | past | web | favorite | 43 comments

“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” said Green, whose team of graduate students will publish a paper describing the attack as soon as Apple issues a patch.

reminds me of John Oliver's fake Apple ad from last week:

"We're barely one step of hackers at any time," https://www.youtube.com/watch?v=zsjZ2r9Ygzw#t=15m50

All the FBI or anyone with a locked phone has to do is wait without updating the phone. Eventually an exploit for that version will emerge. It appears they've already caught up to iphone5 and iOS 8.


Nothing wrong with that. Hacking goes both ways.

They thought of that ad too it seems ;) "Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage". Yes, the title is totally stolen from @LastWeekTonight https://twitter.com/secparam/status/712106956538793984

Good. Awesome! Not that the hole exists, but that people are finding and reporting them to Apple. When the NSA finds an exploit they don't report it and we all end up surveyed.

Thanks JH researchers for finding it, thanks Apple for patching it.

> Apple said it ... will fully address the problem through security improvements in its latest operating system, iOS 9.3, which will be released Monday.

Whoops, looks like the Washington Post just leaked the iOS 9.3 release date with this article. Now we know what Apple has in store for their keynote tomorrow morning ;)

There has been 7 betas of 9.3 and an upcoming event was planned for new hardware, it doesn't take much to put that together.

Related tweets from one of the researchers:

- Christina Garman,@matthew_d_green, Gabriel Kaptchuk, Michael Rushanan, and I found some crypto exploits in iMessage

- Details, blog post, paper, etc to come after Apple ships the patch.

- And now you have 14 hours to guess what the attack is. As a hint, no, its not a bug in how Apple stores or encrypts attachments.


If it's not how it stores or encrypts attachments, it means it has to do with the way apple handles them while they aren't encrypted, right? Is there any other attack vector if we're assuming the encryption itself is secure?

from the article it sounds like they allow people to brute force the key. possibly via a timing attack?

From the article it sounds like bull - unless something is seriously awry you should be getting no indication that individual bits of your key are right or wrong, as they describe.

I'll await the paper.

I think it's generally called an oracle and are usually very useful when it comes to breaking crypto

Oracles normally operate on plaintext or ciphertext, not key material directly.

Although the students could not see the key’s digits, they guessed at them by a repetitive process of changing a digit or a letter in the key and sending it back to the target phone.

That sounds like a timing attack against the iMessage servers, probably also involving the unpatched client.

It also kinda sounds like the same kind of "attack" that weev went to prison for.

Weev repetitively accessed information that he knew he was not authorized to access on a server owned by someone else.

These researchers took a phone they owned and setup a situation where a server they controlled sent messages the phone interpreted as coming from Apple. Those messages were used to extract the key from the phone they owned. They then used that key to access an account they owned and were the authorized user of.

Is there a technical case of unauthorized access if they used a non Apple client to access the photo? Maybe. Did they establish the same pattern as Weev, accessing information related to many other users? No.

> Weev repetitively accessed information that he knew he was not authorized to access on a server owned by someone else.

Not to mention giving the hack to Gawker before notifying AT&T, getting caught with cocaine, violating a gag order, and saying "I won't nearly be as nice next time" shortly before his sentencing.

All largely irrelevant to the issue that no real crime was committed. In any rational world, there has to be some difficulty to a hack before it is a "hack".

No locks were broken - not even the weakest 1bit password. Weev only incremented a number of a public endpoint.

The prosecution in his case, as in Aaron Swartz's, conspired to use their legal enforcement powers to intimidate the innocent. They literally, knowingly, tried to charge people for things they knew at the time weren't crimes, because they had been "humiliated" by losing earlier.

(*Innocent of the charges at hand - questions of someone's "other" guilt are out of scope.)

Walking through an open door can be criminal trespass (especially if you know you don't have permission to do so).

The problem isn't that easy hacks can be criminal, it's that the punishments are out of line with the harm done.

A 1-bit lock would be like "Employees only. Are you an employee? Yes/No". It's just enough to establish that you knew you were supposed to stay out.

And yes, a guilty-verdict and a one-cent fine wouldn't be too big of a deal. But ideally the courts just wouldn't even hear the case.

Actually, weev neither wrote the script nor ran it. Those were done by his codefendant.

Weev took the data provided to him by his codefendant and gave it to Gawker.

"Some academics have advocated that law enforcement use software vulnerabilities to wiretap targets. That, they said, is preferable to building in a back door to enable access, which they said would broadly damage security."

Door in the face technique: Ask for a backdoor to all mobiles. Settle for keeping security holes private and leaving those mobiles vulnerable.

Snowden told us about the latter and there was outrage. Now it's an acceptable trade off because the FBI is threatening to take Apple's signing keys? Classic door in the face technique.

> but it shatters the notion that strong commercial encryption has left no opening for law enforcement and hackers

Not sure what cave this guy was living in, unless he's using 'strong' literally (in which case the statement is wrong).

Biggest reason not to trust 'consumer-grade' encryption is that consumers aren't under constant attack, or aren't aware if they are. If I buy a car, I know when it breaks down. Consumer Reports can say if it sucks. There are way fewer 'educated consumers' for encryption technology.

Another iMessage/iOS design flaw (in the context of its "end-to-end encryption") is that you can't disable iCloud sync for the messages alone. It's an all or nothing proposition. It would be good if in iOS 9.3 they'd allow iMessage sync to be disabled, or even better keep it disabled by default, even when you enable "iCloud sync" (it is after all supposed to be end-to-end encryption, not "end-to-end encryption with centralized storage in our cloud", at which point saying iMessage is E2E is just a misnomer).

Actualy I think that messages are only kept until all registrered devices (at reception time) get them. For instance if you register a new device to iCloud you never get previous messages (otherwise San Bernadino case is moot cause they could have access this history).

I think there is also an expiration time limit running from the moment the first device receive a message for the others devices to get the same message, but we are in undocumented territory about that AFAIK...

It's my understanding that iMessage encrypts messages using the public keys of all devices the recipient owns. The server would only store that ciphertext, which is useless without the private key only available to the recipient.

Is this different when iCloud is enabled?

This is true for transit.

However once the message has been delivered onto the device, they're either stored in plaintext, or backed up in plaintext (with the backup itself being encrypted with a key Apple has)

In saying that... I'm now wondering why they aren't encrypting the messages using the passcode like other sensitive data. I guess so the backup can be restored onto another phone and have the messages persist.

The problem is iCloud Backup -- it really should work in a way which doesn't give Apple unlimited access. Yet, allow restore onto new devices, without requiring users memorize long passwords, and without a bunch of confusing options or steps for most users.

It's a fairly hard problem to do very well. What they do today isn't particularly close to "very well", so even some easy improvements could make it a lot better.

This is plainly wrong the device is fully encrypted RTFM https://www.apple.com/business/docs/iOS_Security_Guide.pdf

PS: But yeah the optional iCloud backup is currently the weak spot.

The blog post and paper has been submitted here: https://news.ycombinator.com/item?id=11332377

Unfortunately (or fortunately?) not a jailbreak.

Wish we could ban WaPo links unless accompanied by a way to actually read them. WaPo's firewall is incredibly annoying lately.

It would be nice if all links to a paywall had a "(Paywall)" in the title, that way we'd get less complaining about paywalls, and less complaining about complaining about paywalls.

...and less solutions to complaining about complaining about paywalls!

It's odd that for how much complaining happens about ads on HN, there's pretty much always just as much scheming about paywalls.

Though I get why it's nicer to prefer non-paywalled sources if it exists...

It's odd only if you imply that revenues of these media must stay at the same level as now.

There seems to be an interesting tension between Hacker News readers who complain about ads and those who complain about paywalls -- realistically the money to pay for journalism has to come from somewhere, right?

What firewall? I've been able to read them all fine.

There's a cookie-based article per month limit.

uBlock Origin seems to be able to get around it.

For Safari, I went ahead and added the rules missing from uBlock from uBlock Origin too. This seems to have helped somewhat (Forbes wall etc.)

Worked for me by clicking the web link at the top of the page (ie; accessing through a Google search) and opening it in a private tab

I feel the same about NYT links. Incognito isn't doing the job anymore for me on that site.

That'd conflict with the wish to link to the original source quite often, considering how much original reporting is done by the NYT. Maybe a story should have two links – one to the original and one to the buzzfeed rehash that is published 10 hours later?

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact