Vulnerability in iMessage opens access to the correspondence users
Experts in the field of information security from Johns Hopkins University have discovered a way to hack the correspondence in the messenger iMessage for iPhone and iPad. The attack involves the use of the method Ciphertext attacks based on the ciphertext.
Experts discovered vulnerability allows to access to all correspondence between the two users, and also sent photos and videos. Interception of data is carried out using stolen TLS certificate, or by gaining access to the Apple servers.
When you use attacks based on the ciphertext data can be transmitted directly to criminals. Despite the fact that the security system of the iPhone and iPad is able to protect the gadgets from the installation of malicious software and other similar problems, the likelihood that the user’s safety may be under threat, still exist, the researchers said.
According to them, they have long called for Apple to solve the iMessage encryption algorithm to explore third-party experts, but in Cupertino refused to take this step. Now, corporations may have to “completely change the entire security service.”
Apple representatives said that they knew about this vulnerability and has taken the necessary measures. According to some, the security gap was partially closed in iOS updates 9.3 and OS X 10.11.4. While there is no evidence that it was used for criminal purposes.