Apple’s iMessage system has a cryptography flaw that allowed researchers to decrypt a photo stored in iCloud, the Washington Post reported on Sunday. Here to comment on this news is Security Experts from Tripwire.
Tim Erlin, Director, Security and IT Risk Strategist at Tripwire:
“When researchers and software companies work in partnership around security research, the systems in use become more secure.
The idea of encryption is simple to comprehend, but implementation in the real world is fraught with difficulty. Many of the security defects we’ve seen with encryption systems are problems in the implementation, rather than the math itself.
The publication of this vulnerability, and Apple’s patch, should have little bearing on the San Bernardino case. A researcher made Apple aware of a defect and Apple is issuing a fix. This kind of interaction is common in software.”
Craig Young, Security Researcher at Tripwire:
“The use of end to end encryption can prevent all users from being exposed when a central server is breached. This forces attackers to target individual end devices, making attacks more costly and time consuming. This does have a parallel with the FBI vs. Apple case as many technologists have speculated that the FBI could access the shooter’s phone if they decide to put in the effort. For example, the secure enclave can be backed up and the CPU serial number read so that the autowipe is bypassed or the encryption can be cracked offline. This is of course undesirable for the FBI as the process takes time and money on a much different scale from what it took when Apple could simply bypass the security measures of phones.”
[su_box title=”About Security Experts” style=”noise” box_color=”#336588″][short_info id=”59580″ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.