In the last few weeks, nearly everyone (including us) has praised Apple for remaining steadfast in their refusal to help the FBI break into an encrypted iPhone. In the midst of all that praise, we forgot one thing: breaking into Apple products sometimes isn’t all that hard.
A team of researchers at Johns Hopkins University recently discovered a way to access and decrypt photos and videos sent via iMessage.
First, they intercepted an encrypted message sent from an phone running outdated software by creating software that poses as an Apple server. Then, they were able to repeatedly guess at a 64-character decryption key that corresponded to an encrypted photo on Apple’s iCloud servers. Once they found the correct key, they could download the photo from Apple’s server and view it.
If you are busy patting yourself on the back over owning an Android phone and therefore being free of this problem, stop patting. Fewer than 10% of 1.4 billion(!) Android phones are encrypted, while iPhone encryption clocks in at a 95% rate. Why so low? Likely because Google licenses Android absent any requirements in that department.
Google gives away its Android software to attract more users to its services. Google requires device makers to comply with certain requirements to use the Android brand and key Google services such as search and maps. Ultimately, though, device makers are free to use the software as they wish.
Bottom line: everything is unsafe and you should probably return to carving hieroglyphs on tablets you then bury in the desert or using carrier pigeons or something.
Featured image: “ Thief or hacker hacking smartphone by key” from Shutterstock.