[Infowarrior] - Johns Hopkins researchers poke a hole in Apple’s encryption

[Richard Forno]

(x-posted)

(The money-quote is the last para I snipped, and only further supports the allegations, confirmed by Comey, that they didn't quite do 'everything possible' short of going to court over this matter.  Indeed the FBI wanted a legal and public precedent, and decided that running around the country and court system comically screaming "gimme some help now, dipschticks, because we're in hot pursuit!" ala Sheriff Roscoe from the 'Dukes of Hazzard' was the correct approach.  --rick)

Johns Hopkins researchers poke a hole in Apple’s encryption
By Ellen Nakashima March 21 at 12:01 AM

Apple’s growing arsenal of encryption techniques — shielding data on devices as well as real-time video calls and instant messages — has spurred the U.S. government to sound the alarm that such tools are putting the communications of terrorists and criminals out of the reach of law enforcement.

But a group of Johns Hopkins University researchers has found a bug in the company’s vaunted encryption, one that would enable a skilled attacker to decrypt photos and videos sent as secure instant messages.

This specific flaw in Apple’s iMessage platform likely would not have helped the FBI pull data from an iPhone recovered in December’s San Bernardino, Calif., terrorist attack, but it shatters the notion that strong commercial encryption has left no opening for law enforcement and hackers, said Matthew D. Green, a computer science professor at Johns Hopkins University who led the research team.

The discovery comes as the U.S. government and Apple are locked in a widely watched legal battle in which the Justice Department is seeking to force the company to write software to help FBI agents peer into the encrypted contents of the iPhone used by Syed Rizwan Farouk, one of two attackers who were killed by police after the shooting rampage that claimed 14 lives.

Cryptographers such as Green say that asking a court to compel a tech company such as Apple to create software to undo a security feature makes no sense — especially when there may already be bugs that can be exploited.

“Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” said Green, whose team of graduate students will publish a paper describing the attack as soon as Apple issues a patch. “So it scares me that we’re having this conversation about adding back doors to encryption when we can’t even get basic encryption right.”

< - >

https://www.washingtonpost.com/world/national-security/johns-hopkins-researchers-discovered-encryption-flaw-in-apples-imessage/2016/03/20/a323f9a0-eca7-11e5-a6f3-21ccdbc5f74e_story.html


--
It's better to burn out than fade away.