Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Related tweets from one of the researchers:

- Christina Garman,@matthew_d_green, Gabriel Kaptchuk, Michael Rushanan, and I found some crypto exploits in iMessage

- Details, blog post, paper, etc to come after Apple ships the patch.

- And now you have 14 hours to guess what the attack is. As a hint, no, its not a bug in how Apple stores or encrypts attachments.

https://twitter.com/secparam



If it's not how it stores or encrypts attachments, it means it has to do with the way apple handles them while they aren't encrypted, right? Is there any other attack vector if we're assuming the encryption itself is secure?


from the article it sounds like they allow people to brute force the key. possibly via a timing attack?


From the article it sounds like bull - unless something is seriously awry you should be getting no indication that individual bits of your key are right or wrong, as they describe.

I'll await the paper.


I think it's generally called an oracle and are usually very useful when it comes to breaking crypto


Oracles normally operate on plaintext or ciphertext, not key material directly.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: