There are loopholes in Apple iMessage, and hackers still have a chance to invade.

Although Apple emphasizes that its iMessage service adds a peer-to-peer encryption mechanism to ensure that users' information will not be intercepted and recorded from it, according to the research of Johns Hopkins University in the United States, hackers may still steal iMessage information through ciphertext attacks.

According to the research led by Christina Gaman, a professor of computer science at Johns Hopkins University, although Apple has added a point-to-point encryption mechanism to its iMessage service, at present, data is only encrypted during network transmission. Once a hacker successfully steals the TLS security certificate of the system or gains access to Apple's remote server, there is still a way to directly access the file content transmitted by the user.

At the same time, Johns Hopkins University further pointed out that Apple did not update the encryption key regularly. Therefore, if a hacker gains access to the Apple server in the above-mentioned attack way, he can also steal the historical data of iMessage service backed up in iCloud in the same way, and even if the user stays online or offline, he can successfully obtain the past chat content.

At the same time, however, the research content points out that in order to realize this hacking method, it is necessary to at least reach the scale of national attack, or the hacker himself has super-high attack technology and considerable assistance resources, which means that if a state agency tries to obtain the information left by a specific user in iMessage service, it is still possible to "force" Apple to hand over this information through national resources.

At present, Apple has corrected this problem, but still advises users to avoid transmitting personal privacy information through iMessage service.

Published in the life network software market and marked as Apple hacker imessage.