Apple Shoots Down QuarkLabs, Says it Really can’t Read Your iMessages

| Analysis

Apple said it can't decrypt any communication sent through its iMessage service, but security research firm QuarkLabs claimed its research shows otherwise. Now Apple is firing back saying QuarkLabs is wrong and that decrypting our messages would require a re-engineering of the service. In other words, Apple really can't read what we say through iMessage.

Apple says again it can't decrypt iMessage conversationsApple says again it can't decrypt iMessage conversations

In a statement to AllThingsD, Apple spokesperson Trudy Muller said,

iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.

Apple uses end-to-end encryption in iMessages, which means only the sender and the recipient have the keys necessary to read a conversation. QuarkLabs said that Apple could present each end of a conversation with its own security keys while posing as both participants, and then eavesdrop.

That's known as a man in the middle attack and, according to Apple, the iMessage system is set up so it can't do that. QuarkLabs, however, thinks Apple could if it wanted to.

Security researcher Ashkan Soltani said what QuarkLabs has really shown is that "it’s very difficult, but not impossible, for an outside attacker to intercept messages if they’re able to control key aspects of the network. Probably not something that just any actor can do, but definitely something a state/government actor or Apple themselves could do, if motivated."

In the end, it looks like both Apple and QuarkLabs are right. Apple could intercept and decrypt our private conversations through iMessage, but it doesn't have a system in place to make that possible. That's a bit like saying you can fly to the moon tomorrow: It could happen, but the likelihood it will is infinitesimally small.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

5 Comments Leave Your Own

gkhudyan

They said they can’t see it but they didn’t say the NSA can’t see it.  Apple did want permission from the NSA and the Courts to disclose the extent of their sharing.  So they are sharing.

I’m not a conspiracy theorist but the leaked information did show that Apple is part of the network cooperating with the NSA.

Intruder

It is now a case of “he said, she said.”

vpndev

>So they are sharing.
>
>I’m not a conspiracy theorist but ...

Actually, it’s quite clear that you are.

gnasher729

gkhudyan, what you post is nonsense.

Apple wanted permission to disclose the amount of information they give to the NSA. For all we know, that amount is zero, but Apple isn’t allowed to say so. They are not even allowed to say they want permission to disclose that they are not sharing anything.

There is no evidence that Apple has been working with the NSA whatsoever. There was a much repeated report that quoted non-existing Apple employees at a non-existing Apple department admitting to lots of things; that report was totally made up and supposed to be either funny or satire but failed to be either.

And if you had the slightest clue how encryption works then you would know that it is impossible for the NSA to read any iMessages. Apple sends the public key of the receiver to the sender; the sender encrypts the message, sends it to Apple which cannot read it because they don’t have the private key, and Apple sends it to the receiver which is the only one in the world capable of reading the message. QuarkLabs said, quite correctly, that due to their position in the middle Apple could send a fake public key to the sender, decrypt and store the message, re-encrypt it with the real public key and send it to the receiver (which didn’t happen, because you can’t keep something like that secret). The NSA or anyone else is _not_ in the middle and has no way to do that.

gnasher729

Intruder: It’s not a case of “he said, she said”. “He said, she said” applies to a situation where two people and nobody else know the truth, but both say the opposite, so we know that one of them is lying. And if we have no more information, then unfortunately there is a 50% chance that he is a liar, and 50% that she is.

In this case, Apple knows the truth, whatever the truth is, but QuarkLabs is just speculating. We _know_ that QuarkLabs is just speculating. It is not impossible that they are right and Apple is lying, but there is no evidence for that at all.

Log-in to comment