Apple’s iMessage Encryption Too Tough for FBI

| Analysis

EncryptionIt services 2 billion messages a day—or more, that was in the fall—and all those messages have one thing in common: U.S. law enforcement can't intercept them. CNet reported that the the FBI alerted law enforcement agencies around the country that messages sent to and from iOS devices and/or Macs through iMessage are encrypted too well to be cracked.

From the Intelligence Note: "While it is impossible to intercept iMessages between two Apple devices, iMessages between an Apple device and anon-Apple device are transmitted as Short Message Service (SMS) messages and can sometimes be intercepted, depending on where the intercept is placed."

"The outcome seems to be more successful if the intercept is placed on the non-Apple device," the FBI added.

FBI Intelligence Note

Part of the FBI's Alert, Courtesy of CNet

In other words, due to end-to-end encryption, attempts to listen in on iMessage messages fail when the message is going across Apple's service from Apple device to Apple device. If the message is going from an Apple device (really, an iPhone) to a non-Apple device (i.e. another mobile phone), the message is sent as an SMS message across carrier equipment, where law enforcement can intercept it.

According to the Intelligence Note, which was issued in February of 2013, the problem came to light when a DEA investigation in San Jose discovered that a bunch of SMS messages turned over by Verizon did not represent a complete record of communications by the suspects of the investigation. The missing messages were iMessage communications.

So what's a big brother to do? To change this would seemingly require either Apple's cooperation in building a backdoor into iMessage that can be utilized by law enforcement or legislation that would require Apple to provide such a back door. In a related note, this has got to drive the Chinese government nuts. If not already, it soon will.

Law enforcement has always been in a race with new technology when it comes to keeping track of the bad guys. This has accelerated along with the pace of innovation, especially in the high-tech world, and peer-to-per encryption is one of those things that puts the balance of power on the side of privacy, including the privacy of criminals.

One final note: It's interesting that Gizmodo managed to take this story for a negative spin (don't click if you don't want to reward the effort), telling the tale mixed in with complaints about how much the author doesn't like iMessage, either.

You know, as if super awesome encryption is a bad thing that reinforces and affirms her dislike of Apple's service. It's kind of whacky, truth be told, and just more of the stupid that gets written about Apple these days.

Encrypted lock image courtesy of Shutterstock.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

Lee Dronick

In a related note, this has got to drive the Chinese government nuts. If not already, it soon will.

Oh yeah.

Lancashire-Witch

I Like iMessage. From a user perspective it works well.

Although I didn’t get the idea from the FBI alert that iMessages are “too well encrypted to be cracked” - just that messages sent and received on apple devices messages cannot be intercepted.

Or have I mis-interpreted it?

David Wilson

“Although I didn’t get the idea from the FBI alert that iMessages are “too well encrypted to be cracked” - just that messages sent and received on apple devices messages cannot be intercepted.”

You are more correct than the writer of the article, but really all the intelligence note is saying is that the FBI agents should be aware that iMessages between two iPhones are not SMS text messages and will not show up in a list of SMS messages if you ask the phone company for a “pen trap” or a list of the SMS messages sent and received. Pen traps can be requested on just “probable cause” instead of requiring a warrant.

The intelligence note does NOT say iMessages are too well encrypted to be cracked. It just makes agents aware that they ARE encrypted, as opposed to SMS messages which are not. So in sum, all the note is saying is that SMS messages can usually be tracked and read without a warrant and without any special decryption needed. Whereas iMessages would probably require a warrant (given to Apple, presumably) and are considered encrypted and therefore would probably require decryption assets.

Weaselspleen

David Wilson is too polite. The title of this article is [expletive deleted]. iMessage is not “too tough to crack”, it’s just actually encrypted, versus something that is not encrypted.
It’s like saying that a letter in an envelope is “too tough to read” just because it’s not a frickin’ postcard.
More sensationalist clickbait journalism leading us down the road to imbecility.

Log-in to comment