Security Researchers Claim Apple is Capable of Decrypting iMessages

| Analysis

Privacy?Security researches have published a report on Apple's iMessage encryption, and according to that research, Apple has the ability to decrypt and read our iMessage texts. This, despite the fact those messages are encrypted end-to-end and despite the fact Apple claimed that it could not decrypt them.

The report was published on Quarksblog by Fred Raynal, and Mashable noted it was researched with the help of iOS hackers "pod2g" and "gg."

The short version of the report is that the researchers confirmed that iMessage texts are encrypted end-to-end, which means that the devices sending the messages are handling the encryption. End-to-end decryption makes it far harder for communications to be intercepted and decrypted by third parties.

On its own, this is great, but the researchers also found that the encryption keys are controlled by Apple through a server, and that means that Apple could technically decrypt those messages, either for its own corporate edification (doubtful) or at the behest of law enforcement or the National Security Agency.

From a blog post on the report:

What we are not saying: Apple reads your iMessages. [Emphasis added]

What we are saying: Apple can read your iMessages if they choose to, or if they are required to do so by a government order. [Emphasis added]

As Apple claims, there is end-to-end encryption. The weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages.

Also remember that the content of the message is one thing, but the metadata are also sensitive. And there, you rely on Apple to carry your messages, thus they have your metadata.

Now, you can read the article or jump to end of the article where we summarized it.

This report comes in the aftermath of Edward Snowden's far ranging disclosure of the U.S. National Security Agency's (NSA) data collection practices in the U.S. Those disclosures included accusations that Apple, Google, Facebook, Microsoft, and a who's who of other major tech companies were all cooperating in varying degrees with the NSA's collection efforts.

Most of those companies—including Apple—denied giving the NSA backdoor access or doing anything other than complying with lawfully issued warrants for user information. Apple also claimed that it could not access messages going through its very popular iMessage service because those communications were encrypted end-to-end.

The researchers' efforts suggest that while Apple's statement was accurate, it may not be all of the story.

Comments

vpndev

This really is non-news “news”.

So “[t]he weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages”.

I am shocked, SHOCKED by this. /s

Really folks - Apple also controls all the application code for Messages, the servers, and the keygen mechanism. Given that amount of control over Messages traffic, can anyone claim with a straight face that “infrastructure” is the problem ??  Really ???

Lee Dronick

Spot on vpndev

Log-in to comment