Apple Shoots Down QuarkLabs, Says it Really can't Read Your iMessages

Apple said it can't decrypt any communication sent through its iMessage service, but security research firm QuarkLabs claimed its research shows otherwise. Now Apple is firing back saying QuarkLabs is wrong and that decrypting our messages would require a re-engineering of the service. In other words, Apple really can't read what we say through iMessage.

Apple says again it can't decrypt iMessage conversationsApple says again it can't decrypt iMessage conversations

In a statement to AllThingsD, Apple spokesperson Trudy Muller said,

iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.

Apple uses end-to-end encryption in iMessages, which means only the sender and the recipient have the keys necessary to read a conversation. QuarkLabs said that Apple could present each end of a conversation with its own security keys while posing as both participants, and then eavesdrop.

That's known as a man in the middle attack and, according to Apple, the iMessage system is set up so it can't do that. QuarkLabs, however, thinks Apple could if it wanted to.

Security researcher Ashkan Soltani said what QuarkLabs has really shown is that "it’s very difficult, but not impossible, for an outside attacker to intercept messages if they’re able to control key aspects of the network. Probably not something that just any actor can do, but definitely something a state/government actor or Apple themselves could do, if motivated."

In the end, it looks like both Apple and QuarkLabs are right. Apple could intercept and decrypt our private conversations through iMessage, but it doesn't have a system in place to make that possible. That's a bit like saying you can fly to the moon tomorrow: It could happen, but the likelihood it will is infinitesimally small.