Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Is Apple's iMessage Encryption Really Unbreakable? In a Word, No.

October 24, 2013

InfoWorld recently reported that, according to researchers, a close look at Apple's iMessage system shows the company could easily intercept communications on the service despite its assurances to the contrary. Apple said in June, after the NSA disclosures, that iMessage, which lets users send texts over Wi-Fi for free, is protected by end-to-end encryption that makes it impossible for Apple or anyone else to descramble the messages.

But researchers at the Hack in the Box conference in Kuala Lumpur showed it would be possible for someone inside Apple, of their own volition or because they were forced to by a government, to intercept messages. The researchers emphasized they have no indication that Apple or the government is reading iMessages, just that it would be possible to do so.

Apple said in June that it first heard about the NSA's Prism program only when it was asked about it by news organizations. "We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order," Apple said. But one of the documents released by NSA contractor Edward Snowden indicated that Apple became part of Prism in October 2012. Hmmm.

Apple uses public key cryptography to encrypt iMessages between the sender and the recipient. But its system for managing public keys is opaque, the researchers said, making it impossible to know if iMessages are being sent to a third party such as the NSA. When someone sends an iMessage, the iOS device pulls the recipient's public key from Apple's non-public key server to create the ciphertext, or encrypted message. The iMessage is decrypted by the recipient using their private key.

The problem is "Apple has full control over this public key directory," according to a researcher.

iMessage's cryptography itself is solid, but it's been clear that Apple controlled the distribution of public keys, wrote Matthew D. Green, an assistant research professor in the Department of Computer Science at Johns Hopkins University, in an email.

"They've insisted to their customers that messages were encrypted 'end to end' and that they couldn't read the messages," Green wrote. "This is all technically true, but at the same time they know perfectly well that this could change easily if they wanted to misbehave. They just chose to be misleading."

My take? iMessage is best avoided.

E-mail: Phone: 703-359-0700

http://www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Is Apple's iMessage Encryption Really Unbreakable? In a Word, No.

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer