Apple’s iMessage Not As Secure as You Think Says Hacker Pod2g

Not so long ago, hot on the heels of the PRISM scandal, Apple stated that iMessage conversations were protected by end-to-end encryption, and that not even Apple could decrypt that data. But is Apple’s claim true? Not as you think, says famous hacker and key player of the jailbreak landscape, Pod2g, aka Cyril Cattiaux (via iDesignTimes).

Pod2g and his colleague GG (both work at QuarkLabs) have studied Apple’s iMessage protocol for quite some time, and they have found flaws in the system. This means that Apple’s claims that it can’t read your iMessage isn’t quite true.

Does this mean Apple is reading your iMessage? Probably not, but is certainly raises privacy concerns. Here is what Pod2g says:

“We haven’t seen any evidence that Apple has read iMessages of people. We would have these evidences if they had tried to spy us. But it’s not the case. Also, nobody can prove they [Apple] did the design flaw intentionally to spy on people. It may be, or it is just a consequence of another choice. Only Apple can know.”

Cammy writes: I then asked him how he thought Apple would respond to the news that he and his QuarksLab teammates had discovered this flaw in iOS iMessages. To that @pod2g replied, “We are really curious on how Apple would fix that, and if they want to.”

This isn’t this first time the hacker and security researcher points to flaws in Apple’s iOS. it has discovered that SMS messages can be spoofed. But this time, iMessage’s encryption is a timely question, especially as consumers fight for their privacy.

Pod2g and his colleague GG plan to reveal all the details and discuss the issue during the HITB 2013 in Malaysia, scheduled to take place October 17–18.