Share:

We Can’t Read Your iMessages, Apple Says [u]

Share:

iMessage-ios7

Pod2g and his team’s iMessage report made waves among security researchers and privacy-sensitive iOS users: despite earlier claims, Apple is able to read our iMessages, they pointed out in their presentation at the Hack in the Box conference. Apple’s answer came fast: no, they can’t read your iMessages, and they don’t want to either.

As we previously reported, Pod2g and his partner at QuarksLab, GG, have published their most recent findings about Apple’s iMessage: while the company claims iMessages have end-to-end encryption, the system’s weakness is that Apple controls the key infrastructure. This also means that they can access your text messages at any time, just as you can recover your earlier iMessages on a new iDevice once you sign in to your Apple account.

Since Apple controls the key infrastructure, users have to trust the provider — in this case the Cupertino-based company — that it won’t read their text messages and won’t give their public key to a third party, the NSA for instance. The main problem is that trust has always been an issue with public keys, according to Pod2g.

Apple’s answer wasn’t delayed: a company representative contacted AllThingsD and corroborated their June statement and their commitment to user privacy.

In other words, iMessage is built to avoid attacks, not to give attackers the green light, Apple says.

“iMessage is not architected to allow Apple to read messages,” said Apple spokeswoman Trudy Muller said in a statement to AllThingsD. “The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”

However, since big tech companies such as Skype and Lavabit were forced to enable interception capabilities in their system, it’s a no brainer that Apple was at least approached by the government, as security researcher Ashkan Soltani told AllThingsD.

Update: A video of the hack has been posted–watch it here.

Share:

  • Chrome262

    I am telling you, whether Apple can or can not, they are going to pretend the inability to access the messages to law enforcement. And they are panicking because of Pod’s white paper. I am not saying that Apple is all about protecting you from the man, its about cash. If Apple cannot help in giving your messages, they will avoid being sued, as well as loss of income and time helping the police. So by saying, “we can’t even if we wanted to” they avoid so many headaches. That is also why, they released this saying that it wouldn’t be worth it.

  • WestCoastStar

    I’m not sure why this is about Apple only. Don’t all providers require some central way of encrypting messages? BlackBerry for instance granted access to the Indian goverment as a condition to sell products there.

Deals