Pod2g and his team’s iMessage report made waves among security researchers and privacy-sensitive iOS users: despite earlier claims, Apple is able to read our iMessages, they pointed out in their presentation at the Hack in the Box conference. Apple’s answer came fast: no, they can’t read your iMessages, and they don’t want to either.
As we previously reported, Pod2g and his partner at QuarksLab, GG, have published their most recent findings about Apple’s iMessage: while the company claims iMessages have end-to-end encryption, the system’s weakness is that Apple controls the key infrastructure. This also means that they can access your text messages at any time, just as you can recover your earlier iMessages on a new iDevice once you sign in to your Apple account.
Since Apple controls the key infrastructure, users have to trust the provider — in this case the Cupertino-based company — that it won’t read their text messages and won’t give their public key to a third party, the NSA for instance. The main problem is that trust has always been an issue with public keys, according to Pod2g.
Apple’s answer wasn’t delayed: a company representative contacted AllThingsD and corroborated their June statement and their commitment to user privacy.
In other words, iMessage is built to avoid attacks, not to give attackers the green light, Apple says.
“iMessage is not architected to allow Apple to read messages,” said Apple spokeswoman Trudy Muller said in a statement to AllThingsD. “The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”
However, since big tech companies such as Skype and Lavabit were forced to enable interception capabilities in their system, it’s a no brainer that Apple was at least approached by the government, as security researcher Ashkan Soltani told AllThingsD.
Update: A video of the hack has been posted–watch it here.