Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Says iMessage Interception Would Require Re-Engineering Systems, Has No Interest in Doing So

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,453
30,656



ios_7_messages_icon.jpg
Yesterday, researchers made a presentation at the Hack in the Box conference arguing that Apple's iMessage system could theoretically allow Apple or another party to intercept the encrypted messages. The concern stems in part from Apple's use of a private server for storing users' public keys used to encrypt messages, meaning that senders have no way of knowing whether a potentially false key has been inserted in order to intercept messages intended for a different recipient.

In a statement to AllThingsD, Apple once again denies that it can read iMessages, noting that it would require the service's systems to be re-engineered and that the company has no interest in doing so.
Apple says that QuarksLab's theory is just that -- a theory, and one that would require a rearchitecting of iMessage for it ever to be a threat in the real world.

"iMessage is not architected to allow Apple to read messages," said Apple spokeswoman Trudy Muller said in a statement to AllThingsD. "The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so."
Click to expand...
Apple's statement does not actually refute the original claim, simply confirming that as the service is currently configured it is impossible for Apple to intercept iMessages. The researchers' argument rests on the observation that changes could be made to Apple's systems to allow for iMessages to be intercepted without users being aware of the changes.

The result is that Apple is arguing users should trust that the company has no interest in making such changes, and if users take Apple at its word, the researchers' concerns remain merely theoretical. But some users may remained concerned that Apple could be quietly compelled to make changes by government security agencies, compromising Apple's touted "secure end-to-end encryption" for iMessage.

Article Link: Apple Says iMessage Interception Would Require Re-Engineering Systems, Has No Interest in Doing So
 
Article Link
https://www.macrumors.com/2013/10/18/apple-says-imessage-interception-would-require-re-engineering-systems-has-no-interest-in-doing-so/
M

mattymo

macrumors newbie
Oct 10, 2011
24
2
WI
One should reasonably assess that anything transmitted as data over the air or online could be seen by someone somewhere and that a user should have some bit of trust or hope that no one is reading their stuff. If you don't, then you should wax seal letters and mail or deliver them to your recipient yourself.

Personally, I don't care if an Apple employee knows that I'm iMessaging my wife that I'm on my way home from work.
 
Solver

Solver

macrumors 65816
Jan 6, 2004
1,220
3,192
USA
Apple has no plans or intentions to re-engineer the iMessage system, unless Home Land Security "requests" it.
 
TheRainKing

TheRainKing

macrumors 6502a
Jun 11, 2012
999
535
Big companies never lie, I see no reason not to trust them. :D

At least it's not Google!
 
Last edited:
newyorksole

newyorksole

macrumors 603
Apr 2, 2008
5,085
6,381
New York.
Once again... APPLE DOES NOT CARE ABOUT YOU, JUST YOUR MONEY. They don't care about your texts. Obviously there is some way that they can view, but you'll never know. They can easily lie to you.
 
T

TheNewDude

macrumors 6502a
Mar 17, 2010
752
0
mattymo said:
One should reasonably assess that anything transmitted as data over the air or online could be seen by someone somewhere and that a user should have some bit of trust or hope that no one is reading their stuff. If you don't, then you should wax seal letters and mail or deliver them to your recipient yourself.

Personally, I don't care if an Apple employee knows that I'm iMessaging my wife that I'm on my way home from work.
Click to expand...

I do understand why Privacy is a big issue and a hot topic. I also understand how we need to fight for our privacy and make companies be accountable.

With that being said, I agree with MATTYMO. My iMessages aren't nearly important enough to anyone, other than the communicating parties, to bother reading.
 
rhino7

rhino7

macrumors member
Jun 23, 2010
77
39
“The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”

Falls some way short of saying that Apple will never do so.
 
Rogifan

Rogifan

macrumors Penryn
Nov 14, 2011
24,116
31,140
Why does it matter. The Alex Jones's of the world are going to believe what they want to believe no matter what.
 
firedept

firedept

macrumors 603
Jul 8, 2011
6,277
1,130
Somewhere!
Ah, the dreaded message read by some mystery organization! LMAO! Oh how people love drama! My belief is that, if you are doing nothing wrong, then you have nothing to worry about.
 
V

vpndev

macrumors 6502
May 11, 2009
288
98
a non-issue

MacRumors said:
some users may remained concerned that Apple could be quietly compelled to make changes by government security agencies, compromising Apple's touted "secure end-to-end encryption" for iMessage
Click to expand...

Apple could indeed be pressured or compelled but that has nothing to do with the issue raised by these researchers. Key substitution is a vulnerability. Even more so is the fact that Apple controls all the client code for Messages both on iOS and OS X. And the code for key generation. As well as the servers.

These are much easier compromises, should a government agency wish to access the message traffic. Why mess around with key-substitution when you can undetectably copy the user's private key from the Mac or iPhone? Since Apple controls the client code, it could easily do this and undetectably forward it to a central storage location.

And, no, I am not at all concerned that Apple might do this.
 
bbeagle

bbeagle

macrumors 68040
Oct 19, 2010
3,541
2,981
Buffalo, NY
ANY data which is transmitted across the internet may be intercepted by someone. Nothing is safe - you MUST trust companies/people.

Why this Apple-centric bashing?

Facebook employes can read your posts, Citibank employees can see your bank transactions, Google employees can know what all your searches are.

This is no less secure than anything else done on the internet.
 
Rogifan

Rogifan

macrumors Penryn
Nov 14, 2011
24,116
31,140
I'm still waiting for the outrage over Amazon's mayday service that allows Amazon support to remotely control your device. Also, where's Al Franken's letter to HTC with all his concerns over the fingerprint scanner in their new phablet? Exactly what is HTC storing and where are they storing it? You'd think Al Franken would be concerned about this.
 
LV426

LV426

macrumors 68000
Jan 22, 2013
1,835
2,262
firedept said:
Ah, the dreaded message read by some mystery organization! LMAO! Oh how people love drama! My belief is that, if you are doing nothing wrong, then you have nothing to worry about.
Click to expand...

There is always a simple retort to a statement like this from the "Nothing to hide" brigade.

Do you have curtains in your home?
 
D

dennno

macrumors regular
Jul 22, 2011
120
0
People get far too paranoid over privacy especially for something based on theories. Most fail to realise that their messages are just not that important to warrant a re-engineering of an entire service.
 
J

jamesnajera

macrumors 6502
Oct 5, 2003
463
179
newyorksole said:
Once again... APPLE DOES NOT CARE ABOUT YOU, JUST YOUR MONEY. They don't care about your texts. Obviously there is some way that they can view, but you'll never know. They can easily lie to you.
Click to expand...

I think Apple truly does care about our security. Look at all the trouble Apple went to for storing Touch ID fingerprints in ARM's Secure Enclave. Do you think HTC does that with there new HTC ONE with fingerprint slide recognition? To act like AAPL does not make a real attempt to protect our information is wrong. Do you see ads in your Apple email? Meanwhile GOOG will whore out your information as fast as they can and throw ads constantly in your face (even more aggressively now, due to the lowering profit margins from ads).
 
2

2457282

Suspended
Dec 6, 2012
3,327
3,015
The cost of the reengineering effort ould be high enough that ven with a request from the NSA it would be make enough noise that we would be aware of it. As I stated in the original article, the real threat here is a rouge employee who inserts (I am assuming this cannot be done by hacking through the firewall). My hopes lies in that Apple has sufficient policies in place that the chance of th rouge employee actually doing this (even a mole from NSA) would be remote at best. And again, if that happened, we would hear about it pretty quick.
 
M

metallicpail

macrumors newbie
Apr 13, 2010
6
8
Still better than the alternatives

Theoretically everything you do online can be hacked, spied on etc.
Fact is iMessage is more secure than all other alternatives (SMS, Whatsapp etc). At least it's encrypted and only apple would be able to decrypt it (with some work).
So instead of bashing on apple, why don't you address the other services to be more secure, or better yet, address your concerns to your local gov. representative to stop this 'NSA-spy on everything they want without any check' bullS**T.
 
rhino7

rhino7

macrumors member
Jun 23, 2010
77
39
bbeagle said:
ANY data which is transmitted across the internet may be intercepted by someone. Nothing is safe - you MUST trust companies/people.

Why this Apple-centric bashing?

Facebook employes can read your posts, Citibank employees can see your bank transactions, Google employees can know what all your searches are.

This is no less secure than anything else done on the internet.
Click to expand...

Who's bashing Apple? The article and the subsequent comments simply point out that although Apple has stated that iMessage is encrypted (and that Apple can't read the messages) but it would be possible for Apple to read them even if a little engineering effort were needed. I don't believe that any of the other companies that you quote are making claims that they can't read personal data.
 
WaxedJacket

WaxedJacket

macrumors 6502a
Oct 18, 2013
690
1,071
Let's just go back to passing secret notes in class if we're worried about information leaking out. I go about my day knowing anything and everything I do online could be compromised. Which is why I don't store anything important online or send anything I wouldn't want read in public. Not to sound too paranoid but if a company said "100% secure e-traffic" would you believe them? I wouldn't.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom