Researchers Claim Apple Can Potentially Access Encrypted iMessages [Updated]

[throttlemeister]

How iMessage may work
(at a high level, various optimizations exist to avoid overhead after initial key exchange, etc)...

Bob wants to send an message to Sue.

Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.

Apple informs Sue of an message request and is handed Bob's public key.

Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.

Apple informs Bob of Sue's public key.

Bob encrypts his message to Sue using Sue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.

Apple informs Sue of Bob's message.

Sue decrypts the message from Bob using her private key.

Under this model only Bob and Sue have their private keys and hence only they can decrypt messages originating from their devices

...HOWEVER, since Apple is the mediator of the public keys between Bob and Sue Apple could give Bob a public key of their own claiming it was from Sue. This would then allow Apple to decrypt messages from Bob heading to Sue. Apple can do the same thing with Sue. Then Apple would be able to get messages from Bob, decrypt them, look at the message, then re-encrypt it before passing it along to Sue. The man in the middle model...

Bob wants to send an message to Sue.

Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.

Apple generates a private key and a FakeBob public key of their own.
Apple informs Sue of an message request and is handed FakeBob's public key.

Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.

Apple generates a private key and a FakeSue public key of their own.
Apple informs Bob of FakeSue's public key.

Bob encrypts his message to Sue using FakeSue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.

Apple decrypts message, looks at it, and then re-encrypts message using Sue's public key.
Apple informs Sue of Bob's message.

Sue decrypts the message from Bob using her private key.

Personally I trust Apple to NOT do this and favor the simplicity of their method despite a man in the middle weakness internally in their system. They could prevent this but at the cost of trust being established between Bob and Sue in a more complex and cumbersome way... not ideal for typical users of iMessage.

...personally not sure how this is news or a surprise, with the intentional simplicity and ease of use of the iMessage solution you have to assume Apple will be a good actor on your behalf...

And this is exactly how the NSA and GCHQ have run MITM attacks on amongst others Google. It would not be a problem for the NSA or other agencies to demand Apple to install software to do just that, or have that agency do that. And we would never know, as Apple would be forced to keep it secret.

So, while I agree that Apple would not listen to us, I would not be too quick to dismiss intelligence agencies abusing the exact possibility. Lavabit anyone?

 

[9000]

How would the encrypted messages not be accessible by Apple? I knew their statement was BS from the start.

----------

So, while I agree that Apple would not listen to us, I would not be too quick to dismiss intelligence agencies abusing the exact possibility. Lavabit anyone?

I'd be more worried about Apple, Google, etc accessing my messages than the US government. Don't send intellectual property over Gmail.

----------

Why should we believe a jailbreaker?

Because it makes sense anyway.

 

[captain kaos]

Why should we believe a jailbreaker?

What?!

It doesn't matter if the guy is a jailbreaker or not, he's saying how the imessage encryption works and that it is not unbreakable. You're being a bit elitist there by saying his information is invalid just because he jailbreaks.

 

[3282868]

How iMessage may work
(at a high level, various optimizations exist to avoid overhead after initial key exchange, etc)...

Bravo! A well written explanation, especially great for those who may not be as tech savvy at the moment. Thank you for taking the time for us.

 

[Surreal]

… Apple could use you iTunes account credit card information

So… You're saying Apple is stealing our credit card information.








</joke>

 

[diddl14]

"The company's claim that iMessage is protected by unbreakable encryption is just basically lies"
I don't see the lie. The encryption itself is not broken, is it?

That the protection can be surcumvented is a complete different story. Apple claimed that "conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them". Also that still holds.

Just because it is theoretically possible (for apple) to perform a man-in-the-middle attack, doesn't mean that the infrastructure has been put in place to do so.

Clearly since it is Apple software from beginning to end, Apple can put something in place to intercept/read/copy the message. Not that it makes sense for them to do so, but yes, technically I'm sure they can.

But nice headline. Pretty sure it will be on every tech-blog/news-service in the next 24 hours..

 

[gnasher729]

NSA tells apple CEO to provide them with the ability to decrypt messages and not tell anyone or go to jail for the rest of thier life'ish. They did it to google, microsoft and lavabit. You think apple dodged that?

If you followed the Lavabit reports, no, the NSA never talked to Lavabit. Law enforcement and a judge talked to them, but not the NSA. And the situation that Lavabit found themselves in was one that would have been avoided if they had Google's or Microsoft's lawyers.

There is no evidence that they "did it to google and microsoft".

 

[Zwhaler]

That's very naive and paranoid. However, it's not surprising given the NSA shenanigans going on. Fact is, unless you do have a working knowledge of security and encryption there's no basis to say that "anything and everything" can be accessed by the authorities. I can encrypt a file with 1024 bit encryption and email it directly to the NSA, but that doesn't mean they can see it.

I understand what you're saying, but really I'm talking about individuals like you and me that volunteer information to the web. That's what this is really about. When we put our information into a server that Yahoo, Facebook, Google, Apple, Microsoft, AT&T, or whoever, owns, then we are accepting that that data is now theirs. Data and information relating to personal identity, that is. Thank you for the counterpoint.

 

[joshdammit]

You missed my point. Someone claims that Apple could be spying on you using method X, and everybody gets all excited about it. When in reality any maker of phone devices who doesn't care about laws, ethics, reputation etc. could spy on you easily without leaving any traces.

This. Just because Apple CAN technically intercept our iMessages, doesn't mean they will. And if an unscrupulous employee with access to that system does, I imagine they can internally see who had access last to the system, at which point somebody would be losing their job. If our government can get caught doing this, Apple certainly can.

Calling it "basically just lies" is a pretty spiteful choice of words, however, and will only incite discord among those who read them. You can call people and companies out on being mistaken or incorrect about something, but when you use words like "lies," you're flat out accusing the other party of being knowingly deceptive and dishonest. When Apple says iMessage uses unbreakable encryption, they could very well mean as far as end-users go.

Now, as far as whether this enables Apple to easily hand our messages over to the NSA if they come a-knocking or not, that's certainly a valid concern.

 

[bigpoppamac31]

I've learned these days that anything and everything that has to do with information or data can be accessed by the authorities, illegal or not. We live in a surveillance state (in America). Notice how Yahoo and other service providers are pushing user "profiles" like Facebook, so they can make profiles on all of us. Next up is obviously fingerprint scanning. The conspiracy theorists weren't crazy after all.

Well at workplace (a grocery store) we "punch" in and out by scanning our hand. We input our 4 digit employee number and place our hand on the scanner.

 

[Zellio]

No. No one is interested in intercepting your messages.

Apparantly someone has been asleep since way before the patriot act and esp. since.

 

[trrosen]

This is news? We've only been subpoenaing SMS, iMessages, Skype, AIM, and every other message type out there for years. Not sure how some missed this other than sheer ignorance.

You can't subpoena an iMessage because even Apple doesn't know which ones go to which user. Sure apple could use a man in the middle attack to read a iMessage but they would have no idea whose they might get.

 

[charlituna]

Is anyone surprised?

That someone would make claims they can't prove, sure. Especially about Apple.

There might perhaps be a system for such info but who knows if it is tied together in any way that gives Apple access to finding out the key for any device, user etc. And they sure as **** aren't going to give up the whole database to anyone to potentially decrypt all messages for all users to fish for the folks they want.

So until any group can prove they can find the exact key etc this is FUD.

 

[iBreatheApple]

Not that it's okay but c'mon, did we really think Apple's encryption was so secure they couldn't potentially access the data themselves?

 

[Xerotech]

The fact that they're even encrypting these messages...

 

[OldSchoolMacGuy]

You can't subpoena an iMessage because even Apple doesn't know which ones go to which user. Sure apple could use a man in the middle attack to read a iMessage but they would have no idea whose they might get.

Wat? I've been part of many investigations where subpoenas for messages were used. Additionally it's not like we can't just pull every message they've received off of their phone. Neat fact, even every message you've ever deleted is available. Same with every contact you've deleted.

 

[/dev/toaster]

Of course they can ... the 3 letter agencies wouldn't allow it otherwise.

Sad, but true

 

[autrefois]

At this stage, I doubt if there's any telephony/messaging that can operate without government eavesdropping. It wouldn't surprise me if there's some kind of gagging order in place too to prevent those companies revealing that there's eavesdropping in place, or maybe even that eavesdropping is possible.

In light of all that has been revealed related to the NSA's various programs, which anyone can find out about with a quick search, that sounds plausible unfortunately.

No. No one is interested in intercepting your messages.

Put the tin foil hat back down.

I feel so ashamed now. Thank you for helping me see the error of my ways.

But seriously, Apple went out of their way to say that "conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them." This statement is untrue, at least as far as iMessage is concerned. So why should I trust Apple? Who's disconnected from reality?

I didn't say Apple was reading all our texts (and went out of my way to make that abundantly clear in my first post). Since Apple can intercept messages and since there have been reports of delayed or missing messages, I just thought it might be interesting to consider whether the two might be related.

 

[Corrode]

A much bigger problem is that iCloud backups are not stored encrypted. If you backup your messages to iCloud, Apple has no need to go to the trouble of intercepting your messages in transit.

I just googled it and apparently there's no way to turn off iCloud backing up iMessage. Not only that, apparently it keeps a copy of every attachment you've ever sent or received and you can't delete it unless you use a program to access the file system.

 

[orthorim]

Macrumors - the summary above needs to be upgraded to actually make sense. As it is it's useless. I read the MacWorld article and here is what happens:

1 - Your iOS device pulls the public key of the recipient from Apple's servers
2 - Your iOS device then encrypts the message with the public key
3 - At this point, the message is encrypted, only the recipient with their own private key can decrypt it. Note a private key is never sent to Apple, or anyone - nobody knows your private key, only your device does.

The researchers take offense in the fact that in step 1, you need to trust Apple to do the right thing. If they wanted to, they could send you a public key for the NSA, or for Apple, or whoever, and you'd never know. Then you'd encrypt your message and once it hits Apple's servers, the NSA or Apple or whoever could decrypt it, then encrypt it with the actual recipient's key, and send it along. That's the man in the middle attack.

It's all based on the fact that you need to trust Apple as a public key authority, and somewhat worsened by the fact that your message also passes through Apple's servers.

So yeah if Tim Cook wanted to, he could task engineering with setting up an intercept system on Apple's servers, and read all messages.

But if Apple did not build such an intercept system - and why would they - then nobody can read those messages, just as Apple stated.

So is it a lie? No it's not, at least not unless Apple decides to put a hole in their own system. My opinion is that those security researchers are full of it.

I am using GPG on my Mac OS X machine right now and what these security researchers are proposing - that the public key system be made transparent - is not really possible without giving up privacy data. Also nobody would bother to check - GPG is way better than it used to be, but it still takes a lot of work to be completely secure.

Apple's system automagically manages multiple iOS devices - they all have different private keys of course, so messages need to be encrypted with a different public key for each one. And it manages people adding and removing devices from iMessage AND it never, ever bothers the user with the details. It's utterly impressive Apple has managed to make security this simple. It's also much more secure because more people will use it.

PS: Addendum: Imagine the NSA puts a bunch of secret court orders on Apple to build an intercept facility into iMessage. Apple could comply but take a very long time to implement it - it's a very complex system, implementing an intercept is something only Apple can do, and they could just take 5 years to do it... then it might not work... there's a million ways Apple could stall this ...

----------

I just googled it and apparently there's no way to turn off iCloud backing up iMessage. Not only that, apparently it keeps a copy of every attachment you've ever sent or received and you can't delete it unless you use a program to access the file system.

Just turn off iCloud backup!

I back everything up on my computer. Works well.

If you wanted to you could also use a service like SpiderOak to back up your iOS backups. SpiderOak uses public key encryption and stores all your data encrypted with your private key. Even if they get a court order, they can't decrypt anything.

Seriously why would you hand the contents of your iOS device to the NSA? Of course they have access.

 

[Sakuraba]

How to beat NSA

There is an elegant simple solution to defeat this "NSA-********"!

Just create a list of suspicious words and sentences. Make an app that varies the sentences using these "suspicious" yet legal words in ad infinitum

Then incorporate these in EVERY MESSAGE YOU SEND!!

Point being,NSA:s supercomputers will collect all of them and "RED-FLAG" those text-messages and emails for further investigation...

Well, computers wont take on their coat and head out to their cars to interview suspects anytime soon- That will still be done by agents.

Problem for agents would be to sift through not thousands of "suspicious" messages everyday - BUT BILLIONS!!

It's one thing to investigate a couple of hundreds/thousands of individuals, but an entirely all together different thing to investigate 1. 000.000 or more people! That would be like investigating all people from the US, Europe and South America together...

So, as time goes by NSA computers will have to try and find other variables to look for and bring down the numbers - but so could we users (to bring up the numbers). We could set up automated messages in small circles of friends etc.

With some creativity we could make the numbers work in our favour. No doubt about it!

NSA would soon find themselves looking for "a needle in the haystack"! Problem is there would be millions of haystacks to choose from, so which one should they start searching?

 

[dol4n]

There is nothing to worry about here. Apple has forever stood behind protecting its loyal customers from abuses, be it government or corporate. Move on and forget this.

I actually think it is. Now with Cook at the steering wheel we can never again be sure.

With Steve there were no worries, but now...

For example, did this kind of news ever show up when Steve was CEO?

As I said before, it's time for iOS to merge with Andorid (iDroid) to become the perfect mobile OS that can be used on every device on the market. Win-win for both Apple and Google.

 

[Ramchi]

Who cares.

People keep going on about security but truth is in this age you will have registered for something somewhere and your details are out there, theres no going back.

If you have something so important and top secret its likely your not going to text it to someone. We never used to worry about it being intercepted but the threat thats always been there we dont seem to consider anymore is .... Whos reading the message on theother phone. You dont lnow its the intended person.

If Apple want to read my messages then by all means they can waste their life. If it makes them tingle in private places to invade my privacy then good for them but I've more important stuff to be doing.

This logic makes Apple technology unworthy of enterprise class. They can't just be lazy expecting their competitors not poking into their communication channel however unimportant the communication may be and guessing their luck.

 

[opinio]

I just assumed apple had access to everything lol

 

[knightlie]

How iMessage may work
(at a high level, various optimizations exist to avoid overhead after initial key exchange, etc)...

Bob wants to send an message to Sue.

Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.

Apple informs Sue of an message request and is handed Bob's public key.

Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.

Apple informs Bob of Sue's public key.

Bob encrypts his message to Sue using Sue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.

Apple informs Sue of Bob's message.

Sue decrypts the message from Bob using her private key.

Under this model only Bob and Sue have their private keys and hence only they can decrypt messages originating from their devices

...HOWEVER, since Apple is the mediator of the public keys between Bob and Sue Apple could give Bob a public key of their own claiming it was from Sue. This would then allow Apple to decrypt messages from Bob heading to Sue. Apple can do the same thing with Sue. Then Apple would be able to get messages from Bob, decrypt them, look at the message, then re-encrypt it before passing it along to Sue. The man in the middle model...

Bob wants to send an message to Sue.

Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.

Apple generates a private key and a FakeBob public key of their own.
Apple informs Sue of an message request and is handed FakeBob's public key.

Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.

Apple generates a private key and a FakeSue public key of their own.
Apple informs Bob of FakeSue's public key.

Bob encrypts his message to Sue using FakeSue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.

Apple decrypts message, looks at it, and then re-encrypts message using Sue's public key.
Apple informs Sue of Bob's message.

Sue decrypts the message from Bob using her private key.

Personally I trust Apple to NOT do this and favor the simplicity of their method despite a man in the middle weakness internally in their system. They could prevent this but at the cost of trust being established between Bob and Sue in a more complex and cumbersome way... not ideal for typical users of iMessage.

...personally not sure how this is news or a surprise, with the intentional simplicity and ease of use of the iMessage solution you have to assume Apple will be a good actor on your behalf...

Finally, some common sense. What these "researchers" seem to be claiming is a possible scenario where Apple could set up iMessage to allow them to read messages using a classic man-in-the-middle attack. But they don't seem to have evidence of this at all, given that they, like, don't have any idea how iMessage is set up.

I look forward to Apples response to these potentially libellous claims.

----------

If iMessages is hackable and Apple claimed that the data is safe, then how are we expected to trust Apple's claim that TouchID is also safe?

Apart from the fact that they are two completely different and unrelated things, it boils down to how much you trust your security provider. If you don't trust Apple over this, then you can't trust Verisign, or Thawte, or Comodo, or GeoTrust, or Microsoft, or any other internet certificate authority. And if you don't, then you should probably keep of the internet altogether.