Apple Announces 'Groundbreaking' New Security Protocol for iMessage

[cocky jeremy]

Everyone will still use bloody WhatsApp 🤣

Not in the US. I've yet to meet anyone that uses it.

 

[Nekronos]

You are used to it; the UI isn't better than messages or more intuitive.

As someone who uses both and is in the U.S. - I also think Whatsapp UI is more intuitive and better. Also, the android version of Whatsapp is better than iPhone (though that may be more of a problem with how iphone operates relative to android)

 

[bigboy29]

True.

But quantum computing is in its infancy. CPUs of today are millions of times more powerful than their infant predecessors in the 1970s and 80s. And modern GPUs are more powerful still. So a quantum computer 20-30 years from now likely will be much more powerful than what exists today.

Given that Apple's statement has forward looking claims (i.e., " an attack scenario known as Harvest Now, Decrypt Later.") what confidence do we have that messages harvested under Apple's initial PQ3 implemention will be resilient from powerful quantum computer 20-30 years into the future?

It is based on mathematical modelling as the source blog post goes into (over my head): https://security.apple.com/blog/imessage-pq3/

I expect that this is true until it isn't. Just as various crypto implementations of today have been mentioning 100s or 1000s of years of computing as something needed to break the encryption, things go out the window when there is a quantum leap (pun intended). The graphics in the post already shows that there is a progression between Level 2 > Level 3 > Future.

 

[TheLinkster]

Ok I just found the option. I disabled everything Siri on day 1 and that‘s why for years I never had these suggestions. They are somewhat useful but still a long horizontal list you have to scroll through and it’s not specific to one messaging app. So I have to scroll through 8 recent whatsapps to get to the one iMessage contact…
Yeah..no…Whatsapp is way easier.

So you disabled the functionality, but Apple is somehow worse. Sounds like user error.

 

[Sergeyd]

"Backdoor this, bitches."

If you (or a person you chat with) don't use "Advanced Data Protection" and backup data to icloud, apple has the keys and can decrypt or share the key with gov
Signal doesn't

 

[H2SO4]

I wonder if it'll stop all those, press volume down 6 times, followed by volume up twice, press and hold the home button, turn around to face the wind, put the phone upside down and repeatedly operate the mute switch to unlock the phone.
I still don't get how people find these.

 

[nt5672]

I need to digest this to really understand it but yey for words like "groundbreaking post-quantum cryptographic protocol"!!

I suspect these are Tim Cook'y words that don't have much meaning these days.

 

[Timo_Existencia]

I've dismissed them entirely unless you are intersting to a professional spy and worth millions of dollars or rubles to hack.

In other words, if you're a buyer for a large enterprise concerned about institutional security.

 

[The_Gream]

Oh yes it is much easier.
Just one example: sending a photo from your camera roll using the share button, you have to enter the recipients name manually or go through all of your hundreds of contacts and pick one. In Whatsapp you simply land in your recent chats overview and just click on an Avatar/Chat to send it. I can‘t wrap my head around the fact that I can not do this simplest and most logical thing within iMessage. There are dozens of more examples.
Of course cross platform is a big one but all my relatives have iPhones and still use Whatsapp. When asked why, they answer „because it‘s easier to use“.

Ah… pretty sure when I hit share on my iPhone, the first section is always people I recently messaged -

I just checked and it list my discord channels as well as people I recently texted.

Now, don’t get me wrong: Every person has their right to their own opinion. But my experience with WhatsApp has been scams and other such junk that I don’t fall for. I get that random “wrong number” text and then they wanna talk and text in WhatsApp and ask me about how much money I make.

 

[falkon-engine]

It is based on mathematical modelling as the source blog post goes into (over my head): https://security.apple.com/blog/imessage-pq3/

I expect that this is true until it isn't. Just as various crypto implementations of today have been mentioning 100s or 1000s of years of computing as something needed to break the encryption, things go out the window when there is a quantum leap (pun intended). The graphics in the post already shows that there is a progression between Level 2 > Level 3 > Future.

Yeah. I saw that. I was just wondering how they test and evaluate their claims, that's all.

 

[MacFarmer]

I hope they will also update iMessage with ui features. Whatsapp is just so much easier and intuitive to use, that‘s why nobody is using iMessage in Europe.

no its not. And you cant rearrange icons at the bottom. who puts chat in such inconvenient place?! I firmly do not like app UI + its data mine for meta.

 

[toobravetosave]

copy paste from news article "Apple plans to adopt the Rich Communication Services (RCS) messaging protocol, which aims to enhance cross-platform communication between iPhones and Android devices."

iphone/ios would be one platform, android would be another platform, and RCS allowing them to talk to each other on those two different platforms, making it cross platform.

it’s not a cross platform CLIENT that lets people have secure imessage to imessage conversations on any device

please understand your own terms

 

[nt5672]

True.

But quantum computing is in its infancy. CPUs of today are millions of times more powerful than their infant predecessors in the 1970s and 80s. And modern GPUs are more powerful still. So a quantum computer 20-30 years from now likely will be much more powerful than what exists today.

Given that Apple's statement has forward looking claims (i.e., mitigate risks against "an attack scenario known as Harvest Now, Decrypt Later.") what confidence do we have that messages harvested under Apple's initial PQ3 implemention will be resilient from powerful quantum computer 20-30 years into the future?

Without 3rd party verification, we don't even know if it is secure now. Cryptography is hard and is rarely done correctly. Considering it took Apple almost 10 years to get iCloud working decently, I don't have high hopes for this.

 

[t0rqx]

A18 and M4 required due to the sophisticated encryption and decryption needed.

 

[I7guy]

Wow, surprise announcement. Nice job apple.

 

[MNWildFan]

Everyone will still use bloody WhatsApp 🤣

Yup, because everyone by now has become such creatures of habit

While we use iMessage and many other platforms, it seems that the trend of those in the EU using WhatsApp and those in China using WeChat isn't going to change anytime soon even with how commonplace iMessage has become

 

[Robert.Walter]

In France they call toilet paper PQ

Lots of hackers will be saying Merde! once this protocol rolls out.

 

[mcled53]

Why isn't Apple protecting us from time travelling quantum computers that appear to predict the future because they are from the future. Shame on them!

 

[Robert.Walter]

Is this one of Apple’s inventions? If so, I wonder, whether they will open-source the algorithm for world-wide auditing by security researchers. How would we know, otherwise, whether the claims Apple makes are held up by reality? If they do that, of course, others will implement the same algorithm in their messaging apps, as well.

How do we know? Well, Apples reputation for pretty much delivering on its promises is a good leading indicator.

 

[bollman]

Apple says PQ3 will fully replace iMessage's existing cryptography protocol within all supported conversations later this year. All devices in an iMessage conversation must be updated to the above software versions or later to be eligible.

So, how are they going to show if PQ3 is used or not? Green bubbles for iMessage conversations not PQ3 encryped?

 

[rp100]

Using quantum computing (QC) for decryption will largely be relegated to military applications at the beginning. The value of intercepting everyday communications is low, especially when people use highly predictable PINs and passwords to secure their devices. There is also the risk of alerting the public to the true scope of power that these agencies possess. Remember when the Colonial pipeline in the U.S. was taken offline for a bitcoin ransom? The coins were paid and then mysteriously recovered by the US DOJ. The DOJ refused to disclose how it obtained the private key…

However, it’s nice to see companies raising awareness of a foreseeable problem.

 

[gatorvet96]

Why do people in Europe, including iPhone users, use WhatsApp? It is a Meta data farming product. Here in the US I don't know a single person that uses WhatsApp. Then again almost everyone i know has an iPhone. Of course I phone shame my friends that have Androids lol with the green bubbles. LOL

 

[aidler]

Thanks Tim, and don't forget to implement the backdoor for the CCP, otherwise you'll be in big trouble.

 

[VPsmith]

Uhm are they going to open source this? I think we need to verify this before Apple just releases it to everyone in 17.4… I think people should be concerned Apple is just shoving this in the next update. And we need a deep clean overview and explanation.. it’s easy to understand simple AES encryption but quantum encryption and threats need to be educated to people so we can trust this. People replying to this are giving it blind trust.. not ok

 

[Rychiar]

Everyone will still use bloody WhatsApp 🤣

Not in America 🤷🏻‍♂️