Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Says iMessage Interception Would Require Re-Engineering Systems, Has No Interest in Doing So
- Thread starter MacRumors
- Start date
- Sort by reaction score
The problem is the statement that Apple posted back in July (quoted above by "WardC"):
That statement was simply false.
This has nothing to do with the article. The green bubbles are already monitorable by government agencies because they just using a normal SMS protocol. The one in question is the ones in BLUE which government agencies can't crack it YET.
Very interesting article debunking Apple's iMessage privacy:
http://www.imore.com/researcher-investigates-apples-imessage-privacy-claims
"The first point Green raises is that iMessages are backed up and can be restored to a new device. If iMessages can be restored to a new device, then the encryption key can't be locked to the device. You can also read messages after resetting your password, meaning that the data must not be encrypted with your password either. This makes it unlikely, if not impossible, that the keys used to encrypt the stored messages are not possessed or recoverable by Apple."
Apple maintains the keys, thus they have the ability to decrypt the messages.
http://www.imore.com/researcher-investigates-apples-imessage-privacy-claims
"The first point Green raises is that iMessages are backed up and can be restored to a new device. If iMessages can be restored to a new device, then the encryption key can't be locked to the device. You can also read messages after resetting your password, meaning that the data must not be encrypted with your password either. This makes it unlikely, if not impossible, that the keys used to encrypt the stored messages are not possessed or recoverable by Apple."
Apple maintains the keys, thus they have the ability to decrypt the messages.
Not sure that is the case. What is not considered wrong today might change tomorrow.
With that being said. I still don't think there is an organization tracking our every move. (maybe the markerters).
Just another theory which already contradicted with what QuarksLab demonstrated in the article.
No it isn't.
The real risk here is not that Apple as a company has a desire or need to be able to decrypt the messages, I doubt anyone really thinks that the case.
The problem is that they have claimed something which is simply not true. Someone at Apple does have the ability to put the right things together and to read these messages.
Your "right now" scenario assumes that this is in some way authorised - but what is to stop an employee doing it when they shouldn't?
Nothing. It's not a theory, it's a fact. This is technically possible to do, therefore it can happen!
Apple cannot currently with the software that's installed on their servers and devices decrypt the data.
They might with be able to with some modifications (maybe very easy modifications), but currently, they can't. Just like your bicycle can't currently sound a horn, but could be modified by adding a horn.
Yes if that was the statement then indeed that is false. That would only be the case if the encryption happened locally which is not the case here. The encryption is done on Apple's servers.
You're totally missing the point - Apple is unlikely to want to do it. It's the risk from an unscrupulous employee doing it that people would be concerned about.
Apple claimed that it was not possible for them to do it - not because they hadn't written it, but because it was impossible.
Yes, it is. Apple can't just read your iMessage AT WILL. They don't have that ability YET. They can if they RE-ENGINEER their process which they simply didn't do or have any intention to do RIGHT NOW.
No, it's not. You are looking at it wrong. In it's current state, your imessages can't be read. That's it. It's not a lie.
Let's say I thought about cheating on my wife, but did not actually do it yet. She comes up to me and asks, "Are you cheating on me?". I say no.
Then 4 days later I cheat on her. My first statement is still true.
Did you all not just read above Apple's own statement that they have turned over thousands of conversations to law enforcement? They store the data on their own servers, then turn it over upon request. They may not decrypt it and read it, but they must provide law enforcement with the ability to decrypt and read the messages. Apple's not doing this b/c of privacy concerns, but they possess the keys and the ability 100%
You aren't understanding the technological differences here.
Apple previously said that reading a person's iMessages was impossible due to the way that the encryption works.
Now Apple says it isn't possible because they haven't made a system to do it.
That's a massive difference, and it's the same distinction that has damaged the reputation of companies like Dropbox in the past. They made similar claims, which simply couldn't be true. The risk here stems from Apple having the theoretical ability to do it - there are services out there which don't even have the theoretical possibility of messages being intercepted by the service provider.
I'm not saying this is a bad approach for Apple to have taken - it's the only practical one. You can't do this sort of service and make it convenient for users in any other way, but their statement in July was misleading and now they're backtracking on it.
Exactly. Security in layers is always the best approach anyway, so you might as well continue planning your overthrow of all world governments and corporations using iMessage. Just encrypt your messages using one-time-pad technology before transmitting.
Really, people, it is all about perspective. If you have something you require to be kept confidential, take it upon yourself to secure the channels of communication. There has never been and theoretically never can be a more secure communication channel than one protected by a securely-distributed single-use pad encryption mechanism. Use that for your really confidential stuff. Use whatever is convenient to remind your significant other to pick up the milk.
So true. We become more skeptic as we get older.
It's easier to get the TRUE information FROM THE SOURCE now. And it's also easier to get the fake information from places like Fox News as well. The thing I hate about the news is that many times the true story is hidden by layers and layers of fake crud and opinions.
You're just nit-picking like all the writers who want page hits. Apple said it's impossible because it can't. Someone tried to prove that it can IN THEORY. Both parties can be right and ARE right.
No, there are not. Now, you just pulled something from your behind.
Yes I have curtains in my home... I roam around my house uncensored, I have a healthy sex life, I am having some private time with my children an family...
I don't click those pics an send them across on iMessage...
...err no. You get the user to store their encryption key - if they lose it, all their data is gone.
That's not at all user friendly, so most services would not dream of functioning like that.
3 reasons the nothing to hide crowd should worry about government surveillance. http://reason.com/archives/2013/06/12/three-reasons-the-nothing-to-hide-crowd