Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Says iMessage Interception Would Require Re-Engineering Systems, Has No Interest in Doing So

Love how everyone gets all worked up over the rumoured *possibility* of Apple reading their iMessages yet you never hear a peep over Google's *confirmed* ability of reading Gmail messages....
 
bbeagle said:
Why this Apple-centric bashing?

Facebook employes can read your posts, Citibank employees can see your bank transactions, Google employees can know what all your searches are.
Click to expand...

Just because other companies can or do violate people's privacy doesn't mean people shouldn't point out cases that involve Apple. I think people, rightly or wrongly, hold Apple to a higher standard. "Think different", the 1984 commercial, etc.

Since the now infamous PRISM slides (purportedly) show that Apple started cooperating with PRISM after Steve Job's death, while others such as Google were onboard with it years earlier, it may indicate that Tim Cook has a different view on privacy. Apple might be more willing now to allow the government to get a peek at certain iMessages at some point in the future, if it doesn't already.

I also think it seems like everyone's picking on Apple because they're the world's number one brand. Plus, this is MacRumors, after all. You should see all the complaining people do on FacebookRumors. :D
 
Todd B. said:
Love how everyone gets all worked up over the rumoured *possibility* of Apple reading their iMessages yet you never hear a peep over Google's *confirmed* ability of reading Gmail messages....
Click to expand...

So true. And need repeating.
 
Solver said:
Apple has no plans or intentions to re-engineer the iMessage system, unless Home Land Security "requests" it.
Click to expand...

And, because NSA is so powerful, no one, company or country, could EVER POSSIBLY refuse ANY "request" from it.

----------
TheNewDude said:
I do understand why Privacy is a big issue and a hot topic. I also understand how we need to fight for our privacy and make companies be accountable.

With that being said, I agree with MATTYMO. My iMessages aren't nearly important enough to anyone, other than the communicating parties, to bother reading.
Click to expand...

...until someday you suddenly find yourself possessing something coveted by an NSA official.
 
matrix07 said:
You still don't understand. Apple doesn't have all the pieces RIGHT NOW. The system now doesn't allow them. It isn't even sure QuartzLab theory could be working. And your link still didn't prove that it can't be cracked in theory. Sorry, we can not be double-standard here.
Click to expand...

My link does say exactly that. You clearly just don't understand cryptography.
 
Apple said: or example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.
Click to expand...

Daveoc64 said:
That statement was simply false.
Click to expand...

Absolutely not. There's a difference between "cannot" and "couldn't". The locksmith who put the locks into my house could have made copies of my keys and break into my house without anyone noticing. He _could_ break into my house. However, he didn't actually copy these keys, so he _can't_ break in.

Apple could have designed their systems so that they can read your messages. However, they didn't, so they cannot read your messages. I cannot shoot you because I don't have a gun. I could shoot you because I could buy a gun, but I wouldn't do that because I don't want to own a gun, and I don't want to shoot anyone. So "I cannot" and "I could" are true at the same time.
 
firedept said:
Ah, the dreaded message read by some mystery organization! LMAO! Oh how people love drama! My belief is that, if you are doing nothing wrong, then you have nothing to worry about.
Click to expand...

... in a perfect world where no one wants to exploits anyone else.
 
Daveoc64 said:
My link does say exactly that. You clearly just don't understand cryptography.
Click to expand...

I don't see anything in Cryptocat website that tell me it can't be cracked in theory. Sorry. If you ASSUME on Apple case you need to ASSUME on everyone case. No double-standard.
Oh and cryptography in principle is not that sophisticate. It's just a door lock with mathematic. That's all.
 
I highly doubt it unless this basically means "In order for us to read your messages, we would have to change how we run iMessages (by giving employees permission to read your messages)." They can do it if they want, but I don't see why they'd want to or why I should care.
 
WardC said:
Very interesting article debunking Apple's iMessage privacy:

http://www.imore.com/researcher-investigates-apples-imessage-privacy-claims

"The first point Green raises is that iMessages are backed up and can be restored to a new device. If iMessages can be restored to a new device, then the encryption key can't be locked to the device. You can also read messages after resetting your password, meaning that the data must not be encrypted with your password either. This makes it unlikely, if not impossible, that the keys used to encrypt the stored messages are not possessed or recoverable by Apple."
Click to expand...

Actually, with the last point they are completely wrong. The PDF file http://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf explains a simple method (in another context, but no different): The message is encrypted with a randomly generated key. The _key_ is encrypted with your password. When you change the password, you are sent the encrypted key, decrypt it with the old and encrypt it with the new password, and return it to Apple.
 
matrix07 said:
I don't see anything in Cryptocat website that tell me it can't be cracked in theory. Sorry. If you ASSUME on Apple case you need to ASSUME on everyone case. No double-standard.
Click to expand...

I was referring to the Wikipedia link. Short of Apple making an earth shattering mathematical discovery that they are neglecting to tell the world about, there's nothing they can do to solve this problem.

I've already explained how CryptoCat differs from iMessage and Dropbox, as well as the pros and cons of each approach
 
gnasher729 said:
Actually, with the last point they are completely wrong. The PDF file http://www.apple.com/ipad/business/docs/iOS_Security_Oct12.pdf explains a simple method (in another context, but no different): The message is encrypted with a randomly generated key. The _key_ is encrypted with your password. When you change the password, you are sent the encrypted key, decrypt it with the old and encrypt it with the new password, and return it to Apple.
Click to expand...

This is a "one-time pad", right? But Apple has your password, so they could get your key.
 
Daveoc64 said:
I've already explained how CryptoCat differs from iMessage and Dropbox, as well as the pros and cons of each approach
Click to expand...

Wait for it to be big like Apple someone will come on stage to prove that it can be cracked. Do you even understand what QuartzLab was reporting here?
 
Screwtape said:
For encrypted communication protocols to work, you have to trust SOMEONE. Whether it's a Certificate Authority, Apple, Google, Facebook... frankly, of all of those, I'd trust Apple the most since they do not have any interest in my data. All they care is that I use their cool software because it keeps me buying their expensive hardware.
Click to expand...

Actually just like pretty much any other tech company these days Apple too is interested in your data. How could they otherwise offer targeted advertising for their iAd service? (iAd is direct competition for Google's AdMob) The list of target possibilities is no longer listed on the iAd website but it was an extensive list. Even though Apple also collects your data there is really nothing to worry about.
 
Last edited:
Todd B. said:
Love how everyone gets all worked up over the rumoured *possibility* of Apple reading their iMessages yet you never hear a peep over Google's *confirmed* ability of reading Gmail messages....
Click to expand...

Because this is MacRumors, not Googlerumors. We also haven't seen the article about GOOG rising 13% (!) today.
 
Apple's response is misleading to say the least.

The were originally using terms like "impossible" no its just "well we won't"......

What their not saying is we have no interest in reading imessages, but if the NSA or any other govt agency with a fisa warrant ask us to we will, not because we want to but because we won't even attempt to push back at all for fear of retribution.

If you know anything about how a "man in the middle" attack works you will easily understand how apple can read your imessages, because guess what.....
Apple already is the "man in the middle"...
 
Daveoc64 said:
...err no. You get the user to store their encryption key - if they lose it, all their data is gone.

That's not at all user friendly, so most services would not dream of functioning like that.
Click to expand...

That's what happens with MacOS X full disk encryption.
 
bbeagle said:
Apple cannot currently with the software that's installed on their servers and devices decrypt the data.

They might with be able to with some modifications (maybe very easy modifications), but currently, they can't. Just like your bicycle can't currently sound a horn, but could be modified by adding a horn.
Click to expand...


If the message can be decrypted after a device and password change it is 100% sure that Apple can decrypt them when they want
 
Screwtape said:
For encrypted communication protocols to work, you have to trust SOMEONE. Whether it's a Certificate Authority, Apple, Google, Facebook... frankly, of all of those, I'd trust Apple the most since they do not have any interest in my data. All they care is that I use their cool software because it keeps me buying their expensive hardware.
Click to expand...

What if you're sending confidential corporate information through iCloud mail? I wouldn't trust anything but a private mail server for that.
 
9000 said:
This is a "one-time pad", right? But Apple has your password, so they could get your key.
Click to expand...

Apple doesn't have your passwords. Only companies that are criminally incompetent or just criminal have your passwords. Not that there aren't companies who do (which is why you don't use the same password on some important site and some unimportant site), but I wouldn't think Apple is either criminally incompetent or criminal.
 
bbeagle said:
Apple cannot currently with the software that's installed on their servers and devices decrypt the data.

They might with be able to with some modifications (maybe very easy modifications), but currently, they can't. Just like your bicycle can't currently sound a horn, but could be modified by adding a horn.
Click to expand...

It's probably just NSString* decryptedString = [message getDecryptedString] to get it :D
 
WardC said:
Very interesting article debunking Apple's iMessage privacy:

http://www.imore.com/researcher-investigates-apples-imessage-privacy-claims

"The first point Green raises is that iMessages are backed up and can be restored to a new device. If iMessages can be restored to a new device, then the encryption key can't be locked to the device. You can also read messages after resetting your password, meaning that the data must not be encrypted with your password either. This makes it unlikely, if not impossible, that the keys used to encrypt the stored messages are not possessed or recoverable by Apple."

Apple maintains the keys, thus they have the ability to decrypt the messages.
Click to expand...

But that's what Apple is saying. They do not possess the keys. The user's keys are stored on a third party server. They are putting this info out there to prove that they cannot read your messages.

But as each user's encryption key is stored on a third party server that Apple cannot access, it means the gov't can. The NSA can force that company, with a FISA subpoena or national security letter, to let them access their network/servers and get those keys.

I believe that Apple is not reading our iMessages. But that does not mean that the government isn't.
 
gnasher729 said:
Apple doesn't have your passwords. Only companies that are criminally incompetent or just criminal have your passwords. Not that there aren't companies who do (which is why you don't use the same password on some important site and some unimportant site), but I wouldn't think Apple is either criminally incompetent or criminal.
Click to expand...

How could they provide iCloud login servers without having your passwords?
 
derek4484 said:
But that's what Apple is saying. They do not possess the keys. The user's keys are stored on a third party server. They are putting this info out there to prove that they cannot read your messages.

But as each user's encryption key is stored on a third party server that Apple cannot access, it means the gov't can. The NSA can force that company, with a FISA subpoena or national security letter, to let them access their network/servers and get those keys.

I believe that Apple is not reading our iMessages. But that does not mean that the government isn't.
Click to expand...

Can you point to any source saying that Apple doesn't store the keys or that they can't access them?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back