No single person's messages are important enough, but when combined together, the basic rule of NSA's "must be able to put everything under knowledge and control for the raining days" sure warrants such a re-engineering.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Says iMessage Interception Would Require Re-Engineering Systems, Has No Interest in Doing So
- Thread starter MacRumors
- Start date
- Sort by reaction score
No single person's messages are important enough, but when combined together, the basic rule of NSA's "must be able to put everything under knowledge and control for the raining days" sure warrants such a re-engineering.
And some people are to simple to realize that the levee cracks before it breaks.....,.
I think he meant the private keys which generated the public certificates. With the private key you can generate a new public certificate allowing impersonation, or read public-key encrypted messages intended for the owner of the private key.
But, by my understanding, Apple doesn't hold the private keys (centrally) either (they are held in your iOS device), although there might be a more obvious attack based on compromising the user's icloud account to register another "device" to receive messages (BUT, this "controversy" is not about divulging private keys, from what I've read). Apple just ensures that the public certificates passed around are the certificates matching the intended recipient.
The risk here is that Apple could manufacture a new public key based on a private key of their own, claim that public key is John Smith's public key, then intercept all messages intended for John Smith. The important thing here is that after intercepting those messages intended for John Smith they would need to re-encrypt the same message using John Smith's actual public key so John Smith does actually get the message (or, John Smith just forever wonders why he never gets those messages people say they sent him). I forget if there is an authenticity signature in place as well, but if that were so then Apple would need to also forge the public certificate of the message sender so they could re-sign the message, and John Smith would only ever be able to get messages or send messages to people inside this "forged certificate" system (because anyone else would end up with a signature mismatch). So, unless Apple also has a constraint on this "realm" (if someone is inside the realm they get compromised certificates; if they are outside they get regular certificates), that "realm" would pretty quickly end up encompassing the entire universe of iMessage certificates.
It is a very different type of system at that point, requiring massive forged-keypairs storage mechanism and all messages to pass through a server with access to this storage mechanism.
This is what Apple means, by my read, by "re-engineering" needed for any kind of message interception. It is feasible, but would definitely not be something done on a whim or even in response to a single request from the NSA.
Again, IMHO, the weakest part of any public-private key system is almost always the security of the private key. I think that that is much more likely to be compromised on this system than that Apple would re-engineer the system to provide a man-in-the-middle infrastructure. And, again, the way to counter this is to use a second layer of encryption if you need to: create new private keys which are not stored on your device at all, securely exchange the public certs based on those, and for each secure message encrypt/sign the messages using your hand-entered private key and the recipient's public cert.
It's inconvenient, but that's life as a paranoid.
----------
To be clear, that is not the vulnerability described by Quarkslab / Cattiaux.
He is worked up over a potential man-in-the-middle public key replacement scheme (see my previous post), not the ability for the private keys to be compromised. I agree that is a more likely flaw in the system, but it is a long-known flaw.
Last edited:
Correct! You got the part about undoing the certificates wrong a little, but overall this is pretty dead on.
APPLE IS THE MAN IN THE MIDDLE BY DESIGN!
Nothing needs to be done on the client side for apple to read all of your imessages because they all pass through apple servers using apple encryption. Apple is just trying to stay out of all this NSA privacy crap, where they shot themselves is by claiming that it was impossible, which just isn't true. It may be against corporate policy, but the NSA doesn't care about there policies and neither will the fisa warrant they hopefully have.
Do you seriously want to find out what they could do? Google Nazi Germany. Perhaps you haven't heard of it. Everything that happened there could happen here if we are foolish.
Today I am changing tires on my vehicles for winter driving and unplugging the drain in my garage. Is this the kind of thing that someone will use against me or will even be interested in. Do not think so. Just not a believer that someone like government could possibly have an interest in me. Just living the dream and if things change I may have to reassess. I am not a threat, so for now, do not have any worries about it.
It is interesting to read some of the post and see what other peoples thoughts are though. We are all entitled to our opinions and how we feel about this. And I respect everyone's, I just feel different about it though.
It is interesting to read some of the post and see what other peoples thoughts are though. We are all entitled to our opinions and how we feel about this. And I respect everyone's, I just feel different about it though.
That's security 101.
The criminally insecure method is to store your username and password, and compare the stored password with the one you enter.
The irresponsibly insecure method is to store your username with a hash of your password. The bits in the password are mixed up in a pseudo-random way so that it is impossible to recover the password except by trying all possible passwords and mixing them up in the same way. When you enter your password, that password is hashed (mixed up) in the same way. It is insecure because if a hacker gets access to the database of usernames and passwords, they can't find the passwords which are used, but they can find which users have identical passwords, and these are likely easy to be cracked.
The reasonable safe way is to take your password, add some random information, hash it, and store that. When you enter the password, the exact same random data is added and the password hashed in the same way. Even if your password was 123456, the random data added makes it impossible to crack your password.
The safer method is to do the same things, but not actually store the hashed password but use it as a decryption key. When you enter a password, the extra data is added, the password hashed, and Apple uses this to decrypt some data. If it works, you have the right password. If it doesn't work, Apple can't access your data.
Apple could very possibly have no simple way to decrypt messages. The only two devices that need to know how to decrypt the messages are the Macs, iPhones, iPads and iPod Touches sending and receiving them. Apple could probably figure out a way, but they quite possibly don't have one at the moment. That doesn't mean Big Government can't force them to find a way though...
It is not false. Apple, according to all verified information to date, does not have the capability of decrypting that data. They could in a particular dystopian future re-engineer their systems and create a man-in-the-middle infrastructure enabling them to decrypt future messages, but that would not cover past conversations over iMessage or FaceTime (even if the encrypted data were stored somewhere).
----------
Which is actually a pretty critical fact, because if iMessage delivery fails (and do you believe it is beyond the capabilities of the NSA to disrupt your cell phone's data connection to force iMessage to fail?), the message is sent via plain SMS, and completely visible to your cell phone company (which IMHO I trust less than Apple, Google, and the NSA, combined). So, if you are sending your anarchist takeover of the world plans via iMessage you are really living on the edge anyway.
But what determines what the random data is? Apple must have access to enough secret information to decode their own user information... unless maybe the device generates its own random code to be used, making it a per-device account.
All systems can be cracked. It doesn't mean there are boogymen doing exactly that behind your back.
... or, alternately, that the received iMessages are backed up (to the cloud or to your local computer, your choice) without the public/private key encryption, so the private key is no longer needed to read them. This makes absolute sense: if you are trusting a cloud storage solution for your backups then you are quite explicitly entrusting that service with all the data on your device, which, duh, includes messages sent and received.
The biggest question arises from the fact that multiple devices simultaneously receive an individual iMessage. This means that either they all have the same private key (which raises the question of how they all got the same key) or each "user" has multiple public certs which iMessage handles transparently (then each device just decodes the version encoded in its own certificate with the device-unique key). I believe the latter is actually the case, because if you restore a device (an action which would require creating a new private key / public certificate if it is device-centric) you get a message on all other devices receiving the same iMessages that a new device has been added.
This opens up the possibility of that "notification" system being foiled, and a new public cert being added to your iMessage account without your notification. Again, this seems like a much more likely failure point than Apple putting a man-in-the-middle infrastructure in place.
I don't think you understand how encryption (in general) or encrypted communications works. You seem to be under the impression that the data is ever in the "clear" on Apple's servers. Decrypting the data on the fly would be either impossible or would require an extremely weak encryption algorithm or employ a static or generate once encryption seed for each user. If the latter was true, you could analyze past messages to come up with the cypher text and then use that to decrypt future messages. I doubt Apple would be that irresponsible.
Stanford offers an introductory course on cryptography and encryption through Coursera. I would highly recommend that you consider taking it.
The level of infrastructure needed to deploy an effective man-in-the-middle public certificate attack is FAR beyond something that one unscrupulous employee would be able to put in place without anyone noticing.
That is the point of Apple's statement.
No, they said they have responded to thousands of requests for information with what information they could provide. In the exact same statement they said that what information they can provide does not include the actual text of conversations because that is end-to-end encrypted. The available data is the much-ballyhooed "metadata" about the conversation - "Bill sent three message so Johnny yesterday at 12:03, 12:05, and 12:31". This is not and never has been claimed to be encrypted end-to-end ... aside from a TOR-like system where the routing knowledge is distributed I can't even see how such a claim would be physically possible (and even in a TOR-like system the metadata is there, just not in one place).
I have no doubt that Apple hasn't engineered iMessage to allow Apple to read our messages, but by not denying the allegation they have indirectly admitted that iMessage is exploitable. They also only specified that "Apple" has no interests in our messages, but that's far from denying than other organizations (NSA) aren't already invading out privacy. I wish Apple would have just said, "We have no interest in your iMessages, and neither us, nor anyone else has access to them to our knowledge." But they way I read Apple's response, it really sounds like they don't access our messages, but that "request" you referred to has already taken place.
I'm sure stock brokers, big bankers, VPs, etc would feel very differently about that.
I like to reply with, if you've done nothing wrong, you've done nothing to warrant being searched. At least according to the 4th Amendment.
This is the internet, I save my proper grammar and vocabulary for more useful purposes.
do something useful in your life rather than correct people on the INTERNET lol
No I'm not under that impression that imessage is sent as clear text at all, but the point i'm making is that it is possible. Apple could spoof the certificates without the end user ever knowing, since the end users device is setup to point at apple servers already all Apple would have to do is spoof the certificate as it passes through the imessage server. Apple could make a end user believe they were having an imessage conversation with anyone they wanted since they are the lock & the door.
Again, i'm not saying they are doing it just that they could. Also i'm not claiming to be a security expert but this is not rocket science here. You only need a simple understanding of how encryption works to understand that this is done all the time using man in the middle attacks. The only difference here is that a standard man in the middle attack requires you to trick the end client into communicating with you.
Imessage by design makes apple the "man in the middle" so no tricking of the end user is required.
edit: I ignored your overall dickieness.... please meet me in the middle
Actually, not having curtains and cleaning in the nude kind of makes you sound like a sex offender. Perhaps they better start monitoring you...