Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Says iMessage Interception Would Require Re-Engineering Systems, Has No Interest in Doing So
- Thread starter MacRumors
- Start date
- Sort by reaction score
Then Apple can decrypt what they want, like any provider that can reset an user password and that user restore any encrypted data
----------
Being encrypted end to end doesn't mean that the company can't decrypt them
I can't comment on it's validity, but this Swiss company claims secure iMessages https://threema.ch/en/
Mine doesn't fail over automatically to SMS. It just fails and I have an option to try again or send it as a text. Might be a settings thing but that is how mine functions.
It used to be default, but yes, now they just fail, and the fallback is optional.
By my read of https://github.com/cryptocat/cryptocat/wiki/Design-and-Functionality cryptocat suffers the same potential for man-in-the-middle attacks on its secure chat system as Apple. The MitM attack vector is simply the XMPP server instead of Apple's iMessage server. But, just like with Apple, a compromised XMPP server would be able to forge public certificates for other participants in the chat and capture all messages going through.
Other than the per-chat generation of private/public key pairs, I don't see any architectural difference between this and what we know about Apple's iMessage system.
Unless your argument is that you would be the one operating the XMPP server, which then is kind of silly. Then you're just arguing against using a third-party messaging system in general; instead of proving that you don't need to trust the operator of the messaging system you have replaced the operator with someone (yourself) that you (and hopefully your chat mates as well) trust implicitly.
Maybe there's more there that isn't laid out in the (rather sparse) Wiki, but I don't see any of the hallmarks of accepted MitM-proof system design there.
If you want a secure chat system based on any kind of encryption, the certificates need to either be exchanged in an independent and verified-secure (or at least, unlikely to be compromised at the same time as the active communications channel) system or they need to be intrinsically verifiable (by a third party, which also requires secure uncompromised root certificate exchange independent of the active comm channel).
As was said earlier, to get "true" security (really, all security is relative) you need to accept a very healthy dose of inconvenience. Yes, that tradeoff does tend to improve over time (although the actual level of security provided by a particular security measure also tends to decrease, such that many would claim that the security:inconvenience curve is roughly stable over time). So, the user of a chat system needs to determine roughly how much privacy they really need, and compare that the the necessary inconvenience, and choose the level of each that makes the most sense for them.
Let's forget about the NSA or a secret government agency. Instead, let's pretend you are hot (or continue pretending if that applies) and you have a steamy relationship.
Let's also pretend someone else thinks you are hot. This person has no influence over Apple.
How will they intercept your dirty, filthy playtime? Those are the holes worth plugging first.
Let's also pretend someone else thinks you are hot. This person has no influence over Apple.
How will they intercept your dirty, filthy playtime? Those are the holes worth plugging first.
Hmm. I would have sworn that just a month or so ago I sent a message which never got the "Delivered" notification, then ten minutes later it turned green with "Sent as text message" underneath it. Might be misremembering things, though (doesn't happen to me very often, just when one or both of us is in really dodgy coverage, which doesn't happen much with Verizon around here).
My argument is that Apple's prior claims that it was "impossible" for them to ever decrypt a user's messages cannot be correct, and that their recent statements back that up.
Their admission that the flaw described by these researchers is at least theoretically possible (although far fetched) demonstrates that they use public key cryptography, and due to the way they must store the user's private key, it must be possible for them to decrypt the messages.
I don't really care about any other sort of security issue - whether that's some sort of flaw in the client or server software being used.
I don't use iMessage, but that's not down to security or privacy concerns. I would fully expect Apple to be able to access my messages if I used it.
I never understand this argument. Just because you are boring doesn't mean the government is not interested in targeting lots of people for nothing more than legally exercising their first amendment rights in a way that challenges the government. Are you that self-centered and short-sighted?
Maybe they should. But I believe I am more a public threat than anything else. LOL!
Thanks everyone for your opinions, they have been noted and appreciated. Really appreciated everyone being civil. Have seen these boards get ugly on occasions. Nice to see opinions respected!
Exactly, why does it matter that theoretically they can setup their backend to get messages. They can theoretically put backdoors in the app or the OS and send anything and everything they want. All is moot.
I don't think so
Apple has not, to the best of my knowledge, given any details of the encryption protocol usage. But from the statements that have been made, I do not believe that your scenario is correct.
Let us assume your point that Apple stores the public keys. Although I don't think it would be on a third-party server, that makes no difference. What is stored are the PUBLIC keys for each user. No privacy needed, just security to make sure they're available when needed, aren't modified etc. So if I want to send a message to you, I (i.e. the Messages client on my Mac) fetch your public key. I then encrypt my message using that key and send it to you. The critical point is that ONLY YOU can read it because your PRIVATE key is needed for the decryption, and only you have that private key. It is not held on any server in a way that NSA can obtain with a warrant etc.
Let me be clear - I do not know how Apple has implemented security in Messages. But if I wanted to build something that had the characteristics they describe, this would be the way to start.
Apple has not, to the best of my knowledge, given any details of the encryption protocol usage. But from the statements that have been made, I do not believe that your scenario is correct.
Let us assume your point that Apple stores the public keys. Although I don't think it would be on a third-party server, that makes no difference. What is stored are the PUBLIC keys for each user. No privacy needed, just security to make sure they're available when needed, aren't modified etc. So if I want to send a message to you, I (i.e. the Messages client on my Mac) fetch your public key. I then encrypt my message using that key and send it to you. The critical point is that ONLY YOU can read it because your PRIVATE key is needed for the decryption, and only you have that private key. It is not held on any server in a way that NSA can obtain with a warrant etc.
Let me be clear - I do not know how Apple has implemented security in Messages. But if I wanted to build something that had the characteristics they describe, this would be the way to start.
even i don't care about my text messages. why would apple do? who the hell wants to read my "love you's" and occasional "buy some beer for monday night football" ? i mean, it's ****ing iMessage, not a secret encrypted service the spies talk about their work on
people are annoying
i have good news for you. in mavericks they are flawless. i swear i had major problem with them since the launch but now they are PERFECT.
I am trying explain how on the fly encryption works. Apple does not have to "spoof" certificates as they are not specific to an individual session. Certifications are and should only be used as a form of identification. They identify the Apple server as being genuine. The actual encryption of a session starts out with a key exchange between each of the clients and the server. A secure system should periodically regenerate new keys for each client to prevent any man in the middle attacker from using sampling to derive a cypher text attack on future messages. The shorter the time interval between key exchanges, the harder it is for an attacker to derive the cypher used to "sign" the messages.
The pubic key of the receiver on the sender client would become the seed for the encryption method on the client. The server would then take that message and pass it onto the recipient and the recipient client would then take the encrypted message, take their private key and use it to reverse engineer signing string sequence and decrypt the message.
This example is not necessarily supposed to show the most secure method but it gives you an idea as to how this works. The Apple servers do not have to be involved in the encoding process or in generating the keys used to sign the messages.
If Apple's servers do not have the seeds for the keys then they cannot decrypt the messages without a brute force attack which would mean that it could not occur in real time.
Any encryption can eventually be cracked but if it takes more time to crack each message than how long the information remains timely and relevant then it is basically pointless to try.
Last edited:
Has Apple revealed the exact encryption protocol used for iMessages? As I understand public/private key encryption this could work in one or two ways.
1- My message is encrypted using my private key then sent to the recipient where it is decrypted using my public key.
In this case anyone who has access to my public key can read the message.
2- my message in encrypted with my private key then re-encrypted using the recipient's public key.
In this case the message cannot be read without the recipient's private key
Do we know which method Apple is using?
1- My message is encrypted using my private key then sent to the recipient where it is decrypted using my public key.
In this case anyone who has access to my public key can read the message.
2- my message in encrypted with my private key then re-encrypted using the recipient's public key.
In this case the message cannot be read without the recipient's private key
Do we know which method Apple is using?
Sorry, I meant on my iPhone with iOS 7.0.2. Just noticed that it happened today. Also, email messages sometimes disappear from the inbox list. I swear it happens! And I'll read an email on my Mac, and see it still unread on the iPhone minutes to an hour later... I hope that's fixed too...
Apple asks the receiver for their public key (or has it stored already, since it is public), sends it to you. You encrypt with the receiver's public key. The receiver decrypts with their private key.
I'm with you, but Apple and the NSA do't care either, all they are doing is suggesting that it is not impossible to crack open the system should it be required at any stage and start farming data.
Then all that happens after that is the farmed data is analysed by super computers (or some form of powerful platform) to extract meaningful trends and intelligence from a gazillion items of uselessness.
Then if anything significant comes up, they would start working backwards to to determine who, what, where, when, how and chase up those leads and start investigations.
So unless your up to no good, no one cars about sexting, and personal matters and that data will effectively remain anonymous due to the shear size of farmed data making even a disgruntled NSA employee glaze over just thinking about exploiting it.
I don't really see the point of this issue regarding imessage. I'm sure that if apple wants to, it can push an update to all iphones that transforms them in excellent spying devices. Certainly google can do the same with android and samsung with smart tvs. They just have no interest in doing so.
V.
V.
So, just for the record, you do have something to hide? I thought so.
----------
And when you close them, you have something to hide. Pretty simple, really.
----------
Exactly not the case. If someone says they have nothing to hide, at the same time as closing curtains in their house, they are hypocrites.
----------
Yeah, well that means Sweet Fanny Adams. If I plant a few hints in the right places that you're a potential terrorist, people will be crawling over your private life.
So, even if someone else, even the NSA, has access to the public keys on the server, whether it's Apple's server or anyone else's, they still could not decrypt the message I send, or a message sent to me. What's all the uproar about?
----------
You are, probably intentionally, conflating two different types of privacy. My privacy (modesty) inside my house is not the same as expecting privacy when I spew something out over the World Wide Web.