Cryptography Experts Recommend Apple Replace its iMessage Encryption

[Tech198]

"simpler" doesn't always imply security..

"It is simply easier just to replace the QR code with another printed on a sticker to sit ontop of the original QR code."

https://penturalabs.wordpress.com/2013/10/07/can-qr-codes-really-be-hacked/
https://penturalabs.wordpress.com/2013/10/07/can-qr-codes-really-be-hacked/
Apple should make iMessages stronger though

 

[gnasher729]

Even if they patch it in iOS 9 or 10 how does that help iMessage users who can only run previous iOS versions?
I'm not going to go out and buy a new computer or phone just to have the latest patch.

There was one recommendation that should be easy to implement, backward compatible, and help everyone.

The encryption starts with one publicly available key that is used by everyone. That key is publicly available, but supposed to be uncrackable. If it _is_ cracked, any communication in the past where the complete communication had been recorded and that used this key would be compromised. Easy change: Change that key say once a day. That way, _if_ it gets cracked, only communication on that day would be compromised. Imagine a crack would require faked certificates that can be detected, plus bribing someone at Apple who compromiss their servers, which can also be detected. So basically a crack that only works _once_. Currently that would potentially compromise lots of historical conversations. With the key changing daily, it would only compromise one day. More than 100 times improvement.

 

[Tech198]

...and iOS would be busy getting the updates one every 24 hours.....+ how many server would it be spread over, otherwise server would hammered with everyone trying to get the same file at the same time... You may as well call that a DDos

 

[jsavvy]

Both facebook and whatsapp are now using the signal protocol for end to end encryption. Not a big fan of either of these platforms but the signal protocol is legit...no one is reading those messages. Of course the best option is to run your own messaging server with end to end encryption.

 

[nt5672]

Do you have any supporting evidence of this?

I've heard about MS making Steam's life difficult on Windows and trying to push everything over to the Windows Store, but I haven't see anywhere that Apple is also trying to do this.

Only the continued merging of iOS and MacOS, the increasing security of the Mac moving towards not allowing non-signed software to be installed, and the fact that the ways to bypass these limitations have no UI. IMO, in the next 5 years and for the users protections, you will not be able to install non-signed software on the Mac and will have to buy all programs through the Apple Mac App Store. That is if there is still Mac hardware. At least today that is what past changes are pointing to. The Apple mac store is failing, Apple's way to correct that is to force cloud and App Store. People like Apple hardware, and Apple has given no indication it won't use the hardware to prop up their services and cloud offerings. Everyone else is doing it, look at Adobe Creative Cloud, you can no longer buy a computer install Adobe and have a system that allows access to old projects and designs. You have to pay a subscription and you may or may not have access to old versions, it is at Abobe's discretion, not mine.

 

[CarlJ]

Have some respect for THAT name please

Could be his next door neighbor. There's more than one person with that name.

 

[CarlJ]

Both facebook and whatsapp are now using the signal protocol for end to end encryption. Not a big fan of either of these platforms but the signal protocol is legit...no one is reading those messages. Of course the best option is to run your own messaging server with end to end encryption.

The problem with rolling your own for anything related to encryption is the high likelihood of making a mistake. Almost always happens when people write their own encryption protocols, but can happen outside the protocol level too (e.g. run extremely secure encryption protocol, but the server is hackable in some other way).
[doublepost=1471217686][/doublepost]

You realize that Apple and many other tech companies willingly cooperated with the NSA's Prism data collection program right?

Don't be an iSheep, it'll blind you.

http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/

Got any other sources besides the NSA slide to back up your "willingly cooperated" assertion? There was considerable talk at the time that they added Apple to their list because they had found a way to listen in to some of Apple's traffic, not because Apple cheerfully signed on the dotted line. And using cutesy terms like "iSheep" just makes you look heavily biased.

 

[springsup]

"simpler" doesn't always imply security..

"It is simply easier just to replace the QR code with another printed on a sticker to sit ontop of the original QR code."

https://penturalabs.wordpress.com/2013/10/07/can-qr-codes-really-be-hacked/
Apple should make iMessages stronger though

Was that a reply to my post? Because it doesn't apply - the QR code is shown on the screen. Nobody is going to place a sticker on top of your friend's screen without somebody noticing.

The QR code is actually good for this. It bypasses software-controllable networks by encoding the key as a picture and using the camera. Basically it's being used as a one-off unhackable data transfer with somebody who is physically present.
[doublepost=1471218003][/doublepost]

You realize that Apple and many other tech companies willingly cooperated with the NSA's Prism data collection program right?

Don't be an iSheep, it'll blind you.

http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/

The NSA programs involve both "voluntary" (i.e. Obeying court orders) and non-voluntary co-operation. The NSA was snooping on Google's internal dataflows. It's possible they were doing something similar to Apple. We don't know.

It's hard to fault any of these companies for "co-operating" with a legal agency acting within their remit. If you have a problem with the NSA, take it up with Congress, not with Apple.

They fight the NSA when they can (and they've backed this up with actions, even though many criticised them for it). Ultimately though, Apple can only follow the law. Congress writes it.

 

[miniyou64]

Could be his next door neighbor. There's more than one person with that name.

We both know that's not what he meant especially with the title after it. Try again.

 

[sudo1996]

John Hopkins is a renowned medical school in Baltimore. What makes them the experts on cryptography?

Is it so unbelievable that there are crypto experts not in a school known for computer science? Or is it just unbelievable that Apple could make a mistake?
[doublepost=1471222739][/doublepost]

Only the continued merging of iOS and MacOS, the increasing security of the Mac moving towards not allowing non-signed software to be installed, and the fact that the ways to bypass these limitations have no UI. IMO, in the next 5 years and for the users protections, you will not be able to install non-signed software on the Mac and will have to buy all programs through the Apple Mac App Store. That is if there is still Mac hardware. At least today that is what past changes are pointing to. The Apple mac store is failing, Apple's way to correct that is to force cloud and App Store. People like Apple hardware, and Apple has given no indication it won't use the hardware to prop up their services and cloud offerings. Everyone else is doing it, look at Adobe Creative Cloud, you can no longer buy a computer install Adobe and have a system that allows access to old projects and designs. You have to pay a subscription and you may or may not have access to old versions, it is at Abobe's discretion, not mine.

Wait a second. You can run signed software that isn't from the Mac App Store. Steam, its developers, and other devs can get their software signed. If Apple disallowed it, literally nobody would use a Mac anymore.
[doublepost=1471222961][/doublepost]

Whatsapp does allow you to verify keys through QR codes.

View attachment 644856

Also, they claim calls are encrypted. I'm not sure if FaceTime calls are.

That's cool, but WhatsApp isn't open-source, so it's still suspect.
[doublepost=1471222995][/doublepost]

OK, it's somewhat disconcerting that they were able to retrospectively decrypt certain content. But iMessage certainly isn't a "secure messenger" (like Threema or Signal). Yes, it offers end-to-end encryption, but you're not even able to verify that you're actually using your conversation partner's public key to encrypt your messages (hi there, man in the middle). It surely doesn't come as a surprise that you probably shouldn't use iMessage (or WhatsApp, for that matter) if you care about security.

I always post this comment on security articles. Glad someone else gets it. This is what we need:
- Client that is heavily scrutinized by the community. This basically means it has to be open source and that people are checking to make sure the source compiles to the binary that is distributed.
- MANDATORY client-side public key exchange (no going through the server)... maybe with a QR code like in WhatsApp.
- Latest and greatest encryption methods.
People keep pushing that sketchy-looking app Telegraph, but it fails the last two requirements, maybe also the first... and it's from Russia, haha.

 

[Jess13]

Apple was notified of the issue as early as November 2015 and patched the iMessage protocol in iOS 9.3 and OS X 10.11.4 as a result. Since that time, the company has been pushing out further mitigations recommended by the researchers through monthly updates to several of its products.

However, the team's long-term recommendation is that Apple should replace the iMessage encryption mechanism with one that eliminates weaknesses in the protocol's core distribution mechanism.

It seems Apple is going to be also open to their long-term recommendation.

 

[Sasparilla]

OK, it's somewhat disconcerting that they were able to retrospectively decrypt certain content. But iMessage certainly isn't a "secure messenger" (like Threema or Signal). Yes, it offers end-to-end encryption, but you're not even able to verify that you're actually using your conversation partner's public key to encrypt your messages (hi there, man in the middle). It surely doesn't come as a surprise that you probably shouldn't use iMessage (or WhatsApp, for that matter) if you care about security.

I agree, however they are very different messaging experiences for the user. Signal and Threema, like you said, are much more secure. But you give up some usability with Signal for example. I backup my iPhone, switched to a different one, restored the backup and none of my Signal conversations or contacts were there anymore, by design. I re-added the contacts easily, but its another step. Its seriously secure, the only place to see the original conversations and connections was on that original iPhone and if you wipe it, they're gone. Every conversation is to another Signal user - no spur of the moment conversations to Jim down the street on his Android who doesn't have Signal. I use Signal with my Android connections, but I was a bit bummed about loosing the past ones when going to a new phone.

iMessage still gives your past conversations when you restore to a new phone. Your messages to other iPhone's can be encrypted (blue conversations) and Apple has hired the guy who created Signal to help them tighten things up - good show there. iMessage also lets you do messages to our non iMessage connections that are unencrypted and keep those conversations as well.

If Apple had iMessage ported to Android, I'd probably use that for my Android connections (and I'd have my past conversations etc. on restores), because it'd give me pretty good security with an easier user experience. It's probably better Apple hasn't ported to Android as they'd become target number 1 (even more than now) for a legislated back door for the FBI / Administration (and I'd expect Clinton to be worse and Trump to be worse than her for govt surveilance). So I'll continue to use Signal for my Android contacts and look forward to Apple tightening down the hatches on iMessage in the mean time. JMHO...

 

[A MacBook lover]

Is it so unbelievable that there are crypto experts not in a school known for computer science? Or is it just unbelievable that Apple could make a mistake?

https://forums.macrumors.com/thread...ts-imessage-encryption.1987985/#post-23237148

 

[hiddenmarkov]

...and iOS would be busy getting the updates one every 24 hours.....+ how many server would it be spread over, otherwise server would hammered with everyone trying to get the same file at the same time... You may as well call that a DDos

actually its called improved security. And apple does break up the servers already. On new phones and with major iOS revisions my phone says oh in japan...and gives me that for the store. I put in my account info and it goes oh this id is no good for the Japan server and redirects me to apple US servers.

Also its a small packet. Pokémon go servers push out and receive more requests/data and haven't burned up from the load lol. Apple does this as well...you, me, and the rest of the apple using world ping servers often. If auto update turned on it polls apple servers quite frequently. read xml (guessing this the format it stores the basic stuff like app versions in), compare values.

if values same do nothing
if values different, update phone to say hey you have a new update for an app.


Also chance of massive requests at the same 24 hr check in time is very improbable. Assuming clock starts on hard reset and the initial comm check on reboot (most logical time to mesh with the server for a key/change if needed) yours and many others last iOS associated phone reset would have to be around 1815 last Friday on Japan time to be synced with me. 20 million in the states, 20 million in Europe...all had to update at 1815 in Japan (japan is +9 ZULU/GMT). You all can work that out from your own TZ's lol.



Or this checkin time could quite readily be seeded via PRNG (pseudo random number generator). Part of the John Hopkins dings...regular occurrence. PRNG mixes this up a little. Some times will be the same maybe, PRNG depending on how implemented can not be so random but it will prevent 1 billion iphone users slamming the same server at once for sure.

 

[macsrcool1234]

John Hopkins is a renowned medical school in Baltimore. What makes them the experts on cryptography?

Well, they cracked iMessage.

 

[CarlJ]

We both know that's not what he meant especially with the title after it. Try again.

My apologies. You quoted (understandably) out of context, I did not look up the original.
[doublepost=1471232268][/doublepost]

Well, they cracked iMessage.

Cracked? Pretty heavy oversimplification. Security is a process, not a checkbox.

 

[Robert.Walter]

Familiar with 'on a bike'. On a stick is new to me, what does it mean?

Stick is a euphemism for cross.

 

[DCIFRTHS]

I suspect it will only become more problematic now that Apple pours so much code and complexity into iMessage with all these features in iOS 10, particularly iMessage apps, instant previews (e.g. weblinks) and visual effects (there have been some critical security bugs in Apple’s media frameworks recently).

This has concerned me from the first time I saw the demos of the new "features" in iMessage.

 

[macsrcool1234]

[doublepost=1471232268][/doublepost]
Cracked? Pretty heavy oversimplification. Security is a process, not a checkbox.

 

[sinoka56]

I think iMessage was one of the first to have end to end encryption. Now that technologies for breaking that are being funded by governments it makes sense that apple open to others finding ways to close those holes.

I still believe apple is the only major software maker to implement systems that don't have backdoors and should be used without any fear compared to android or Skype or even iOS apps that claim to be secure.

and it wasn't apple who helped bust the kickass torrent site owner. /s

https://www.engadget.com/2016/07/21/kickasstorrents-apple-facebook-homeland-security/

 

[hachre]

It's more than just a medical school.

Jesus ****ing christ on a stick we're less than three comments in and 2/3 of them are dismissing this out of hand because it's not a 100% positive Apple story but a constructive criticism of how they can improve weaknesses in their cryptography.

It's true. The fanboyism has insane proportions and the same behavior/thought patterns also cause the always-same ******** politics that we have to endure every 4 years.

 

[Keane16]

Jesus ****ing christ on a stick we're less than three comments in and 2/3 of them are dismissing this out of hand because it's not a 100% positive Apple story but a constructive criticism of how they can improve weaknesses in their cryptography.

You mustn't visit the forums often. Pretty much everything from all companies on these forums get that treatment. Sad really.

Also to be fair, the person you were responding to asked a simple question.

 

[CFreymarc]

John Hopkins is a renowned medical school in Baltimore. What makes them the experts on cryptography?

There is a lot more to the campus than a medical school.

 

[S.B.G]

The team also discovered that Apple doesn't rotate encryption keys at regular intervals,

That part seems slightly lazy by Apple. Couldn't something like this be automated by a server or application? Is there any positive reason for not doing so?

 

[kemal]

Just break into Apple's servers or intercept the TLS certificate and have the private key so you can generate the symmetric key. No problem. I have the code right her in my internet enabled toaster.