An app that I can use to contact my friends/relatives. I don't think anyone on my list of contacts would have this.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researchers Claim Apple Can Potentially Access Encrypted iMessages [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
An app that I can use to contact my friends/relatives. I don't think anyone on my list of contacts would have this.
I know
The company's claim that iMessage is protected by unbreakable encryption is "just basically lies"
I believe this.....
The company's claim that iMessage is protected by unbreakable encryption is "just basically lies"
I believe this.....
You're exactly correct. If Apple had an interest in reading your iMessages, why encapsulate them in a secure protocol? Look at Gmail. Google reads every email you send and receive to create a better profile for targeted ads. There's no end-to-end encryption in Gmail because that just makes Google's job harder.
Receiver send its public key to Apple. Apple send its public key to sender. Sender encript message using Apple public key and send message to Apple. Apple decript message using its private key, reencript message using receiver public key and send message to receiver. Receiver decript meaage using its private key.
uh oh...now Apple can read all about the napping habits (or lack thereof) of my kids; what dinners we are planning; what vegetables we got at the CSA...
but on a serious note, as others have pointed out, it could just be a flaw and not something Apple was interested in, though who knows.
but on a serious note, as others have pointed out, it could just be a flaw and not something Apple was interested in, though who knows.
Who cares.
People keep going on about security but truth is in this age you will have registered for something somewhere and your details are out there, theres no going back.
If you have something so important and top secret its likely your not going to text it to someone. We never used to worry about it being intercepted but the threat thats always been there we dont seem to consider anymore is .... Whos reading the message on theother phone. You dont lnow its the intended person.
If Apple want to read my messages then by all means they can waste their life. If it makes them tingle in private places to invade my privacy then good for them but I've more important stuff to be doing.
People keep going on about security but truth is in this age you will have registered for something somewhere and your details are out there, theres no going back.
If you have something so important and top secret its likely your not going to text it to someone. We never used to worry about it being intercepted but the threat thats always been there we dont seem to consider anymore is .... Whos reading the message on theother phone. You dont lnow its the intended person.
If Apple want to read my messages then by all means they can waste their life. If it makes them tingle in private places to invade my privacy then good for them but I've more important stuff to be doing.
Since when did anyone really believe using iMessage was designed to be a secure form of communication for transmitting highly sensitive information?
Good, catch, thanks. Just goes to show that anything isn't secure unless it's direct pier-to-pier.
Not exactly. The source of the key is the problem. Apple can generate weak key pairs or key pairs which allow multiple recipients.
Researchers of what?
These people just don't get public key cryptography, I think they don't get cryptography at all and just say some buzzwords with some misconceptions.
Apple has public keys of every iMessage user, and that's OK, that's why they are PUBLIC. Public key crypto has two keys, private and public. "you" have the private, anyone has the public.
With Public Key crypto, you need to trust at least one organization, so when you as for "John's public key", that organization gives you the real public key for "John", and not "Lester" Public key.
Don't trust Apple? That's OK, don't use their service.
These people just don't get public key cryptography, I think they don't get cryptography at all and just say some buzzwords with some misconceptions.
Apple has public keys of every iMessage user, and that's OK, that's why they are PUBLIC. Public key crypto has two keys, private and public. "you" have the private, anyone has the public.
With Public Key crypto, you need to trust at least one organization, so when you as for "John's public key", that organization gives you the real public key for "John", and not "Lester" Public key.
Don't trust Apple? That's OK, don't use their service.
Now Apple will see my conversations to friends that I thought those iPhone 5C phones were silly.
A man in the middle attack would require that someone at apple create the fake public key and reroute the message to somewhere else like the NSA. So either this requires a mole/spy/whatever in Apple that is doing it without Apples knowledge or Apple would be doing this presumably through a subpoena. So yes, we have found a theoretical hole in the system. However, I would expect that Apple screens their staff and has enough safety guards built in that this would only happen if NSA was truly planing moles at Apple (which given what we know is possible I guess). I doubt that they could get a subpoena in place to actually do this legally. If the mole exists I cannot imagine that they could do this on a large scale.
The answer to that question is no. But at the same time, do you care that Apple can see you texting a loved one or a friend?
No, you should never, ever trust any corporation, more so now that we know they are all allowing government agencies to do whatever the hell they like with their data.
As far as I care, if some sad git wants to sit there reading my message asking a friend if he wants to go for a beer, then more fool them.
----
Also as a sidenote, those saying it would require Apple to have the public keys, that's not an issue for the NSA. If I'm not mistaken The Guardian confirmed that the NSA have the technology to break modern day encryption, which means public key security is pretty much pointless. Could have mistaken this however so please feel free to correct this.
Let's wait until Apple responds (and they will) before jumping off the cliff.
I believe that ANY security scheme for electronic messages, devices, software , hardware etc.etc. can be breached. Obviously it may take a long time depending on how well the security measures were implemented.
Since it was created by humans , humans can decipher things.
TLS 1.1+ is supposed to not be compromised, but that isn't what I meant. I meant when encrypting messages, don't use a third party. Really if you want security, you shouldn't keep your private keys on a computer that has ever been connected to the internet.
Here's a good article on it from the register.
http://www.theregister.co.uk/2013/08/22/guardian_snowden_advice
If iMessages is hackable and Apple claimed that the data is safe, then how are we expected to trust Apple's claim that TouchID is also safe?