Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researchers Claim Apple Can Potentially Access Encrypted iMessages [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Apple can read the messages and the NSA already cracked the keys before Apple gave it to them.
Are we surprised?
I'm not; I certainly won't be using iMessage or anything IM service for that matter if it warranted.
Though in hindsight I shall be more careful when I send pictures of my genitals cause you never know who might be curious.
Are we surprised?
I'm not; I certainly won't be using iMessage or anything IM service for that matter if it warranted.
Though in hindsight I shall be more careful when I send pictures of my genitals cause you never know who might be curious.
Everything can have a man-in -the-middle
This is just a plain old man-in-the-middle scheme
Any secure communication can have a man-in-the-middle if you don't trust the certification authority, so any SSL traffic has the same problems if you don't trust the certification authorities.
If you want really secure communication you have to verify directly the public key, or get it by hand...
So this is almost a no-news, as Apple is secure almost as SSL is
This is just a plain old man-in-the-middle scheme
Any secure communication can have a man-in-the-middle if you don't trust the certification authority, so any SSL traffic has the same problems if you don't trust the certification authorities.
If you want really secure communication you have to verify directly the public key, or get it by hand...
So this is almost a no-news, as Apple is secure almost as SSL is
OMG! NOOOOO! Now Apple will know when I'm on my way home from work, or that I'm running a little late, so my friends should go ahead and take a seat at the restaurant.
Who cares about this stuff other than fringe people in Idaho?
Who cares about this stuff other than fringe people in Idaho?
Because he clearly has crypto knowledge?
What does this statement mean? If you jailbreak you lose all credibility?
How iMessage may work
(at a high level, various optimizations exist to avoid overhead after initial key exchange, etc)...
Bob wants to send an message to Sue.
Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.
Apple informs Sue of an message request and is handed Bob's public key.
Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.
Apple informs Bob of Sue's public key.
Bob encrypts his message to Sue using Sue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.
Apple informs Sue of Bob's message.
Sue decrypts the message from Bob using her private key.
Under this model only Bob and Sue have their private keys and hence only they can decrypt messages originating from their devices
...HOWEVER, since Apple is the mediator of the public keys between Bob and Sue Apple could give Bob a public key of their own claiming it was from Sue. This would then allow Apple to decrypt messages from Bob heading to Sue. Apple can do the same thing with Sue. Then Apple would be able to get messages from Bob, decrypt them, look at the message, then re-encrypt it before passing it along to Sue. The man in the middle model...
Bob wants to send an message to Sue.
Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.
Apple generates a private key and a FakeBob public key of their own.
Apple informs Sue of an message request and is handed FakeBob's public key.
Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.
Apple generates a private key and a FakeSue public key of their own.
Apple informs Bob of FakeSue's public key.
Bob encrypts his message to Sue using FakeSue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.
Apple decrypts message, looks at it, and then re-encrypts message using Sue's public key.
Apple informs Sue of Bob's message.
Sue decrypts the message from Bob using her private key.
Personally I trust Apple to NOT do this and favor the simplicity of their method despite a man in the middle weakness internally in their system. They could prevent this but at the cost of trust being established between Bob and Sue in a more complex and cumbersome way... not ideal for typical users of iMessage.
...personally not sure how this is news or a surprise, with the intentional simplicity and ease of use of the iMessage solution you have to assume Apple will be a good actor on your behalf...
(at a high level, various optimizations exist to avoid overhead after initial key exchange, etc)...
Bob wants to send an message to Sue.
Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.
Apple informs Sue of an message request and is handed Bob's public key.
Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.
Apple informs Bob of Sue's public key.
Bob encrypts his message to Sue using Sue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.
Apple informs Sue of Bob's message.
Sue decrypts the message from Bob using her private key.
Under this model only Bob and Sue have their private keys and hence only they can decrypt messages originating from their devices
...HOWEVER, since Apple is the mediator of the public keys between Bob and Sue Apple could give Bob a public key of their own claiming it was from Sue. This would then allow Apple to decrypt messages from Bob heading to Sue. Apple can do the same thing with Sue. Then Apple would be able to get messages from Bob, decrypt them, look at the message, then re-encrypt it before passing it along to Sue. The man in the middle model...
Bob wants to send an message to Sue.
Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.
Apple generates a private key and a FakeBob public key of their own.
Apple informs Sue of an message request and is handed FakeBob's public key.
Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.
Apple generates a private key and a FakeSue public key of their own.
Apple informs Bob of FakeSue's public key.
Bob encrypts his message to Sue using FakeSue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.
Apple decrypts message, looks at it, and then re-encrypts message using Sue's public key.
Apple informs Sue of Bob's message.
Sue decrypts the message from Bob using her private key.
Personally I trust Apple to NOT do this and favor the simplicity of their method despite a man in the middle weakness internally in their system. They could prevent this but at the cost of trust being established between Bob and Sue in a more complex and cumbersome way... not ideal for typical users of iMessage.
...personally not sure how this is news or a surprise, with the intentional simplicity and ease of use of the iMessage solution you have to assume Apple will be a good actor on your behalf...
Last edited:
If Apple has access to them, then the NSA has nothing. They don't have magical superpowers to break in everywhere.
...both of Apple's claims are accurate to context of the statements.
The iMessages going between devices are encrypted in a way that Apple or others isn't able to decrypt them (well brute force is always possible just rather impractical).
To my knowledge the only issue that in theory exists is that Apple COULD screw with the public key exchange such that they could have iMessages encrypted such that Apple could decrypt them (see my other post).
...Apple could also have their private key generation submit the private key back to them, Apple could also send the locally decrypted iMessage back to them since their software does have to display the message to the users eyes, Apple could use you iTunes account credit card information, Apple could... do a lot of bad things in their software platform.
I can fairly confidently say that Apple isn't doing ANY of this.
Last edited:
And once again, self-important people will think their conversations are actually important enough for anyone inside Apple or the govt to actually care to pay any attention to you.
Considering all of my conversations are of no interest to anybody else, I really couldn't care less if my boring unimportant messages could THEORETICALLY be seen anonymized.
And again, this is just some researcher making conjecture. Why is it that these days anyone and everyone can make any claim they want and it always makes front page news? Whether its analysts doing "supply chain checks" or "sources familiar with the matter" everyone is given equal weight apparently as long as you say something juicy about Apple.
Considering all of my conversations are of no interest to anybody else, I really couldn't care less if my boring unimportant messages could THEORETICALLY be seen anonymized.
And again, this is just some researcher making conjecture. Why is it that these days anyone and everyone can make any claim they want and it always makes front page news? Whether its analysts doing "supply chain checks" or "sources familiar with the matter" everyone is given equal weight apparently as long as you say something juicy about Apple.
iMessages isn't hackable, and the data _is_ safe. You really have to read very very carefully what this report _actually_ says.
What it says that if Apple wanted to break the law and read your messages, (and if they had written software that actually allows them to do it, which most likely they haven't because there is no legal use for it), then they _could_ read your messages. Apple could. Nobody else could.
Some locksmith put locks into your doors. That locksmith _could_ have made a copy of all your keys before putting the locks in and break into your home. Which would have been illegal. In the parlour of that report, he _can_ break into your home. Gone through MacRumors interpretation, all locksmiths regularly rob people's homes. The reality is that he _could_, but most likely he _can't_ because he didn't copy your keys.
Open source doesn't help, because you would never know that the open source code that you see is actually the code that is running on the device.
Last edited:
You're right. Jailbreakers are obviously up to no good, spreading deceitful lies and the like. Now if this had come from a normal Apple user, it would have been totally believable.
Say you want to buy a house. You negotiate with the seller. You have a limit how much you will pay, but of course you don't want the seller to know so you get it for less. You discuss this with your husband/wife. You would care very much if the seller could read your messages.
Anyone can get your fingerprint from any glass you touch at a restaurant. Or a door knob. Or a million other things.
Yup.
Apple wrote the iMessages app.
iMessages decrypts the message and displays it on the screen. It _has_ to do this. So code written by Apple has access to the message. If Apple was willing to break the law and the trust of its users and decided there is more money to make by reading your messages than by selling phones, they could.
Just like the guy installing your phone could install listening devices in your home; the phone company would have no problems listening to everything you say, your car mechanic could redirect your exhaust so that it kills you, and so on.
You can't. The point of TouchID is that they have undeniable proof that it's you using a device at any given moment and not someone else such as a friend or family member. This is vital for linking you to whatever internet activity you're engaged in or communication you might send.
Even if you didn't set up TouchID, there's no telling if the phone is capturing your print when in use so the device (and Apple/NSA) know that it's still you and you didn't just unlock the phone and hand it to someone else. Maybe the phone creates its own thumb profile of you as you use it?
I'm a hardened cynic but 6 months ago not even I would've thought of such outlandish mass monitoring and profiling. Now it all seems par for the course by NSA.
I agree such mass surveillance seems silly on the face of it, but the point is the digital world in which we live makes it possible where it simply wasn't possible before.
----------
Not someone at Apple, but the NSA could be (likely are) scanning a proportion of them for their mass monitoring, profiling and metadata collection as they are for emails.
For the same reasons we're already listening to murders, rapists, robbers and other criminals to obtain information about how they go about things to improve site security and police training.
Glassed Silver:mac
It's pretty much a given (been proven) that the US engages in corporate espionage, as do China and some other countries probably.
The general reality is the only way to improve on Apple's implementation is for two iMessage users wanting to communicate to exchange public keys directly not involving an intermediary like Apple. (for example short range blue tooth exchange, or via some other trust chain of their own)
...of course then you have to assume that Apple's iOS platform and/or iMessage app isn't grabbing the decrypted text that has to be displayed on the display, etc.
...in other words you have to trust the vendor at some point regardless! ...unless you WRITE/MAKE THE WHOLE F'N THING YOURSELF.
Last edited:
No just special access granted by a secret court that nobody is allowed to know about.
----------
Great point! I do think though that the harder you make it the less feasible it becomes to monitor the increasing global digital traffic.
I simply don't trust or believe that this mass surveillance is about national security at all. It doesn't make sense. It's likely more to do with subjugation and control of the population.
I'm keen to check out this secure app.