Researchers Claim Apple Can Potentially Access Encrypted iMessages [Updated]

[3282868]

According to the researchers, there would be no way for an end user to detect an intercepted or rerouted message from their iOS device, as it is impossible to see whether or not a key has been switched or where a message has been routed.*The solution to the issue, to introduce true end-to-end encryption, would require Apple to store public keys on each iOS device to allow users to compare keys to verify that messages are going to the intended recipient.

Basically, Apple is a third party handling the public and private keys between devices, thus allowing them [at least] the ability for moderate control over the transmission of communication between iMessage users.

I wondered about the stance Apple took regarding the high standards in iMessage encryption. There is always a "key", and that key is linked to the developer of the system. Apple was coy regarding their statement; it would be difficult [for others] to decrypt iMessage content, yet Apple certainly has the means in doing so themselves. This begs the question, would Apple hand over decrypted iMessage content to the NSA?

The solution makes perfect sense, cut out the "middle man" [Apple] and akin to "AirDrop", simply allow devices end-to-end user communication.

 

[simonmet]

OMG! NOOOOO! Now Apple will know when I'm on my way home from work, or that I'm running a little late, so my friends should go ahead and take a seat at the restaurant.

Who cares about this stuff other than fringe people in Idaho?

It's not always the text itself that is of interest but what it says about you. When taken together with others en mass it can be used to generate a pretty realistic profile of you as a person.

 

[linuxcooldude]

Even if Apple can decrypt iMessages, thats not the primary issue. Its the people on the outside looking in that CAN'T decrypt these messages.

 

[smallduck]

story & posts have been very confusing, here's the bottom line

All iMessages up until now are encrypted with end-to-end public/private key system that means that nobody, not even Apple, can easily decrypt them. Period. This is because Apple stores the public keys, but not the private one.

The (obfuscated) point of the story is that Apple could be compelled to change the service so that it becomes a man-in-the-middle without anyone immediately knowing, and without having to push an software update. They could do this selectively to any subset of users, and would allow them to log the unencrypted messages from any point forward, but not any prior iMessages. The post here by user shawnce outlines how this would work.

If you think you're about to be a "subject of interest" of the NSA ;-) you may wish at that point to find a solution other than iMessage, one in which the public keys are in a open repository, or perhaps are managed directly by the software on either end.

 

[haplain]

Duh!

Anyone who thought there's no way to decipher what's in an "encrypted" iMessage is naive. If someone can design it, there's a way to reverse engineer it with enough time. The kind of people who think all their data is safe are the same kind of people who thought they could anonymously buy drugs on the silk road (dark web). Yeah bit coin are untraceable as was the silk road... which is why the FBI rolled super hard on the founder of that website on a walk in a park in SF. Nothing is secure, it's only secure for a period of time. In 5 years computers will advance so much they will easily rip through encryption's like this. It's the same reason why passwords require alpha numeric and symbols these days. Years ago just text was fine because computer couldn't break those passwords. Today that's not the case. Brute force computing is very doable with some of the computers produced today. Don't fool yourself by thinking anything out there is safe. If the government, or a hacker wants to know bad enough, the information will be uncovered. Sorry folks the only way your secrets stay safe is don't have any (joke).

 

[dumastudetto]

There is nothing to worry about here. Apple has forever stood behind protecting its loyal customers from abuses, be it government or corporate. Move on and forget this.

 

[shawnce]

The solution makes perfect sense, cut out the "middle man" [Apple] and akin to "AirDrop", simply allow devices end-to-end user communication.

well only sort of ... you would have to trust the text rendering subsystem, the display subsystem, string subsystem, crypto subsystem, private key storage subsystem, etc. that Apple provides to not grab the decrypted messages. ...of course you also have to additionally trust that the device is still in the hands of the intended recipient or that the recipient doesn't have someone looking over the their shoulder, etc.

If you don't trust Apple to exchange public keys honorably you likely shouldn't trust Apple in other places... (replace Apple here with your vendor of choice) ... of course the fewer in betweens the better in terms of what you have to trust but that comes at a cost of filling in that gap (how to exchange keys) with a trust methodology of your own... to me easy of use is more important then a generally minor improvement in security for iMessage.

...personally the whole this is kinda of a tempest in a teapot. Apple is IMHO highly trustable because of moral, economic and legal implications they would face if they break that trust. (note I expect Apple could be compelled under legal pressure of governments to break trust, they don't do it easily, I am not surprised by this possiblity)

If you have things you really want to keep increasingly secure you will have to take increasing ownership of much much more of how you would convey that data.

 

[farleysmaster]

Put the tin foil hat back down.

What do you mean? When messages are intercepted it is because the mouse in the pneumatic tube has had the message removed from the bag on its back. This would obviously slow down receipt.

 

[BoulderAdonis]

This doesn't make any sense. Just because Apple manages the public keys it doesn't mean they can decrypt anything. For that you need to private keys and that's held locally on each phone. Not to say there isn't other ways round it (like backdoors in the iMessage client), but not the way this article puts it.

It absolutely does. If Alice wants to send a message to Bob - but has to ask Apple for Bob's public key, then Apple can simply send Alice *Apple's* public key. They have the private key to unencrypt the message, and then *re-encrypt* it with Bob's *actual* public key - which he can then decrypt on his end with his private key. They would be able to do this because they don't disclose the public keys.

In order for this to be secure - Bob would have to know / publish his public key - and then Alice could be sure she was encrypting it w/ a key that Bob, and only Bob, could decrypt.

 

[hayesk]

I've learned these days that anything and everything that has to do with information or data can be accessed by the authorities, illegal or not. We live in a surveillance state (in America). Notice how Yahoo and other service providers are pushing user "profiles" like Facebook, so they can make profiles on all of us. Next up is obviously fingerprint scanning. The conspiracy theorists weren't crazy after all.

That's very naive and paranoid. However, it's not surprising given the NSA shenanigans going on. Fact is, unless you do have a working knowledge of security and encryption there's no basis to say that "anything and everything" can be accessed by the authorities. I can encrypt a file with 1024 bit encryption and email it directly to the NSA, but that doesn't mean they can see it.

You have to examine the technology of a service and determine on an individual basis if it is secure, and if it matters.

Why is fingerprint scanning the obvious next step? What is this going to accomplish?

LOL, I agree. I laugh at those who say it's not secure because your thumbprint is everywhere and easily copied, and then in the same breath tell you Apple is sending it to the NSA. If your thumbprint is everywhere and easily copied, then who cares if Apple sends it to the NSA. They can get it "everywhere," right?

Because they probably know more about iOS security than you.

They also have an agenda. This security expert, and I agree he is one, neglects to mention how it's possible to access your messages to multiple devices if Apple doesn't have access to the private keys. When I receive messages on my iPhone, it could be made secure using a private/public key pair generated by my phone, but then when I log into my Mac, how does my Mac access the messages without the message being decrypted by Apple, or by the private key residing on Apple's server?

Apple's server needs to have the key to distribute the message to all of my devices. The key is likely stored in a keychain encrypted with your iCloud password. It's not like it's sitting there in plain text for anyone to grab, and if you believe Apple's passing your messages around, or logging them for the NSA, well, don't use it then.

 

[katmeef]

How iMessage may work
(at a high level, various optimizations exist to avoid overhead after initial key exchange, etc)...

Bob wants to send an message to Sue.

Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.

Apple informs Sue of an message request and is handed Bob's public key.

Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.

Apple informs Bob of Sue's public key.

Bob encrypts his message to Sue using Sue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.

Apple informs Sue of Bob's message.

Sue decrypts the message from Bob using her private key.

Under this model only Bob and Sue have their private keys and hence only they can decrypt messages originating from their devices

...HOWEVER, since Apple is the mediator of the public keys between Bob and Sue Apple could give Bob a public key of their own claiming it was from Sue. This would then allow Apple to decrypt messages from Bob heading to Sue. Apple can do the same thing with Sue. Then Apple would be able to get messages from Bob, decrypt them, look at the message, then re-encrypt it before passing it along to Sue. The man in the middle model...

Bob wants to send an message to Sue.

Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.

Apple generates a private key and a FakeBob public key of their own.
Apple informs Sue of an message request and is handed FakeBob's public key.

Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.

Apple generates a private key and a FakeSue public key of their own.
Apple informs Bob of FakeSue's public key.

Bob encrypts his message to Sue using FakeSue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.

Apple decrypts message, looks at it, and then re-encrypts message using Sue's public key.
Apple informs Sue of Bob's message.

Sue decrypts the message from Bob using her private key.

Personally I trust Apple to NOT do this and favor the simplicity of their method despite a man in the middle weakness internally in their system. They could prevent this but at the cost of trust being established between Bob and Sue in a more complex and cumbersome way... not ideal for typical users of iMessage.

...personally not sure how this is news or a surprise, with the intentional simplicity and ease of use of the iMessage solution you have to assume Apple will be a good actor on your behalf...

What an excellent expiation of man in the middle attacks and public/private key exchange.

 

[illitrate23]

at what point does the paranoia get too much?
who's sending such critical/sensitive/incriminating messages? and if you're worried about the government being able to profile you, then you really shouldn't be using a mobile device, or really anything that accesses the internet without serious encryption and anonymisation. And if you're that paranoid, you wouldn't be txting via iMessage in the first place.

 

[Clubber]

at what point does the paranoia get too much?
who's sending such critical/sensitive/incriminating messages? and if you're worried about the government being able to profile you, then you really shouldn't be using a mobile device, or really anything that accesses the internet without serious encryption and anonymisation. And if you're that paranoid, you wouldn't be txting via iMessage in the first place.

The easiest way to end it is to outright ban the interception/collection of domestic originated or destined communications without a bench warrant, period. Doesn't look like our politicians are jumping to do that right now, so people have to take matters into their own hands if they want privacy from state sponsored spying.

 

[ChrisA]

Why should we believe a jailbreaker?

One does not have to "believe" anything. He proposed a scenario that could work and point out a fact that anyone could verify. The simple fact that Apple holds the keys means they could if they wanted snoop on messages.

He did not say they actually do, just that they could if they wanted.

The news here is that users don't exchange keys themselves. If that is true the system is simply not secure. This has been known for many years and it's in all the text books.

 

[V.K.]

This is just a plain old man-in-the-middle scheme

Any secure communication can have a man-in-the-middle if you don't trust the certification authority, so any SSL traffic has the same problems if you don't trust the certification authorities.

If you want really secure communication you have to verify directly the public key, or get it by hand...

So this is almost a no-news, as Apple is secure almost as SSL is

THIS! I'm no expert on encryption but from what I do know any RSA encryption scheme in susceptible to the man-in-the-middle attack and there are no totally foolproof ways to deal with this - you have to trust somebody (like the certification authority) if you want to be assured that the public key you are getting really belongs to the person you want to communicate with and not some man-in-the-middle attacker. I don't understand why storing public keys directly on end user devices as the original article suggests would change anything.

 

[FirstNTenderbit]

If iMessages is hackable and Apple claimed that the data is safe, then how are we expected to trust Apple's claim that TouchID is also safe?

I don't think anyone at Apple has reasons to lie. I think they made that statement based on the knowledge they had at the time the statement was made. Thunderhawks said it before me. Man made encryption, man can break encryption.

Is TouchID safe? Safe from what?

 

[shawnce]

I don't understand why storing public keys directly on end user devices as the original article suggests would change anything.

It doesn't really make sense... you have to have a chain of trust at every point in the exchange/use a of public key and the proposed "fix" still assumes trust of a 3rd party (at least the way it reads).

The chain of trust needs to include not just the conveyance of a public key from one person to another but also that the storage and future association of the public key back to that person by iMessage running on your device.

You still have to trust the platform/app on your device. In the case of iMessage that mean you still have to trust Apple.

 

[4nNtt]

Who cares. I trust their servers. I'd only be concerned if an average person could break the security. Even if prism logs the data, it doesn't matter if you are not hatching terrorist plots. If you are a conspiracy theorist, then use something else.

----------

Why does anyone assume that the DEA has access to Prism? I'm pretty sure they don't. So obviously they would have no way to decrypt.

 

[vanc]

This doesn't make any sense. Just because Apple manages the public keys it doesn't mean they can decrypt anything. For that you need to private keys and that's held locally on each phone. Not to say there isn't other ways round it (like backdoors in the iMessage client), but not the way this article puts it.

It does make sense. The root cause is that Apple does not have a public key server to authenticate a public key. For example, when you are chatting with a friend, you don't really know that's really your friend unless you two share some common secrets. For public key cryptography, the trust is established based on mutually trusted certificate authorities (CA). As there is no CA in the iMessage communication, you cannot prevent man-in-the-middle attacks.

Apple can simply act as the man-in-the-middle, sending its own public key to the message initiator. The initiator simply trusts the key and use Apple's public key to encrypt the message. Then Apple can use its own private key to decrypt the message, and reencrypt it with the public key of the real recipient and reroute the message correctly. Both the sender and receiver can communicate correctly, but their messages are being collected by this man-in-the-middle.

 

[vpndev]

it's all in the details

So researchers have noted that Apple manages the public-key distribution and could thereby substitute fake keys (be MITM). That's true but whether or not it would be work and/or be noticed depends upon the protocol details.

The reality is that ALL of iMessage is under Apple's control and most of the details are not public. Apple controls all the code, the keygen process, the key storage and transmission and the message transmission. So this "news" is not news - just a big yawn.

Personally, I trust Apple to do a decent job of coding, key generation, storage and message transmission. I base this trust on long-standing reputation and behavior. Occasionally Apple has made errors - we all do - but they've dealt with them well. I expect that to continue.

Move on folks and focus on the real threats to privacy. You know who they are.

----------

THIS! I'm no expert on encryption but from what I do know any RSA encryption scheme in susceptible to the man-in-the-middle attack and there are no totally foolproof ways to deal with this - you have to trust somebody (like the certification authority) if you want to be assured that the public key you are getting really belongs to the person you want to communicate with and not some man-in-the-middle attacker. I don't understand why storing public keys directly on end user devices as the original article suggests would change anything.

Not to contradict, but the issue is deeper. How do you establish "identity" and know that the person with whom you actually communicate is in fact the person you think it is? This is actually a really hard problem but tangential to the main direction of the thread.

 

[alhedges]

You can't. The point of TouchID is that they have undeniable proof that it's you using a device at any given moment and not someone else such as a friend or family member. This is vital for linking you to whatever internet activity you're engaged in or communication you might send.

Even if you didn't set up TouchID, there's no telling if the phone is capturing your print when in use so the device (and Apple/NSA) know that it's still you and you didn't just unlock the phone and hand it to someone else. Maybe the phone creates its own thumb profile of you as you use it?

You have crossed into CrazyLand.

You do know that your phone contains a microphone, two video cameras, and a voice recorder, right? So if Apple were out to get you, they could just surreptitiously record you as often as they wanted. No fingerprint required.

Because this is the argument that you are making - that Apple is going to voluntarily do everything it can to spy on you. For reasons you have failed to explain.

I'm a hardened cynic but 6 months ago not even I would've thought of such outlandish mass monitoring and profiling. Now it all seems par for the course by NSA.

The thing about being a cynic is that it doesn't require any actual thought.

 

[Ries]

So researchers have noted that Apple manages the public-key distribution and could thereby substitute fake keys (be MITM). That's true but whether or not it would be work and/or be noticed depends upon the protocol details.

The reality is that ALL of iMessage is under Apple's control and most of the details are not public. Apple controls all the code, the keygen process, the key storage and transmission and the message transmission. So this "news" is not news - just a big yawn.

Personally, I trust Apple to do a decent job of coding, key generation, storage and message transmission. I base this trust on long-standing reputation and behavior. Occasionally Apple has made errors - we all do - but they've dealt with them well. I expect that to continue.

Move on folks and focus on the real threats to privacy. You know who they are.

----------



Not to contradict, but the issue is deeper. How do you establish "identity" and know that the person with whom you actually communicate is in fact the person you think it is? This is actually a really hard problem but tangential to the main direction of the thread.

NSA tells apple CEO to provide them with the ability to decrypt messages and not tell anyone or go to jail for the rest of thier life'ish. They did it to google, microsoft and lavabit. You think apple dodged that?

 

[TheKrs1]

How iMessage may work
(at a high level, various optimizations exist to avoid overhead after initial key exchange, etc)...

Bob wants to send an message to Sue.

Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.

Apple informs Sue of an message request and is handed Bob's public key.

Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.

Apple informs Bob of Sue's public key.

Bob encrypts his message to Sue using Sue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.

Apple informs Sue of Bob's message.

Sue decrypts the message from Bob using her private key.

Under this model only Bob and Sue have their private keys and hence only they can decrypt messages originating from their devices

...HOWEVER, since Apple is the mediator of the public keys between Bob and Sue Apple could give Bob a public key of their own claiming it was from Sue. This would then allow Apple to decrypt messages from Bob heading to Sue. Apple can do the same thing with Sue. Then Apple would be able to get messages from Bob, decrypt them, look at the message, then re-encrypt it before passing it along to Sue. The man in the middle model...

Bob wants to send an message to Sue.

Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.

Apple generates a private key and a FakeBob public key of their own.
Apple informs Sue of an message request and is handed FakeBob's public key.

Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.

Apple generates a private key and a FakeSue public key of their own.
Apple informs Bob of FakeSue's public key.

Bob encrypts his message to Sue using FakeSue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.

Apple decrypts message, looks at it, and then re-encrypts message using Sue's public key.
Apple informs Sue of Bob's message.

Sue decrypts the message from Bob using her private key.

Personally I trust Apple to NOT do this and favor the simplicity of their method despite a man in the middle weakness internally in their system. They could prevent this but at the cost of trust being established between Bob and Sue in a more complex and cumbersome way... not ideal for typical users of iMessage.

...personally not sure how this is news or a surprise, with the intentional simplicity and ease of use of the iMessage solution you have to assume Apple will be a good actor on your behalf...

Excellent response. Thanks very much!

 

[iapplelove]

i'm not worried

 

[gnasher729]

I agree such mass surveillance seems silly on the face of it, but the point is the digital world in which we live makes it possible where it simply wasn't possible before.

You missed my point. Someone claims that Apple could be spying on you using method X, and everybody gets all excited about it. When in reality any maker of phone devices who doesn't care about laws, ethics, reputation etc. could spy on you easily without leaving any traces.