imessage

Update: Fresh Apple statement added

The immunity of iMessages from government surveillance has been cast into doubt by QuarksLab security researchers presenting at the Hack in the Box conference in Kuala Lumpur.

A leaked DEA document had pointed to the impossibility of intercepting iMessages even with a court order, a point that was confirmed by an apparently categorical Apple statement:

Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.

The researchers reverse-engineered the iMessage protocol and confirmed that the claim was true. However, they identified that Apple needed to hold the encryption keys on its own servers, and that simply by changing these keys, it could enable access to the message content.

They can change a key anytime they want, thus read the content of our iMessages.

The researchers were keen to stress that they do not believe Apple is doing, or has ever done, this – but rather that it could do so if the NSA or another government agency were to require it. Only messages sent after Apple changed the keys would be accessible.

Apple has since issued a statement to AllThingsD:

“iMessage is not architected to allow Apple to read messages,” said Apple spokeswoman Trudy Muller said (sic) in a statement to AllThingsD. “The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”

This is, though, merely a weaker version of its earlier statement. Then, it said it couldn’t read iMessages, now it is saying that it could, but it would require work and it has no intention of doing so. That Apple would not willingly do so was never in doubt: the point is that the NSA could force it to. A demonstration from QuarksLab is below:

When the NSA PRISM story broke, it led to a raft of denials in what some security researchers say was carefully-crafted language. Apple, among other companies, was clearly unhappy about the secrecy imposed on it and gained permission to reveal some numbers on government requests for customer data. A meeting was subsequently held at the White House in which Tim Cook and other tech CEOs met with President Obama to discuss the issue. Details of the discussions were not made public.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

10 Responses to “Apple reiterates it cannot read user iMessages, has no plans to do so”

  1. Apple – and others – are clearly in cahoots with government and NSA. All this “clearly unhappy”, “gained permission” and secret meetings at the White House is simply more “carefully-crafted language”, in other words Smokescreen, to hide this blatant fact. If Apple – and others – did not comply with government and NSA, they would receive severe restrictions and disciplining; look what happens to those who fail to comply: Presidents Lincoln and Kennedy, Princess Diana, Michael Jackson etc. are all dead. That is the price and you will not find anybody at Apple – or others – willing to admit it, the price is too high (death).

  2. Please try to qualify your statements & articles with actual facts: a) If they say the can’t or won’t access iMessages than thats their “official” position; b) The government has “publicly” denied having access to Apple’s data; c) Allowing the government access to iMessages while denying they do publicly would only leave Apple open to legal-action plus ruin their trust with their 600+ million customers! #SoundsReallyStupidWhenYouGiveItThought #NiceTry

    • Ben Lovejoy says:

      Andre, if you read the wording of what has been said, there are no contradictions. Both Apple and the NSA have used the same wording to say they don’t have “direct server access.” Apple has said it has no intention of decrypting messages. Neither statement means the NSA can’t come along later with the court order requiring Apple to do so.

  3. PMZanetti says:

    “Apple can’t read your encrypted iMessages.”

    All I have to say is…LOL. Naiveté knows no limits in the world of the general public.

  4. Not saying they’re lying in this instance, but they also said they weren’t giving info to the NSA.