MailIcon

Last month Apple confirmed that it would soon beef up encryption for iCloud email following a report detailing security flaws in major email services. While Apple previously encrypted emails sent between its own iCloud customers, now the company has enabled encryption for emails in transit between iCloud and third-party services for me.com and mac.com email addresses. 

The change is documented on Google’s transparency website that shows the percentage of emails encrypted in transit for both inbound and outbound email exchanges (pictured below):

iCloud-email-encryption

Apple is yet to make an official announcement for the changes.

The change is a welcomed one for users following several media reports noting that Apple was one of the last global email providers based in the US not providing encryption for email between providers. However, there are already reports that Apple’s method of encryption might not be as secure as security experts hoped. A translated report from Heise.de, which examined the new methods of encryption, notes that Apple is using the RC4 encryption algorithm that it claims leaves much to be desired in terms of possible eavesdropping. A security researcher we spoke to said RC4-128 (which is the version of RC4 Apple is believed to be using) is far weaker than AES-128. The researcher also noted there has been suggestions, though not yet proof, that the NSA has broken RC4-128.

We’ve reached out to Apple for a comment on the new encryption methods and will update if we hear back.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

8 Responses to “Apple begins encrypting iCloud email sent between providers”

  1. D.A.H. Trump says:

    hmmm.. I’d like to see where this goes. Glad they added some encryption, though.

  2. Rolling out this better, but weak encryption approach won’t help customer’s trust Apple. Trust in Apple is sliding fast.

    The company is now in bed with the Obama/CIA/NSA team and is gaining Apple’s support for access to your data without your knowledge of cooperation.

  3. gkmac says:

    According to the ssl-tools checker RC4 is the same encryption Google enables in Gmail server, it’s not like Apple could force other Internet servers to use something better..

    They have to use a common protocol.

    • saoir says:

      Also does anyone, and I mean ANY sentient being, believe that ANY of these major companies is not providing the NSA with a back door to their encryption ?

      The problem that has arisen now is that NONE of these organisations … my beloved Apple, Google, Microsoft and the list goes on … have any credibility on this issue left.