Last month Apple confirmed that it would soon beef up encryption for iCloud email following a report detailing security flaws in major email services. While Apple previously encrypted emails sent between its own iCloud customers, now the company has enabled encryption for emails in transit between iCloud and third-party services for me.com and mac.com email addresses.
The change is documented on Google’s transparency website that shows the percentage of emails encrypted in transit for both inbound and outbound email exchanges (pictured below):
Apple is yet to make an official announcement for the changes.
The change is a welcomed one for users following several media reports noting that Apple was one of the last global email providers based in the US not providing encryption for email between providers. However, there are already reports that Apple’s method of encryption might not be as secure as security experts hoped. A translated report from Heise.de, which examined the new methods of encryption, notes that Apple is using the RC4 encryption algorithm that it claims leaves much to be desired in terms of possible eavesdropping. A security researcher we spoke to said RC4-128 (which is the version of RC4 Apple is believed to be using) is far weaker than AES-128. The researcher also noted there has been suggestions, though not yet proof, that the NSA has broken RC4-128.
We’ve reached out to Apple for a comment on the new encryption methods and will update if we hear back.
FTC: We use income earning auto affiliate links. More.
hmmm.. I’d like to see where this goes. Glad they added some encryption, though.
What’s the point of encrypting messages between providers, if each is monitored by NSA from the inside?
Well, at least nobody outside the NSA, a few other intelligence agencies, and very experienced black hats can read them now. That should account for at least something. :-p
Rolling out this better, but weak encryption approach won’t help customer’s trust Apple. Trust in Apple is sliding fast.
The company is now in bed with the Obama/CIA/NSA team and is gaining Apple’s support for access to your data without your knowledge of cooperation.
Please!
I did not mean to imply that Apple was the only company cooperating with law enforcement and national security establishments in ways that violate the 4th amendment. These companies give access to your data without your knowledge of cooperation, and many, many times without a warrant.
According to the ssl-tools checker RC4 is the same encryption Google enables in Gmail server, it’s not like Apple could force other Internet servers to use something better..
They have to use a common protocol.
Also does anyone, and I mean ANY sentient being, believe that ANY of these major companies is not providing the NSA with a back door to their encryption ?
The problem that has arisen now is that NONE of these organisations … my beloved Apple, Google, Microsoft and the list goes on … have any credibility on this issue left.