Researchers Claim Apple Can Potentially Access Encrypted iMessages [Updated]

Following the revelation of government data gathering program PRISM in June, Apple released a statement on customer privacy that suggested the company was unable to access or decrypt iMessage and FaceTime conversations.

According to researchers who presented at the Hack the Box conference in Kuala Lumpur (via Macworld), it is actually possible for someone inside Apple to intercept messages because the company has access to public iMessage keys.

imessage_ipad_mac_iphone

The company's claim that iMessage is protected by unbreakable encryption is "just basically lies," said Cyril Cattiaux, who has developed iOS jailbreak software and works for Quarkslab, a penetration testing and reverse engineering company in Paris.

The researchers emphasized they have no indication that Apple or the government is reading iMessages, only that it would be possible to do so.

To encrypt iMessages, Apple utilizes public key cryptography, which means that every Apple device is assigned both a private key and a public key. When an iMessage is sent, it requests the public key of the recipient's device to encrypt the message, which is then decrypted by a private key upon receipt.

Because Apple manages public keys and does not divulge them to users, it is not possible to verify that a sent iMessage is going to the intended recipient. Apple could, for example, substitute or add a public key to intercept an outgoing message without the sender being aware of the change, as end users do not have access to public keys.

With a public server, such as MIT’s PGP Public Key Server, the sender can at least see more information, such as whether a key has changed. At that point, the sender can decide whether they want to trust it or not if they suspect a man in the middle attack. Apple’s key server is not public, the researchers say.

"The biggest problem here is you just cannot control that the public key you are using when you are ciphering the message is really the key of your recipient and not, for example, the public key of some guy in Apple," Cattiaux said.

According to the researchers, there would be no way for an end user to detect an intercepted or rerouted message from their iOS device, as it is impossible to see whether or not a key has been switched or where a message has been routed. The solution to the issue, to introduce true end-to-end encryption, would require Apple to store public keys on each iOS device to allow users to compare keys to verify that messages are going to the intended recipient.

Earlier this year, a Drug Enforcement Agency document noted that it was impossible for law enforcement agencies to eavesdrop directly on iMessage conversations due to Apple's encryption, but it appears that Apple itself could potentially intercept those messages using public keys.

Update: Apple spokeswoman Trudy Muller said in a statement to AllThingsD that "iMessage is not architected to allow Apple to read messages," adding that "The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so."

Top Rated Comments

Zwhaler Avatar
98 months ago
I've learned these days that anything and everything that has to do with information or data can be accessed by the authorities, illegal or not. We live in a surveillance state (in America). Notice how Yahoo and other service providers are pushing user "profiles" like Facebook, so they can make profiles on all of us. Next up is obviously fingerprint scanning. The conspiracy theorists weren't crazy after all.
Score: 31 Votes (Like | Disagree)
djtech42 Avatar
98 months ago
If Apple has access to them, the NSA has access to them.
Score: 22 Votes (Like | Disagree)
Mwongozi Avatar
98 months ago
I said this on Reddit but I'll say it again here:

If Apple wanted to, or intended to, read your iMessages, why wouldn't they design a protocol that specifically allows for this in the first place?

Finding flaws in a protocol which was obviously designed to be secure and then pointing the finger and saying "See? It's all on purpose" is just crazy.

But the masses will disregard the line right at the top of this article:
What we are not saying: Apple reads your iMessages.
I certainly trust iMessage way, way more than I trust, for example, Skype, or even plain old SMS.

A much bigger problem is that iCloud backups are not stored encrypted. If you backup your messages to iCloud, Apple has no need to go to the trouble of intercepting your messages in transit.
Score: 18 Votes (Like | Disagree)
impulse462 Avatar
98 months ago
Why should we believe a jailbreaker?

Because they probably know more about iOS security than you.
Score: 13 Votes (Like | Disagree)
shawnce Avatar
98 months ago
How iMessage may work
(at a high level, various optimizations exist to avoid overhead after initial key exchange, etc)...

Bob wants to send an message to Sue.

Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.

Apple informs Sue of an message request and is handed Bob's public key.

Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.

Apple informs Bob of Sue's public key.

Bob encrypts his message to Sue using Sue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.

Apple informs Sue of Bob's message.

Sue decrypts the message from Bob using her private key.

Under this model only Bob and Sue have their private keys and hence only they can decrypt messages originating from their devices

...HOWEVER, since Apple is the mediator of the public keys between Bob and Sue Apple could give Bob a public key of their own claiming it was from Sue. This would then allow Apple to decrypt messages from Bob heading to Sue. Apple can do the same thing with Sue. Then Apple would be able to get messages from Bob, decrypt them, look at the message, then re-encrypt it before passing it along to Sue. The man in the middle model...

Bob wants to send an message to Sue.

Bob generates a private key and stores securely on his device.
Bob derives a public key from his private key.
Bob gives his public key to Apple stating he wants to message Sue.

Apple generates a private key and a FakeBob public key of their own.
Apple informs Sue of an message request and is handed FakeBob's public key.

Sue generates a private key and stores it securely on her device.
Sue derives a public key from her private key.
Sue gives her public key to Apple.

Apple generates a private key and a FakeSue public key of their own.
Apple informs Bob of FakeSue's public key.

Bob encrypts his message to Sue using FakeSue's public key.
Bob gives his encrypted message to Apple asking for it to be delivered to Sue.

Apple decrypts message, looks at it, and then re-encrypts message using Sue's public key.
Apple informs Sue of Bob's message.

Sue decrypts the message from Bob using her private key.

Personally I trust Apple to NOT do this and favor the simplicity of their method despite a man in the middle weakness internally in their system. They could prevent this but at the cost of trust being established between Bob and Sue in a more complex and cumbersome way... not ideal for typical users of iMessage.

...personally not sure how this is news or a surprise, with the intentional simplicity and ease of use of the iMessage solution you have to assume Apple will be a good actor on your behalf...
Score: 11 Votes (Like | Disagree)
djtech42 Avatar
98 months ago

So when iMessage texts go missing from time to time, or are delayed for no apparent reason, could this be a possible reason for it? (No, I don't think every time there's a missing or late message that this is the reason, but is it a possibility that when a message is delayed, it could be because it is being intercepted?)

Put the tin foil hat back down. :D
Score: 10 Votes (Like | Disagree)

Top Stories

Top Stories 57 Feature

Top Stories: Apple Event Next Tuesday, Mini-LED iPad Pro, iPhone Rumors

Saturday April 17, 2021 6:00 am PDT by
It feels like we've been waiting forever for new Apple products, but the wait is almost over as Apple has announced a media event for next Tuesday, so make sure to tune into MacRumors for full coverage of everything Apple announces. While that was the big news this week, we also got some new details on Apple's iPhone plans for 2022 and 2023 courtesy of analyst Ming-Chi Kuo, and we also saw...
flat imac 3d 3 teal

Reliable Leaker Hints Redesigned Colorful iMac to Debut at 'Spring Loaded' Event

Saturday April 17, 2021 4:43 am PDT by
Reliable leaker known as l0vetodream has hinted that Apple may debut its rumored redesigned and colorful iMac at its "Spring Loaded" event on Tuesday, April 20. In a tweet, the leaker posted an image of Apple's logo used for marketing the upcoming event and an image of the retro rainbow Apple logo alongside the colorful lineup of G3 iMacs. Apple leaker Jon Prosser previously reported that...
third gen Apple pencil leaked video

Video of Alleged Third-Generation Apple Pencil Leaks Ahead of Apple Event

Friday April 16, 2021 6:13 am PDT by
A video purporting to be of the third-generation Apple Pencil has today been shared online, showing a glossy finish that mirrors previous leaks. New ✏️ ready to 🚢 #AppleEvent @TommyBo50387266 pic.twitter.com/s4RCDwDi5M— 漢尼斯·拉斯納 🇨🇳 (@ileakeer) April 16, 2021 The brief video from Twitter account @ileakeer, spotted by 9to5Mac, shows an Apple Pencil with a glossy finish much like the...
important battery message iphone 11

Some iPhone 11 Users Seeing Increased Battery Health Percentages After iOS 14.5 Recalibration Process

Friday April 16, 2021 6:32 am PDT by
In the sixth beta of iOS 14.5, Apple introduced a recalibration process for the battery health reporting system on the iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max to address inaccurate battery health estimates for some users. Apple said this process might take a few weeks to be completed, and now that two weeks have passed since the sixth beta of iOS 14.5 was released, some users are...
duan rui iphone 12 13 notch

New Images Show Smaller iPhone 13 Notch Compared to iPhone 12

Saturday April 17, 2021 11:38 pm PDT by
Leaker known as "DuanRui" has shared more images that could give us our best look yet at Apple's redesigned notch for the iPhone 13. The new pictures follow similar images shared by the leaker last week, but the latest shots include a comparison with the existing iPhone 12 notch. DuanRui posted three images on Twitter that apparently originate from Weibo, although source details remain...
iphone 13 pro max cads eap

iPhone 13 Series CAD Leaks Reveal Larger Camera Dimensions

Friday April 16, 2021 1:53 am PDT by
Information and alleged CADs of the upcoming iPhone 13 series, shared in a video from EverythingApplePro, indicates that Apple plans to make this year's iPhone camera module significantly bigger, likely to make way for larger sensors and sensor-shift stabilization. According to the CADs shared in the video, the iPhone 13 mini, Pro, and Pro Max camera module will all be a "perfect square."...
maxresdefault

Hands-On With Anker's MagSafe-Compatible Battery Pack

Thursday April 15, 2021 9:39 am PDT by
Anker, a company known for its range of accessories designed for Apple products, recently came out with one of the first MagSafe-compatible battery packs, so we thought we'd check it out to see how it compares to a standard battery pack. Subscribe to the MacRumors YouTube channel for more videos. Design wise, Anker's power bank looks like a typical battery pack, but it has magnets built in...
apple event spring loaded

Apple's 'Spring Loaded' Event Officially Announced for Tuesday, April 20

Tuesday April 13, 2021 9:04 am PDT by
Following an overnight leak by Siri, Apple today officially announced that it will be holding a special "Spring Loaded" event on Tuesday, April 20 at 10:00 a.m. Pacific Time at the Steve Jobs Theater on the Apple Park campus in Cupertino, California. As with all of Apple's 2020 events, the April 2021 event will be a digital-only gathering with no members of the media invited to attend in...
iphone 12 120hz thumbnail feature

LTPO Displays Supporting 120Hz Refresh Rates Again Rumored for iPhone 13 Pro Models

Friday April 16, 2021 10:01 am PDT by
The two higher-end "iPhone 13 Pro" models that are coming in 2021 are expected to use LTPO display technology to enable 120Hz refresh rates, according to display analyst Ross Young. Young reaffirmed the detail in a tweet that said he'd heard rumors about only one model featuring LTPO, which he says is inaccurate. Heard some rumors in the industry and media that there would only be one ...
apple music

Apple Music Tops Spotify With One Cent Paid Per Stream

Friday April 16, 2021 6:44 am PDT by
In a letter slated to be shared with artists today through the Apple Music for Artists dashboard, obtained by The Wall Street Journal, Apple has reportedly revealed that it pays music rights holders one cent per song streamed on Apple Music. The report claims that Apple Music's payment structure is thus roughly double what Spotify pays music rights holders per stream, which averages to about ...