Apple's iMessage encryption claims refuted (again)

Apple's iMessage encryption claims refuted (again)

Summary: Apple has claimed iMessage and FaceTime are protected by end-to-end encryption. But encrypted to whom?

TOPICS: Apple, Security
(Image: CNET)

In June, Apple released a statement with details on the number of requests it receives from government agencies for customer records (answer: about 1,000 per month). In the statement, Apple claimed that iMessage – which lets users send free texts over Wi-Fi – uses end-to-end encryption and therefore cannot be decrypted by Apple:

For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.

The claim was almost immediately refuted by security researchers, including Matthew Green, a cryptographer and research professor at Johns Hopkins University, who wrote: "If you use the iCloud backup service to back up your iDevice, there's a very good chance that Apple can access the last few days of your iMessage history." 

More recently, researchers at the Hack in the Box conference in Kuala Lumpur showed it would be possible for someone inside Apple, either a rogue employee or one compelled by the NSA, to intercept iMessages.

iOS jailbreak developer Cyril Cattiaux (via Macworld) explains that "Apple has full control over this public key directory" trading off ease-of-use for the user for transparency about the pubic keys. Traditional public servers (like MIT's PGP Public Key Server) allow the sender to see information, like when a key changed, so they can decide whether or not to trust it.

Cattiaux explains:

The biggest problem here is you just cannot control that the public key you are using when you are ciphering the message is really the key of your recipient and not, for example, the public key of some guy in Apple.

A solution would be for Apple to store public keys in a protected database on the iOS device so that they could be compared, according to Cattiaux. A proof-of-concept application called MITM Protect was released for jailbroken devices that does just that.

Is the sky falling? No, not exactly.

Paul Kocher, president and chief scientist of Cryptography Research, tells Macworld that "People generally can’t assess or control of the risks of cloud-based services since the data is maintained on systems that can’t be audited." He goes on to say that "it isn’t fair to criticize Apple too heavily since other services aren’t better (and most are worse)."

It's simple, really. Don't say anything illegal on iMessage or Facetime and assume that the NSA is always watching. 

Topics: Apple, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • PRECISELY the reason not to use "cloud services"...

    ...if you have information that you do not want anyone to have access to, other than yourself or your organization.

    "Paul Kocher, president and chief scientist of Cryptography Research, tells Macworld that "People generally can’t assess or control of the risks of cloud-based services since the data is maintained on systems that can’t be audited.""
    • Well I suppose one could stay off the internet and hide under one's bed

      "Cloud" services simply means content stored on a server not directly under our control. Despite the hype, that's been done for a very long time. Technically an IMAP server is a "cloud service."

      So, in the end, do you participate in the on line economy or not? Strikes me that this is the fairly stark choice we make.

      Now as the article makes clear, some may do "the cloud" (if you will) better than others. It is more than apparent, for instance, that BBM offers pretty good protection, because governments all over the world have threatened to ban it if BlackBerry doesn't turn over the keys. When governments don't like a technology, that's usually a good indicator that it is fairly secure (means they can't spy on us.)
      • You're an idiot.

        As always.
        • Well, you certainly have expertise in that field

          so I'll defer to your good judgement.
      • The difference is on the scale

        Yes, IMAP email service is technically a "cloud"-style service...but that's no different than the telephone company tracking the telephone numbers you call, times the calls were made & the duration of the calls (especially back in the day, when you didn't get unlimited long-distance calls & your phone bill included an itemized list of all of the long-distance calls).

        But there's a difference between storage of "public" data (i.e. data you're sharing with someone other than yourself or a member of your family/household/roommate who has direct access to your home PC) and the storage of "private" data on a cloud-based service. Accessing the data on your home PC requires direct access to the hard drive -- whether sitting in front of your PC or utilizing a remote connection to access it (including a 3rd-party tricking you into downloading spyware to let them have access) -- and trusting your data to a 3rd-party that a) is storing it in a way that you *have* to have Internet access to access it (i.e. you can't walk into their server room, sit down at a terminal station, & pull up "your" files to read/print/edit/delete), b) is dependent not only on the user (you) utilizing "best data security practices" to safeguard the data but the provider also maintaining security over the data, and c) ultimately realizing that your data is only as safe as the provider's security protocols to prevent their own employees from accessing the data.

        The saying is that you shouldn't send an email (or post anything online) unless you don't care if the entire world can read it. I think the same thing should go for "cloud" data storage: don't store anything on the cloud unless you're 100% comfortable with the idea that someone else can access it even if you didn't want them to.
        • That's not unreasonable

          And the fact is that most of our interactions (not all, but most) are not interesting enough or sensitive enough to require it.
        • How private is your e-mail?

          So, you believe an IMAP provider only has access to the so called "traffic data"?
          Perhaps, this is what many are trying to convince you. Both these enterprises and the governments.

          Fact is, an e-mail service provider has already access to ALL of your e-mail, unless you explicitly encrypt it. Not many do. Now -- do you encrypt your e-mail when you send it?
          Do all your correspondents encrypt messages they send you?

          Most e-mail providers, do not take enough precautions to secure your data. It might also sit on backups, etc. Sadly, today most of these providers outsource lots of what is "their" core competency. For example SPAM "protection". There are plenty of service providers in that area, most of them offshore companies.. Now, in order to check your message for spam, it get's sent to their equipment (often, on your premises, but sometimes not). Nice, eh?
      • BBM is secure

        Sadly, it is not.

        Governments want to use BBM, precisely because all communications can be monitored and recorded. This is how BB gets their special deals with governments, telcos etc. In order to get their license, carriers must demonstrate they can record and track *any* communication. This is precisely why they are offering BBM services (via BES installed on their premises), not anything other.

        By the way, this was "news" on this site already, I believe with BB and the Indian government. BB was not allowed to provide any services in India, until they provided the government with access to the BES surveillance interface.
      • IMAP?

        Most IMAP implementations that I have seen do not use a public IMAP server. On the other hand, very little encryption is being used because the public generally "trusts" the pipe or, in this case, the cloud. Does anyone realize that most major cloud providers read everything you upload? I'm not guessing; they say so right on their websites (not to mention what they reserve the right to do with your data in terms of the TOS - Terms of Service). But people upload anyway. Even governed data like CJIS (which most corporate or government employees are not allowed to view), HIPAA, PCI-DSS. I would never use any service unless either I am the sole holder of the keys or the data is irrelevant (grandma's recipes, vacation photos).

        One of these days I'll write up a subpoena for data from one of the cloud providers and see how easy it is to use this technique. I'll use an administrative subpoena so I won't even need a judge to sign off. Base it on eDiscovery or some obscure law.
    • Once upon a time

      We called the thing you guys call now "the count", The Internet.

      Look how many use cloud services, including yourself, posting here, with your data on ZDnet's servers.

      It is just like laws. Inherently, humans are not compatible with obeying laws, which always require giving up privacy and freedoms. But, the only way to have that freedoms and privacy is to live alone, outside of any "society". The "laws" are the result of people wanting to be social.
      So it is all your choice.

      As for iMessage, the claim is only theoretical, so far. In theory, no service is safe, ever.
  • Jason D. O'Grady

    Time to get the tinfoil hat! ;) I understand what you are saying and I feel good that Apple is not going to go through my data.
    • Apple states that they have to re-architect the system for it to be able to

      ... read the messages.

      It is like saying that anti-buller armour is not safe because manufacturers can do a version with a whole in it and hence you will be in danger if someone shoots at you it the bullet will be able to go through the whole in the armour.

      The problem with this reasoning is that Apple did NOT architect the system in way they could manipulate the keys.
      • Then don't advertise it

        As "end-to-end encryption so no one but the sender and receiver can see or read them" since it's basically a lie.

        In your analogy, it would be the armour could make a hole wherever and whenever the manufacture wanted when a bullet shot at it, since nobody knows is the key on the directory has been replaced and intercepted by Apple or NSA, nobody can be sure that the message was actually sent from/to by the sender.

        The underline is iMessage is not secured as Apple claim to be.
        • Re: The underline is iMessage is not secured as Apple claim to be.

          There is nothing secure in this world, but Death.

          What Apple claims, end-to-end encryption, is true. How "secure" it is, is something not Apple, but YOU only can assess.

          For example, do you know "who" sent you the message? Until you have a way to verify that, nothing else matters.
      • "Apple states..."

        Sorry, but the defendant can't vouch for his own alibi. I'm not stating that this isn't true, but to base your confidence on the assertions of the accused is like letting the fox guard the hen house.

        Farmer: "Where are all the hens?"
        Fox: "Damn aliens! Whatcha gonna do?"
        Farmer: "Force field...need to get started on a force field!"
        Fox: "Yeah - that's the ticket. So when you gonna buy some more hens?"
  • Or switch

    To something like Wickr. Now available for both iOS and Android (sorry Windows). It's free in it's basic form.

    Blackberry Messenger is also coming to iOS and Android. That's worth a look.
  • Yeah, I'm easily amused.

    >> pubic keys.
    • Oops.

      Forgot we can't use certain characters here.

      Was simply wondering whether pubic keys might be used with chastity bets! :)
  • public or private key?

    "jailbreaker" guy says: "Apple has full control over this public key directory"

    who cares if they can see your public key? it's public; it's assumed an attacker can see it.

    if Alice sends Bob a message 'm', Alice compute c=m^k(mod n), where (k,n) is Bob's public key, then sends 'c' to Bob in the clear. At this point not even Alice can decrypt the cyphertext 'c' because Alice doesn't have Bob's private key. Bob then decrypts 'c' using his private key (p,n) by computing m=c^p(mod n).

    A "rouge employee" at Apple cannot manipulate the public keys and "trick" Alice into using "rouge employee's" public key. If he did that then Bob couldn't read Alice's message.

    guy from Johns Hopkins says: "If you use the iCloud backup service to back up your iDevice, there's a very good chance that Apple can access the last few days of your iMessage history."

    Now, if the iCloud back's up your messages without encrypting them then yeah, Apple can see your messages. And if Apple backups up your private key (unencrypted) as well then yes, they could read your messages.
    • Public keys are safe because of transparency

      Apple have deliberately made the keys opaque so for example, I couldnt tell if it was your public key or a hacker's that is being used to decrypt our conversation. This is why the hack works, neither of us would know if a third party was intercepting and passing on messages between us unless they changed the content.

      Secondly, if there were an employee at Apple who had a vested interest, what is to stop them from modifying an update and pushing it out to specific (or indeed all) users?
      Apple would not know until the fallout because they dont test their work on a public sample before release. If they did, they'd have known about the annoying flaws in every single iPhone model they have put out.
      Instead they rely on in-house testers who lose prototypes in bars and dont notice things like a poorly designed antenna because they had to hide that prototype in a case to 'secure' it.

      Apple fans have repeatedly bashed Linux for using 'many doors' as an excuse for its superior security but in fact it isnt secure, just unlikely to be attacked. Hiding a prototype in a case is exactly the same security model... However if I wanted to find a proto to thieve, I'd book a flight to Cupertino and hang out in bars where the likelihood of finding one isnt one in a million but significantly less...

      And lastly, it isnt Apple I'm worried about reading my secret messages. I'd not use email even with PGP for that, let alone a public messaging service with opaque security. Messages for my girlfriend, while private enough to be considered secret, do not constitute a security risk. But if I were collaborating with a colleague on my work, I'd find a more covert and user-transparent way of doing it than Apple's.

      That's just common sense isnt it?