imessage

Following the June report claiming that several tech companies were actively participating in the NSA’s PRISM data mining program, Apple issued a statement regarding government information requests and user privacy.

In the statement, the company suggested it was unable to access or decrypt iMessage messages, alleviating fears that Apple could monitor those conversations. But according to a team of researchers, that may not be the case…

Quarkslab, a penetration testing company, said in a presentation at the Hack the Box conference in Kuala Lumpur it is actually possible for Apple to intercept messages because the company has access to public iMessage keys.

If the name sounds familiar, it’s because Cyril Cattiaux—better known as pod2g—is a security researcher there. Pod2g has worked on several jailbreaks, and jailbreak-related software, and belongs to the hacking group evad3rs.

Macworld reports:

But researchers at the Hack in the Box conference in Kuala Lumpur showed it would be possible for someone inside Apple, of their own volition or because they were forced to by a government, to intercept messages.

The company’s claim that iMessage is protected by unbreakable encryption is “just basically lies,” said Cyril Cattiaux, who has developed iOS jailbreak software and works for Quarkslab, a penetration testing and reverse engineering company in Paris.

The researchers emphasized they have no indication that Apple or the government is reading iMessages, only that it would be possible to do so.”

To encrypt iMessages, Apple uses public key cryptography, which means that every device is assigned both a private and public key. When an iMessage is sent, it requests the public key of the recipient’s device to encrypt the message.

That message is then decrypted by a private key upon receipt. But because Apple manages the public keys, it could, in theory, substitute or add a public key to intercept an outgoing message without the sender being aware it happened.

Apple has not responded to requests for comment, choosing instead to point to the aforementioned Privacy statement. But according to pod2g and company, the only way to remedy this is for it to introduce true end-to-end encryption.