Researchers claim Apple has the ability to access encrypted iMessages

By , Oct 17, 2013

imessage

Following the June report claiming that several tech companies were actively participating in the NSA’s PRISM data mining program, Apple issued a statement regarding government information requests and user privacy.

In the statement, the company suggested it was unable to access or decrypt iMessage messages, alleviating fears that Apple could monitor those conversations. But according to a team of researchers, that may not be the case…

Quarkslab, a penetration testing company, said in a presentation at the Hack the Box conference in Kuala Lumpur it is actually possible for Apple to intercept messages because the company has access to public iMessage keys.

If the name sounds familiar, it’s because Cyril Cattiaux—better known as pod2g—is a security researcher there. Pod2g has worked on several jailbreaks, and jailbreak-related software, and belongs to the hacking group evad3rs.

Macworld reports:

But researchers at the Hack in the Box conference in Kuala Lumpur showed it would be possible for someone inside Apple, of their own volition or because they were forced to by a government, to intercept messages.

The company’s claim that iMessage is protected by unbreakable encryption is “just basically lies,” said Cyril Cattiaux, who has developed iOS jailbreak software and works for Quarkslab, a penetration testing and reverse engineering company in Paris.

The researchers emphasized they have no indication that Apple or the government is reading iMessages, only that it would be possible to do so.”

To encrypt iMessages, Apple uses public key cryptography, which means that every device is assigned both a private and public key. When an iMessage is sent, it requests the public key of the recipient’s device to encrypt the message.

That message is then decrypted by a private key upon receipt. But because Apple manages the public keys, it could, in theory, substitute or add a public key to intercept an outgoing message without the sender being aware it happened.

Apple has not responded to requests for comment, choosing instead to point to the aforementioned Privacy statement. But according to pod2g and company, the only way to remedy this is for it to introduce true end-to-end encryption.

  • Share:
  • Follow:
  • chumawumba

    Sometimes hackers are smarter than apple itself

    • Dao Sasone

      Every 1 deserves 2 no da truth

      • ✪ aidan harris ✪

        If you didn’t already know that Apple could access iMessages them you’re clearly being naive. Apple controls the hardware, the software and the services.

        TLDR; Without independent reviewing of Apples business practices it’s safe to assume Apple can and would intercept and access iMessages if required to be law.

      • Rowan09

        You can’t make a definitive statement when the article is said “Apple may be able to” not that they can. BBM is made and controlled by Blackberry yet it’s encrypted so your logic is pretty far fetched. Let’s wait until it’s proven before making definitive statements as if it’s some revelation.

      • s0me

        As long as we use the internet we will be spied from every direction possible and Apple is one of those directions.

      • Rowan09

        I agree we can be spied on and our calls are recorded thanks to us not paying attention to the Patriot Act but if there is no proof of what your implying don’t try to make it truth. Did you see the new article with Apples response?

  • Dao Sasone

    Haha. Lik I sed. Trust no 1

    • Rowan09

      It’s kind of impossible to trust no one though. You have to trust someone by default.

      • Raashid

        Quit being a dick, you know what he implied.

      • Rowan09

        Are you his girlfriend or something? I know what he implied.

      • Raashid

        Did you pick a bitch as your GF/wife just ’cause she told someone to stop being a dick to you?

      • Rowan09

        Point is I wasn’t being a dick. He made a statement as if he found out something new, the article doesn’t even say it is being done but that it may be able to be accomplished by Apple. We all know that anything electronic can be hacked or accessed, so why make it seem as if this is any different? IMessage is just more secure than SMS and from what I saw online BBM.

  • Jonathan

    So Apple took sides with the government, eh?

    • Rowan09

      Don’t know and the article doesn’t say so either.

      • Jonathan

        No, just seems like it. And why does it say that you and posted our comments 3 hours ago when I did about 10 minutes ago, and about 3 for you? :/

      • Rowan09

        I posted 2 comments for some reason and it shows 31 minutes for you and 29&24 minutes for me.

      • Jonathan

        hmm, okay. :P

    • Rowan09

      Don’t know and the article doesn’t say so either. I would like to hear what Apple says about this.

    • Raashid

      You just noticing that?

  • GuyBey0ndC00L

    Not surprising nothing is unbreakable it only a matter of time. Which time itself is the best enemy.

  • xSeriouSx

    Of course they have the ability; it’s on their servers and it’s their software! Only dummies would believe otherwise.

  • Nick Jones

    time to get messenger pigeon and then burn the message after you read it lol

    • Guest

      and burn the pigeon too…

      • Jonathan

        LOL

  • ✪ aidan harris ✪

    One thing that wasn’t mentioned in this article is iCloud. Assuming messages are backed up to iCloud rather than intercepting iMessages would it not be easier for them to just decrypt an iCloud backup?

  • Jonah

    Where there’s a will there’s a way.

  • mav3rick

    What a surprise. They can access anything from their walled garden both software and hardware.
    Wait until it will be discovered that finger prints can be retrieved…

  • hkgsulphate

    If you want 100% security, don’t use any smartphones…

  • Ted Forbes

    Wwwwwow!!!!!!!! Yeah, right like we don’t know alreadyyyyyyy!!!!!! Of cost we know and there ain’t a darn thing we can do about it.
    Let them hear what they don’t like, so there. Let them see what they like, so then.

  • Bradley Wyatt

    Apple has always said they encrypt everything so not even they can read it….