Apple reiterates it can’t read your iMessages even if it wanted to

By , Oct 18, 2013

iOS 7 (Messages 005)

Yesterday’s report by Quarkslab, a penetration testing company, has caused quite a stir among privacy watchers as iOS hacker Pod2g and Quarkslab’s team of researchers claimed at the Hack the Box conference in Kuala Lumpur they had successfully intercepted iMessage exchanges, indicating Apple has access to the public keys used to encrypt communication.

Given the ongoing NSA scare, Apple was quick to go on the record to dispute the claim, arguing end-to-end encryption employed to protect eavesdropping on iMessages communication is so secure that even the company itself cannot decrypt it…

John Paczkowski of the well-regarded AllThingsD blog has a written statement contributed to Apple’s spokeswoman Trudy Muller:

iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.

In other words, Apple would need to re-engineer the entire backend powering the iMessage service in order to read your messages.

“Apple can read your iMessages if they choose to, or if they are required to do so by a government order,” QuarksLab wrote in its white paper. End-to-end encryption be damned, QuarksLab warns the biggest weakness is in the Apple-controlled key infrastructure.

They posted a video detailing the process, have a look.

“They can change a key anytime they want, thus read the content of our iMessages,” reads the white paper. My take: we’re just going to  have to trust the provider – in this instance Apple – that it won’t read our iMessages or give their public key to the government.

iMessage_mitm3_quarkslab

With great power comes great responsibility.

If you remember the June report based on data leaked by the NSA whistleblower Edward Snowden, the NSA had apparently teamed up with the biggest names in technology on its PRISM data mining program.

Shortly after the scandal blew up, Apple issued a statement on government information requests, saying it was unable to access or decrypt iMessages.

For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.

A report earlier in the year lent the claim an aura of credibility after a leaked memo by the United States Drug Enforcement Administration had cautioned that it was impossible for DEA agents to “intercept iMessages between two Apple devices,” even with a court order approved by a federal judge, due to strong iCloud encryption.

What’s your take?

Is iMessage secure enough for mainstream use and are you concerned about the government reading your message exchanges?

Chime in with your thoughts down in the comments.

  • Share:
  • Follow:
  • chumawumba

    Sure…

  • CA$H

    NSApple

    • CC-Dog

      It would be a good name for an Objective-C class.

  • Bradley Wyatt

    I dont believe it

  • omrishtam

    oh no…apple read my sms i sent to my mom ….SHIT!

    • therealjjohnson

      Yeah…but this about iMessage and not…nm

    • Freddy Born

      Exactly… Like people are that interesting

      • xSeriouSx

        Precisely! People are no more interesting than the jews Hitler found from the head office’s list, which was intended to just keep a note of all the citizens, but got used by Hitler to find jews and torture them….oh wait.

  • TrippleG

    Yes they can read all your stuff… It’s so obvious that they would try and defend themselves ….they even try to defend themselves with the whole NSA exposure ,even when they are on on it ….NOLUV

    • Rowan09

      Prove it? If they’re saying they can’t and we have no proof they can how can you be so sure? As the article stated they can read your iMessage if they restructure how iMessage is done now, other than that they said they can’t do it. Wouldn’t it be easy to prove if they’re lying?

      • Aerobahn

        Tinfoil hatters don’t need proof.

      • Itsme2033

        That type of dismissal used to work prior to Snowden, but now it doesn’t take a tinfoil hatter to suspect that the government can intercept anything. The burden of proof now rests with the providers to show that their systems are on the up and up, not on the people who rightfully suspect that the government is listening.

      • dialogueanalog

        see the video above.

      • Rowan09

        I saw the video but not sure what it’s saying. The article said they need access of the phones using this method so I’m not sure what that mean.

      • dialogueanalog

        what they basically showed is that they can program to see your message and change it. the message gg sent to pod2g was modified.

      • Rowan09

        So are they saying they can do it Apple can as well? I’m confuse because it states you need the physical device.

      • dialogueanalog

        apple can do it if need be. they created the beast, they can control it.

      • D R

        First, publishing a press release saying “we can’t read your messages” has no real legal weight. If you find out a month from now Apple has been reading your messages, you are unlikely to win any damages if you sue them, primarily due to the TOS you agreed to to use iOS/MacOSX/iMessage

        Second, (which I think is likely) I read it more like “we don’t have a service that actually decrypts the data”, but the NSA simply requests both the decryption key and the encrypted data [both of which Apple has], and decrypts it themselves. Basically, it’s “We don’t do it ourselves”. The usual half-truth, whole lie thing your mother would slap you for when you did it to her.

        A real world test of this situation would be a civil lawsuit between, say, a couple divorcing, where one person gets a judge to subpoena Apple for the Message data/decryption keys for the other person and see what you can get from Apple.

  • Anthony Lara

    Who cares though? I’m pretty sure apple has more important things to do than to read your sexts.

    • jocastro

      well, it can present a problems, if apple can read you messages, then obviously other people can read them also. Think about it like this, if several people can find a way to jailbreak a iPhone just because of vulnerabilities, then what can stop a person from finding a vulnerability in Imessage. you can be surprised what you could find with just one message. it could be from locations, Your name, what you say on the message ect.. trust me… there’s a lot of people out there that don’t know what computers can do. Trust me its pretty scary what people can do will little information.

  • Rowan09

    Until proven otherwise we should accept what’s being said. I would love to see a video showing someone intercepting an iMessage.

    • therealjjohnson

      Spoken like a true sheep.

      • Rowan09

        Commented by a true idiot. I can’t believe me asking for proof is wrong. Yesterday an article came out saying it can be done with a little changing and today Apple said it’s not true they can’t read our iMessages but I should believe one and not the other because? Like all the exploits for IOS they show video proof so I’m just asking for the same thing.

      • therealjjohnson

        Don’t really care about all the other stuff you’re talking about…your statement “Until proven otherwise we should accept what’s being said” Is exactly what those in control want from the masses.

        You do know what the word “can” means right? So the company actually says they “can” do it by re-engineering the protocol but doesn’t have plans on doing that right now. How is that different from what Pod2g said originally? his quote was “Apple can read your iMessages if they choose to” And they “Can” do it whenever they choose to.

        If you “cannot” do something it means its impossible. They just explained how they “can” do it. Why is that hard for you to understand?

      • Rowan09

        Why are you arguing on “can”? I can fly if I take an airplane, I can go 200 mph if I had a faster car. The argue meant is if it’s possible to do it now in its current state, if you change iMessage then obviously it would be something different. There should be no argument at all because saying something can be done is irrelevant, what’s relevant is if it can be done in its current form and that’s a no as far as we know.

      • therealjjohnson

        Then basically you’re saying this article is useless and so was Apple’s statement it released . It really just backed up what was said the previous day. No one said they were currently reading iMessages. What was said was “Apple can read your iMessages if they choose to”. I’ve seen you post countless messages like that is not the case. That is the purpose of my response. Apple created the system. They can read them when they want to. It can be done just as was said earlier this week and just as Apple confirmed basically.

      • Rowan09

        You’re not understanding what I’m saying . Did you read what Quarkslab found out because I did and it’s very clear of intent and reason? We all know anything made can be hacked that’s common knowledge but what I’m saying is according to Apple and what Quarkslab said is it can’t be done “right now” but of course Apple can change iMessage if they want to so they can read our messages.

    • Raashid

      In other words…

  • jocastro

    who votes bullshit?

  • n0ahcruz3

    Yeah like do expect apple to say ofcourse we can read all your messages we wont deny it. Same with other companies. Theres going to be a huge backlash if they admit it.

    • Rowan09

      Why would Apple say iMessage was secure and encrypted in the first place if that was the case? Wouldn’t they just stay quite? It’s not like people are going to stop sending messages regardless of what’s said. If they kept it as only SMS it’s easy for anyone to read. I’ve been under investigation for something before wrongfully and the detectives contact my cell provider to retrieve my text and they couldn’t. Now I don’t know if it’s because Apple may actually telling the truth but they couldn’t access it.

      • n0ahcruz3

        Its their servers. And besides i give pod2g and their independent study more credibility than what apple is saying. Considering they’ve been using some dirty tactics eg. Ebook price fixing, tax loopholes etc. ofcorse what they are avoiding is consumer backlash, chinese media propaganda etc. but i care less even if they can read my imsgs or not, i dont know about other people.

      • Rowan09

        Do you even have video proof showing what was said? They also said the only way to prevent it is by end to end encryption and that’s what Apple said they have. Why would they even mention iMessage is secured in the first place if it would be this easy to figure it out? You mention tax loopholes as if it’s a bad thing, we all use tax loopholes that’s why it’s called a loophole. America was trying to charge Apple tax at the same rate for businesses in other countries that’s criminal. Amazon is a monopoly for eBooks so Apple did something with publishers to try and compete that’s the bad nature of business it’s not an Apple tactic it’s just business. Show video proof and Apple will have nothing to say that’s all I’m saying.

      • therealjjohnson

        If you mention its secure and people believe everything you say then more people will use it. The more people use it under the guise of anonymity the more information you can gather. Not saying Apple is doing this…but you do realize people dont always tell the truth right?

      • Rowan09

        I do but as you said in your statement it doesn’t mean Apple is doing this and people use iMessage because it’s faster and convenient, I can guarantee most people don’t even know it’s encrypted.

      • n0ahcruz3

        Well u dont have a video showing apple cant read imessages also. Im telling you no company is clean. May i ask? Do you work at apple?

      • Rowan09

        How exactly would you show that? I wish I worked for Apple. Did you even read what the research lab said, they said if Apple wanted to they can read your message but not without reengineer ring iMessage. In its current form Apple cannot read our messages.

      • n0ahcruz3

        You believe everything they say. Your fanboyism is strong i applaud you.

      • Rowan09

        Your arrogance is beyond belief. I own both Windows and Mac, Android and IOS so good try but you fail. You can’t just make things up and say its truth. If Apple is lying I won’t lose sleep but show me proof is all I said. People said regular SMS all the time and no one cares if it can be intercepted, so people won’t stop using iMessage either.

      • n0ahcruz3

        Dude pod2g said it himself a security hacker responsible for ios6 jailbreak contributed essential stuff for the jailbreak community. They dedicated their time finding security loopholes. Well i dont blame you if u owe apple something.

      • Rowan09

        This is not a security loophole by the way. Me asking for proof is wrong? Why do you believe him even though what was said didn’t say Apple can read or read our messages. All that was said was its possible to read if they want to and that’s all common knowledge. I’ve read over the web that if they want to read the information they would have to re-engineer iMessage from its current state. And reiterate again that even if they can read it I won’t stop sending messages to it wouldn’t change anything for me. I’m a hater but objective I need proof to hate and I don’t hate on something I don’t own.

      • n0ahcruz3

        I love imessage i use it all the time in fact i canceled my sms plan because of it. Im just saying you’ re to naive if you believe everything apple is saying. I really dont mind if they read my imsg or not. The only thing that frustrates me is when their servers are down and i cant send thru imessage.

      • Rowan09

        How am I being naive? You’re making an argument when you don’t even know the facts. I read what’s Quarkslab said did you? If Apple is being dishonest let it be proven not said. Quarkslab gave a theoretical statement that it can be done if they want to but not in its current design. We can just agree to disagree on this one.

      • n0ahcruz3

        Well all i see here is you believe everrything apple is saying.

      • Rowan09

        Because there is no proof saying otherwise that’s how you make decisions on proof. If it’s proven they are dishonest then there’s no argument but there isn’t such proof yet.

      • n0ahcruz3

        So you’re saying pod2g lied? I guess iwont be jailbreaking my next iphone because the one who was responsible of jailbreak cannot n be trusted.

      • Rowan09

        No I’m saying you’re misrepresenting what Quarkslab said, go and read what was said first before making such a statement. I read what they said so I can as I said before be an objective hater.

      • Guest

        You’re are one pathetic fool…such a disgrace to humanity.

      • shar

        I think apple very much can read your messages and their denial further proves their dishonesty, (yes they could have stayed quite but they chose not to), it is very simple, in order for “your phone/apple servers” to encrypt the message “apple” must provide you with a “known” key so only your “target’s phone” can decrypt it,
        meaning apple either already knows the key or can send you a known key if they choose to,
        so even if they are not doing it now, it certainly does not require serious reengineering to make it happen.

      • Rowan09

        How can you start your statement by saying I think and then say Apple is dishonest? I don’t know if Apple can or cannot read our iMessages but what I do know is they said they can’t and another company is saying they can with some re-engineering. Of course it’s possible for anything electronic to be hack or intercept that’s common knowledge. Let wait on the facts is all I’m saying instead of trying to make opinions facts. Read what Quarkslab said before making an opinion.

      • shar

        based on what you said yourself that it is indeed possible for apple to read imessages with quote “some re-engineering”, and apple giving out a statement with strong words such as “re-engineering needed” (portraying it as something difficult), speaks to their dishonesty without even considering if they are doing it or not, or the statement from Quarkslab. looking back at apple and their previous statements regarding information release quote “our Legal team conducts an evaluation of each request”, means if they are being asked legally (eg “we legally ask you hand over everything”) , they have no opposition against it.
        of course it is a closed system and there will never be a proof unless there comes a whistle blower like pri sm, so to think lack of concert evidence is proof to the contrary and to say apple would not do this because they said so, it is very naive or in your case biased.

      • Rowan09

        If iMessage is re-engineered the statement made by Apple would now be false, but we are speaking about iMessage in its current form. We can’t say if Apple wanted to change iMessage they can so they’re being dishonest because they can change the service. Nevertheless I don’t care if Apple can or cannot read my messages because I wouldn’t send private things through a message or on the phone anyway.

      • http://twitter.com/Aktersnurran Jesper “Aktersnurran” Linder

        I’m sorry to say this, but you’re such a moron..I don’t know if I should laugh or cry.

      • Rowan09

        Far from. Reading is fundamental idiot the video released made it clear it’s theoretical do you know what that mean?

      • http://twitter.com/Aktersnurran Jesper “Aktersnurran” Linder

        You should learn more about Apple and their cooperation with for example NSA, who collected millions of mailadresses in september from buddylists, instantessaging etc..iMessage is a instantessage, says it all, and ofc they themself can look into their own creations..

      • Rowan09

        I’ve read up on the NSA etc, people are late I’ve been talking about giving away civil liberties since 9-11-01. Apple, Google, Microsoft, Facebook, etc all give information when needed that’s what the American people asked for which is dumb but hey. In regards to the iMessage situation the report which is the only proof we have states it’s theoretical and Apple can read you iMessages if it wants to, but not the way the current system is built. Can Apple make a system where they can easily read our messages, sure we not kids here we all know that, but according to the reports currently it cannot be done.

  • Royce Otero

    Is FaceTime also seen by apple?

    • Rowan09

      According to Apple no until proven otherwise we just have to accept what’s being said I guess.

  • Eni

    Help pls..

    I try to reset my security questions becose i forgot them but i cant find the reset email anywhere :/ it’s wird becose my rescue email ends whith “.cm” … where can i change it? what i have to do plz ??

    se the screenshoot below

    • jocastro

      call apple, and have them change the email to where you want the sent email to go to.

      • Eni

        isn’t a nother way?

  • jocastro

    that almost like saying owe we own apple, but we cant look at your messages our selves, even tho we created Imessage..

  • therealjjohnson

    They don’t store this information however when i get a new iPhone my phone backs up and all my messages come back. Got it.

    • n0ahcruz3

      Lol

  • mav3rick

    Of course. If needed they’ll say the Moon is the Sun and the Earth is square. Wait until the fingerprints will show as being possible to be retrieved.

  • http://www.ioskhmer.com/ ioskhmer

    of course, they can read your message if they want to. If you scare that s.o may read your message, you should not use it. Even normal SMS, your mobile network can also read it bcos it is a store-before-sent network.

  • 超級efly

    So does it mean Apple (or Hacker) can change our message in iMessage?