Apple denies iMessage surveillance

Oct 18, 2013
10

Apple has again denied being able to read users' iMessage conversations, arguing that while it could theoretically re-engineer the IM system to gain access, it "has no plans or intentions to do so." The renewed denial comes after accusations by security researchers Quarkslab that, despite previous claims from the Cupertino company that there was no backdoor access to encrypted iMessage chat and that even the company itself was unable to read those messages, since Apple itself controls the encryption it could open up the security for its own, or government, purposes.

"As Apple claims, there is end-to-end encryption" the Quarkslab researchers said in a presentation for the Hack in the Box event. "The weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages."

Apple issued a public statement on privacy and its policies toward individual user data back in June, amid suggestions that the NSA's PRISM program had secret access to the company's servers. The degree of data security offered was two-pronged, Apple suggested. "We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order" the firm pointed out.

However, in addition to that first hurdle, Apple also claimed that law enforcement services couldn't access some data anyway, since it wasn't stored. "[We] do not store data related to customers’ location, Map searches or Siri requests in any identifiable form," the statement said.

iMessage and FaceTime data, however, does not necessarily fall into that category, though, with Apple instead pointing to the encryption it uses. "Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption" the statement explained, "so no one but the sender and receiver can see or read them. Apple cannot decrypt that data."

Unsurprisingly, Apple has reacted quickly to squash new speculation. "iMessage is not architected to allow Apple to read messages," a spokesperson told PCMag. "The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so."

According to the researcher's suggested exploit, opening up access to iMessage records wouldn't be so simple as flicking a switch for Apple. Instead, the company would have to send spoofed security keys to the message sender, intercepting the conversations and deciphering them, before re-signing them and delivering them to the intended recipient.


Must Read Bits & Bytes