Experts debunk Apple's claim of 'secure' iMessage

It has been long suspected by security researchers that Apple's iMessage platform is not as secure as the company claims. A small group of researchers has now come out with assertions that it has solid proof that Apple and the NSA can indeed eavesdrop on your iMessages, a revelation that doesn't bode well for the Cupertino giant.

Through a careful and thorough study of the iMessage protocol, researchers have concluded that Apple has the ability to decrypt and intercept iMessages. Despite the messages being encrypted end-to-end, Apple has control over the keys needed to exchange and encrypt the messages, according to researchers.

"Yes, there is end-to-end encryption as Apple claims, but the weakness is in the key infrastructure as it is controlled by Apple: They can change a key anytime they want, thus read the content of our iMessages," according to a blog post distributed on Thursday by Cyril Cattiaux from Quarks Lab.

In its defense, Apple said the issue uncovered by security researchers is theoretical, and that iMessage was not designed to allow Apple to listen in on its customers.

"iMessage is not architected to allow Apple to read messages," said Apple spokeswoman Trudy Muller in a statement to AllThingsD. "The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so."

However, critics disagree. When an Apple device sends an iMessage to another device, instead of swapping the encryption keys directly, the keys are controlled by a directory called "ESS server." Consequently, if the NSA is interested in a particular person's iMessage content, it could approach Apple with a request to have the company make small changes to how the server manage the keys.

Such a move could allow for live surveillance along with reading every message sent by the suspect.

This revelation is quite interesting if it is really possible for the NSA to easily request Apple to make small changes to how its iMessage server works. Not to mention having the capability of live surveillance while a suspect is communicating with another party.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics