How Apple is Protecting iMessages Against Tomorrow's Hackers

Quantum computers could be the next threat

A forthcoming iMessage update will protect your conversations from being cracked by ultra-powerful quantum computers. But those computers don't even exist yet.

In the next version of iOS 17, iMessage will receive its most significant security update ever. Named PQ3, this "post-quantum cryptographic protocol" is a set of security features designed to protect against attacks from the quantum computers of the future, which will make it trivial to crack existing encryption methods. This sounds like utter sci-fi, so why is Apple doing this now? What's the point of protecting iMessage users from threats that have yet to exist and may not exist for a long time? That's where things get interesting.

"Quantum computing has generated a lot of excitement, not just because it sounds futuristic. It's like having a super-powered computer that can crack digital locks we once thought were unbreakable," says information security analyst and researcher Nathan Jacobs. "Imagine a lock that would take a regular computer a millennium to open; a quantum computer could potentially do it during a coffee break. That's why the chatter about iMessage beefing up its security isn't just tech hype-it's addressing a genuine concern."

Harvest Now, Decrypt Later

Imagine that you are a jewel thief and somehow managed to end up in the safety deposit vault of some fancy bank. You have access to all those boxes, but they're locked with impossible-to-pick locks, and the boxes are currently indestructible. Do you walk away? Or do you grab all those safety deposit boxes and store them until they can be opened?

That's the idea behind Harvest Now, Decrypt Later, a scenario where bad actors collect and store data today until quantum computers can easily extract it. This is a perfectly credible, affordable option, thanks to cheap storage.

"Is quantum a looming threat? Not quite yet. But it's like building a storm shelter before the hurricane warning. While still in their infancy, Quantum computers have the potential to crack today's encryption, posing a future risk to sensitive data," said Joseph Harisson, security expert and CEO of IT Companies Network. "By implementing post-quantum cryptography (PQC) in iMessage with iOS 17.4, Apple is future-proofing its messaging platform. It's like investing in a cybersecurity time capsule, ensuring their users' messages remain protected even if quantum computing evolves."

That's why Apple is deploying PQ3 now instead of waiting for quantum computers to be commercially available. PQ3 can run on existing non-quantum computers-your iPhone, Mac, iPad, and so on-but is "secure from known threats posed by future quantum computers," according to a blog post from Apple Security Engineering and Architecture.

By securing your message data today, iMessage will ensure that it is useless to data thieves in the future, even for technology that doesn't exist yet-with one huge caveat, as we shall see below.

"In the tech world, waiting until the last minute is asking for trouble. By strengthening iMessage's security now, Apple is not only protecting our present chats but also ensuring our future secrets stay secret too," says Jacobs.

Quantum Hole

The measures taken by Apple are all good news, protecting today's cat-meme messages from tomorrow's hackers, but there's a catch. At the same time, your messages will be hardened to a point that makes Jason Statham look like a sleepy kitten; while on your device or in transit, there remains a significant vulnerability: the same back door that already allows access to your iMessages today: iCloud backups.

Suppose you use iCloud backups for your devices. In that case, the default settings "continue to include iMessage message history using keys that Apple controls ," writes Apple blogger John Gruber, "which means keys that Apple can, and does, use to turn over data to law enforcement when issued a warrant."

It's possible to prevent this by switching on Advanced Data Protection. Still, if you communicate with anyone who does not use Advanced Data Protection, your messages will be included in their conversation backup.

On the other hand, PQ3 isn't designed to thwart legal demands for data, legitimate or otherwise. It's made to stop your data from being intercepted or captured, stored, and saved until the technology has advanced enough to make it worthwhile-like a billionaire's head frozen in a cryogenic facility.

"Security is an ongoing journey, not a destination. Apple's proactive approach is a positive step, but vigilance remains key. Stay informed about evolving threats and adopt security practices that prioritize protection today and tomorrow," says Harisson.

About the author: Charlie Sorrel has been writing about technology, and its effects on society and the planet, for almost two decades. Previously, you could find him at Wired's Gadget Lab, Fast Company's CoExist, Cult of Mac, and Mac Stories. He also writes for his own site, StraightNoFilter.com, Lifewire Tech News, and iFixit.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags:IPhone
Join the Discussion
Real Time Analytics