Is Apple’s iMessage Service Really Secure?
Can Apple (NASDAQ:AAPL) read your iMessage communications? According to security researchers from Quarkslab, Apple could easily intercept a users’ private communications without their knowledge and divert it to a third party using a “man-in-the-middle attack,” reports Macworld.
Although there is no evidence that the Cupertino-based company is currently doing this, Quarkslab’s research contradicts Apple’s own claim that, “conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.”
Apple made the claim in June, soon after consumers became aware of a secret communication surveillance program known as PRISM. After the news of the government-run surveillance program broke, many companies — including Apple — released statements that sought to reassure their customers about their commitment to user privacy.
However, Quarkslab researcher Cyril Cattiaux stated that Apple’s claim about iMessage is “just basically lies,” reports Macworld. Cattiaux noted that Apple’s system is based on a key directory that is fully controlled by Apple.
According to Quarkslab, Apple’s system enables it to easily route a user’s communications to a third party without their knowledge. Since Apple’s key server is not open to the public, users cannot see if a key has been changed.
In other words, users must trust Apple to keep their communications secure, rather than relying on an unbreakable encryption code. “In Apple’s case, it’s that they give the key and nobody can really know if it’s a substitute or anything like that. In fact, it’s a matter of trust. It’s a real problem for users,” stated Quarkslab researcher GG via Macworld.
Although other researchers cited by Macworld agreed with Quarkslab’s conclusions, Apple has not backed down from its original claim. “The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so,” Apple spokesperson Trudy Muller told All Things D.
On the other hand, if Apple is intercepting users’ communications based on a government order, it may not even be allowed to disclose that fact. In general, Apple’s iOS has a reputation for being more secure than Google’s (NASDAQ:GOOG) Android. However, when it comes to the government’s power to intercept communications, neither operating system may offer as much security as the companies claim.
Follow Nathanael on Twitter (@ArnoldEtan_WSCS)