Despite Apple's claims, iMessage is vulnerable to decryption, says report
Quarkslab concluded that Apple's popular iMessage is vulnerable to decryption.
Is Apple reading your iMessages? Probably not. Can the technology giant read your iMessages if it were so inclined, or if required to by government order? Yes.
That is what France-based security company Quarkslab concluded when researchers discovered that Apple's popular iMessage instant messaging system is not as encrypted as the iOS-producing company led users to believe.
Quarkslab presented its highly detailed findings at great length last week at Hack In The Box 2013 in Malaysia and, subsequently, released a white paper on its website detailing how Apple can essentially decrypt and read iMessage conversations.
What it mostly boils down to in the end is man-in-the-middle (MITM) attacks, which is where two individuals believe they are having a private and direct conversation, but the transmissions are actually being intercepted by a third party. In some cases, the third party can alter the messages being sent.
Apple uses intricate cryptography based on AES, RSA and ECDSA algorithms, according to the white paper, which goes on to say that when an iMessage is sent it first connects to an Apple key server called ESS to retrieve two public keys: a 256-bit ECDSA and a 1280-bit RSA.
“Since Apple controls ESS servers and all iMessages are routed to Apple's PUSH servers, Apple is able to perform a MITM,” the researchers wrote in the white paper, explaining that Apple can send a fake public RSA/ECDSA key to the sender, decipher it, alter the payload of the message and then sign it before sending it off to the recipient.
“The weakness is in the key infrastructure, as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages,” according to the white paper. “Also remember that the content of the message is one thing, but the metadata [is] also sensitive. And there, you rely on Apple to carry your messages, thus they have your metadata.”
It does not pay to get too paranoid, the researchers said, because iMessage is still plenty secure and even advanced hackers may not be able to simply intercept and decrypt messages. In fact, Fred Raynal, CEO of Quarkslab, told SCMagazine.com on Monday that there are actually numerous ways to compromise iMessages.
“We focused on MITM attacks, but others might be easier [for Apple] to perform, like the ‘ghost attack,'” Raynal said. A ghost attack involves adding a new device to receive iMessages without alerting anyone the device was added.
Several instant messaging programs are vulnerable to MITM-type attacks, but these findings predominately take issue with Apple's June statement following whistleblower Edward Snowden blowing the lid off the National Security Agency's (NSA) mass surveillance operations.
“For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them,” according to the Apple statement in June. “Apple cannot decrypt that data.”
To that, Raynal responded, “In the June statement, Apple wrote, ‘Apple cannot decrypt that data.' The reason they give was end-to-end encryption. We showed that Apple's end-to-end encryption is not enough to prevent interception the way it is designed.”
When questioned via email on Monday, an Apple spokesperson forwarded this statement to SCMagazine.com:
“iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”
Raynal responded, saying, “[Apple] says the system is not designed to do [that] and they are not willing to do it. I am okay to trust them on that, but the June statement that 'Apple cannot decrypt that data' because of end-to-end encryption is seriously misleading.”