Researchers Say iMessage's Unbreakable Encryption is "Basically Lies"

Security researchers say users would have no way of knowing Apple or the government was reading their messages.

Though Apple claims iMessage has end-to-end encryption, researchers at a security conference said the Cupertino, Calif. company still has the ability to intercept messages and hand them over to the government, Macworld reports.

The security researchers told attendees at the Hack in the Box conference in Kuala Lumpur that users would have no indication Apple or the government is reading their messages. Cyril Cattiaux, who has developed software to jailbreak iOS, said iMessage's unbreakable encryption is "just basically lies," elaborating that because Apple has an opaque system for managing public keys used in encryption, it's possible that iMessages can be routed to another party undetected.

"They’ve [Apple] insisted to their customers that messages were encrypted ‘end to end’ and that they couldn’t read the messages," Matthew Green, an assistant research professor in the Department of Computer Science at Johns Hopkins University, told Macworld. "This is all technically true, but at the same time they know perfectly well that this could change easily if they wanted to misbehave. They just chose to be misleading."

[Image: Flickr user William Hook]

Add New Comment

4 Comments

  • figj

    As the referenced article says, using public/private key encryption doesn't help if the public keys are unprotected. Because it's just too easy to mount a man-in-the-middle attack. Apple and anyone else claiming privacy should be using certificates to protect public keys. Even better is to use client-controlled keys and client-controlled X.509 certificates like what Lockbox (www.lock-box.com) does.

  • LifeIdGood

    What a load of crap. For one thing, nothing is totally secure. For another, someone would have to hack into apples servers and get the private keys. Point to point is secure unless the keys are both stolen and somehow linked to a device.

    iMessage is the most secure IM out there right now. Why not look at the others that don't use any public/private key encryption?

    It a phone folks. Keep it in perspective.

  • Random

    Should of read the article instead of the title. No one said it wasn't encrypted or that it was being stolen. It was said that it was being rerouted to a third party undetected. Put apple any higher on that pedestal and it might just come down on your head and knock some sense into you.

  • LifeIdGood

    I read it, and no, there is no third party redirection. It's all theoretical.

    Here's some news. Google not only has the ability, but they actually ready every single gmail sent. This is done for marketing purposes.

    Another news flash. Everything is hackable with enough tme and resources. So, if you feel that the .0000000095% chance that your iMessage will be read by apple, through ur phone away and use gmail (or not.. Read above). Or, find another line of work (legal that is) that does not demand such paranoia.

    Let's get real here folks. It's a phone.