#1 By: Cory Doctorow, October 17th, 2013 17:48
#2 By: Cowicide, October 17th, 2013 18:57
I think it's always been wise to assume they were capable of spying. I think in a world full of corporatist spies, the real question is who doesn't spy on us and/or put backdoors in our products and services and support the hell out of them.
Still figuring out TrueCrypt...
#3 By: Alex R, October 17th, 2013 19:29
Essentially, the problem is a common one for asymmetric cryptography: in order to send an encrypted message to someone, you need their public key (they then use their private key to decrypt the message on their end). But how do you find out what someone's public key is? And how do you know the key you've received is the real one? At some point along the line, you end up trusting that malicious third parties haven't spoofed you into accepting their public key, rather than that of your intended recipient. It's a hard problem to solve, and is the reason why crypto enthusiasts hold IRL meetups to swap public keys face-to-face. Obviously, this isn't really viable for a mass-market messaging system like iMessage, so Apple acts as a directory from which people can look up public keys for iMessage users. By substituting a their own key, Apple could theoretically read the messages.
One thing that could mitigate risk somewhat would be for the client to warn users when a public key of someone they're messaging changes suddenly, although it also risks causing irritation and undue alarm when, say someone gets a new phone. Maybe a way to transfer private keys, or sign an authorisation of a new one, could work (perhaps using ad-hoc networking – touch the phones together to authorise a new device). It would inevitably involve a level of user experience trade-off, though.
#4 By: xzzy, October 17th, 2013 20:11
Software that natively facilitates public key exchange would be a really good start.. if iMessage had the ability to read in a public key from one of those face-to-face meetings and use that key for communicating with that person suddenly Apple's ability to become a bad guy is severely diminished (unless they put backdoors in their code, which is another problem entirely).
Basically give every app PGP and we'll have a more secure world than we do now. Just gotta worry about user education (oh is that all?).
#5 By: Coal, October 17th, 2013 23:47
This is what Apple actually said back in June.
There are certain categories of information which we do not provide to
law enforcement or any other group because we choose not to retain it.
For example, conversations which take place over iMessage and FaceTime
are protected by end-to-end encryption so no one but the sender and
receiver can see or read them. Apple cannot decrypt that data.
The assertion that Apple's assertion is "basically lies" is itself, essentially dishonest. "Apple cannot decrypt that data" does not mean the same thing as "it is absolutely impossible for the messages to be intercepted and decrypted under any circumstances". The assertion was made under the pretext that it cannot provide the information to law enforcement because they don't retain it (and it would be meaningless to do so because it's encrypted). It's normally a good idea to make sure you understand the context of what was said before accusing people of lying.
In order to intercept messages, Apple would have to actively facilitate a man in the middle attack. There's no evidence that they have set up a system to do this, and their assurances that "Apple cannot decrypt that data" indicate they haven't. That it would be illegal and carry severe penalties to facilitate this should be thought of as further evidence they haven't taken that route. In principle, the NSA could try to subpoena them, forcing them to set up such an infrastructure, but even if we assume they're successful, Apple would have very strong grounds to refute its validity. It would basically amount to entrapment.
And if they really wanted to eavesdrop, surely it would be easier to simpler NOT design the entire infrastructure and protocols in a way that intentionally prevents them from doing so.
For all intents and purposes, to the extent of our current knowledge, the messages are secure and Apple cannot decrypt them, just as they said.
Not sure why this is suddenly news to be honest. There's no new information from what we had in June.
#6 By: retepslluerb, October 18th, 2013 01:15
So a remote-controlled closed-source device by a third party is not totally secure from evesdroppers who work with or are said third party?
Color me surprised!
#7 By: Coal, October 18th, 2013 03:18
I've found another vulnerability in the iMessaging system that shows that Apple TOTALLY CAN read their users iMessages.
I, like many 5s users, use my thumbprint to unlock my iPhone. Some users don't even use a pass code. At any point, I can just pick up my iPhone, push the home button to unlock it, open iMessage and read the messages right there on the screen.
What is to stop the NSA from forcing Apple to break into my house while I'm asleep, steal my phone, unlock it using my sleeping thumb (or using a print off the casing from one of the various methods available), and just reading all the iMessages they like?
Now, it should be noted that many of the messages on my phone are in Japanese, but with just a few years dedicated study there's nothing to stop them reading those too.
Apple are such liars!!!!! Every single employee of Apple CAN read my messages, and understand every language on the planet (if they apply themselves).
#8 By: WearySky, October 18th, 2013 09:01
While I actually don't disagree with some of your points, "because they said they haven't" is not actually proof that they haven't. For example, the NSA has said for many years that they were not spying on US citizens in America.
And this is the first I've heard of this, as I missed it the first time around in June, so I'm glad to see it here. I never use iMessage (nor do I bother sending anything over the wires that I'd be overly concerned about somebody else reading), so it's not a real concern to me, but it's still interesting to me.
#9 By: Jason Andresen, October 18th, 2013 13:46
Yeah, security folks were saying that Apple's line about "we can't read iMessage messages" was bullshit. If they control the key distribution system and push all traffic through a server they own, then a man in the middle attack is possible. Apple may not have developed the capability to do it, but there is no technical reason why they could not.
#10 By: Coal, October 18th, 2013 21:09
You may need to rethink your burden
But it's not exactly proof that they have either, and in this instance, that's where the burden of evidence lies. If they were inclined to look at the messages, they wouldn't have set it up so messages are protected by end to end encryption, something they were in no way obligated to do. If there's no evidence to suggest that they're lying and acting illegally, then there's no reason to think there's anything to it.
The real story here anyway is not that Apple lied, it's that Apple was telling the truth. They said back in June that iMessages were encrypted end to end, and that they couldn't read them. There was no way to independently verify that they were being encrypted at the time because Apple released no information about it, and it's a closed system not open to inspection. Now, somebody has independently verified it. End to end encryption just as Apple said. Don't you feel reassured now?
#11 By: Coal, October 18th, 2013 21:12
There's also no technical reason why they can't push an update out that cancels the encryption. Heck, there's no technical reason they can't sneak into your home and read the iMessages off your phone's screen. Unless there's some direct and compelling evidence that they are in fact doing these things though, "Apple cannot read" remains valid.
#12 By: Cory Doctorow, October 22nd, 2013 17:48
This topic was automatically closed after 5 days. New replies are no longer allowed.