Forgot your password?
typodupeerror
Communications Encryption Privacy Security Apple Your Rights Online

Researchers Show Apple Can Read iMessages 124

Posted by timothy
from the leetspeak-vs-panopticon dept.
Trailrunner7 writes "The Apple iMessage protocol has been shrouded in secrecy for years now, but a pair of security researchers have reverse-engineered the protocol [original analysis] and found that Apple controls the encryption key infrastructure for the system and therefore has the ability to read users' text messages–or decrypt them and hand them over at the order of a government agency. ... The researchers found that while that basic framework makes sense from a security point of view, there are a number of issues with the iMessage system. One major issue is that Apple itself controls the encryption key infrastructure use for iMessage, and has the keys for each individual user. The upshot of this is that Apple has the ability to read users' messages if it so chooses. The researchers who looked at iMessage, known as Pod2g and GG, said that there is no evidence that Apple is in fact reading users' iMessages, but it's possible that the company could. Users' AppleID passwords also are sent in clear text to the Apple servers."
This discussion has been archived. No new comments can be posted.

Researchers Show Apple Can Read iMessages

Comments Filter:
  • Terrible summary (Score:4, Insightful)

    by AmiMoJo (196126) * <(ten.3dlrow) (ta) (ojom)> on Thursday October 17, 2013 @12:49PM (#45154221) Homepage

    The fact that Apple can read iMessages and hand them over to the authorities is hardly surprising, especially given that we know they co-operate with the NSA. TFS leaves the last and far more interesting bit right until the end: Usernames and passwords sent in cleartext.

    In other words all those people using Starbucks' free wifi are broadcasting their Apple ID and password to everyone else in range.

    • Re: (Score:3, Informative)

      by JSG (82708)

      The article only mentions the username going in clear.

      • by Shabbs (11692)

        The article only mentions the username going in clear.

        Might want to double check that...

        FTA: "Users’ AppleID passwords also are sent in clear text to the Apple servers."

        http://threatpost.com/apple-imessage-open-to-man-in-the-middle-spoofing-attacks/102610 [threatpost.com]

        • Re:Terrible summary (Score:5, Informative)

          by OlivierB (709839) on Thursday October 17, 2013 @01:08PM (#45154515)

          The username and password are sent in clear text in the SSL tunnel. So no, people at Starbucks won't get your username and password.

          What this suggests is that iMessage should only be sending a hash of the username and password to Apple Servers without ever sending those things even within a SSL tunnel.

          • iMessage should only be sending a hash of the username and password to Apple Servers without ever sending those things even within a SSL tunnel.

            If you do that, then the hash becomes the password, so anyone who gets the hash can log into your account.

            • by OlivierB (709839)

              Ok, I could have made this a little more explicit.

              For something like iMessage, where the client and the server are trusted, but not the communication channel you could very well (for example) input your user name and password on the client, have the client generate hashes of the username and login, sign said hashes with the sever's public key and send them over to the server.

              That's one step better than cleartext auth wrapped with SSL but, as someone else remarked, a SRP (or even DH) exchange is pretty strai

              • If the communication channel is not trusted, and someone gets the hash, then how will the server know it is getting the hash from you and not from an attacker?

                That's why the hash essentially becomes the password, because in that situation the attacker can use it to impersonate you.
                • Use a message authentication code to ensure the hash was sent from the iPhone registered to the appropriate user. That way an attacker needs both the hash of the password and the secret key stored on the phone.

                  And even if the hash becomes the password, at least it isn't the same as every other password the user uses for every service. Whereas the original password probably is.
      • Re:Terrible summary (Score:5, Informative)

        by Laxori666 (748529) on Thursday October 17, 2013 @01:02PM (#45154403) Homepage
        From TFA [quarkslab.com]:

        Second surprise was actually bigger: we saw our AppleID and password going through this SSL communication. Yes, the clear text password... There can be a lot of good reason to send the password as cleartext, ssh does it for instance. But here, we dont see any reason for Apple to get our password.

        Firstly, it means that Apple can replay our password using for instance our email also on many websites. Ok, Apple has no reason to do so. But what of intelligence agencies? Secondly, it also means that anyone capable of adding a certificate and able to proxify the communications can get user's AppleID and password, thus get access to iCloud accounts, backups, buy apps, ....

    • Re:Terrible summary (Score:5, Informative)

      by Anonymous Coward on Thursday October 17, 2013 @12:58PM (#45154339)

      Also, the password isn't sent over the wire in cleartext; it's sent as cleartext *inside of the SSL stream*. As in: you need to defeat SSL to read it as a man in the middle. SSH does the same thing.

      • by sribe (304414)

        ...it's sent as cleartext *inside of the SSL stream*...

        Why, oh why, did you post that like two minutes after my mod points expired???

      • Re:Terrible summary (Score:5, Interesting)

        by Andy Dodd (701) <atd7&cornell,edu> on Thursday October 17, 2013 @01:14PM (#45154599) Homepage

        Keep in mind that between some of the more recent Snowden disclosures, and some of the disclosures coming out of Lavabit's shutdown (I think it was Lavabit that was printing SSL private keys in 4-point text???), the NSA can easily MITM these streams without anyone noticing as they are forcing US-based companies to provide them with SSL private keys for just this purpose.

        If the password were a salted hash there would at least be some level of protection here, although as long as Apple has a password reset mechanism and a way to recover "old" messages after a reset - it's nearly impossible for them to guarantee that someone who has legal power over Apple (such as the FISA courts) can't read messages.

        • by tlhIngan (30335)

          Keep in mind that between some of the more recent Snowden disclosures, and some of the disclosures coming out of Lavabit's shutdown (I think it was Lavabit that was printing SSL private keys in 4-point text???), the NSA can easily MITM these streams without anyone noticing as they are forcing US-based companies to provide them with SSL private keys for just this purpose.

          If the password were a salted hash there would at least be some level of protection here, although as long as Apple has a password reset me

          • by smash (1351)
            The NSA likely already has a trusted cert on your Mac or Windows machine, and can deploy signed code that will be transparently executed by your OS. So you're probably boned anyhow.
      • Encryption (e.g. in SSL) actually serves two important purposes - it encrypts clear text such that it appears like rubbish to anyone taking a look, but it also acts as authentication security because it allows you to validate that the endpoint you are communicating with is who they say they are.

        In SSH, for example, you can do away with passwords entirely by using private and public keys - the idea being that you encrypt with the private key and give the public key to the other endpoint, the algorithm used f

      • by isorox (205688)

        Also, the password isn't sent over the wire in cleartext; it's sent as cleartext *inside of the SSL stream*. As in: you need to defeat SSL to read it as a man in the middle. SSH does the same thing.

        I tunnel my SSL traffic over an SSH tunnel through an SSTP vpn, what could possibly go wrong?

    • by DarkOx (621550)

      The only facts are that Apple can read iMessages, and that this was always well known and obvious.

      Any encrypted messaging scheme where some third party handles the keys and the cipher text pretty much implies said third party *can* see the messages in clear text.

      This is even the case of asymmetric crypto because if you obtain the public key through the same channel the cipher text is to be sent over you can be man in the middle attacked easily.

      Honestly if security is of primary concern third party key manag

      • by Wingsy (761354)
        "The only facts are that Apple can read iMessages, and that this was always well known and obvious."

        Well, except that they can't, and never did.

        http://allthingsd.com/20131018/apple-no-we-cant-read-your-imessages/ [allthingsd.com]

        Now I'm sure you will choose not to believe this, but think for a minute ... just how much trouble do you think Apple would be in if they are lying about this and get caught at it? Not even a stupid company would take such a chance, and Apple ain't stupid.
      • by smash (1351)

        Honestly if security is of primary concern third party key management is FAIL.

        And here's pretty much the only thing that needs to be said. If you're wanting stuff encrypted, do it yourself.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      From TFA: "we saw our AppleID and password going through this SSL communication".

      The password is cleartext over an SSL connection. So, no, all the people in Starbucks are not broadcasting to everyone else in range. Apple just isn't hashing, encrypting or otherwise obscuring the password when sent through the SSL connection. So they have access to the password in iMessage; they have access to the password when someone uses icloud.com, appleid.apple.com, or any other Web based access to Apple Services so,

    • by Dunbal (464142) *
      "I use Apple products because they are 'safer'".
    • Has apple ever claimed that iMessages were secure? I'm not thinking so. Just that you could send iMessages to other ios users and not get billed for lots of texts, which are far less secure still than iMessages. Next story?

    • In other words all those people using Starbucks' free wifi are broadcasting their Apple ID and password to everyone else in range.

      I've never owned an Apple device in my life and have no intention of ever doing so - but wrong is wrong and I have to correct you.

      The passwords are encrypted over SSL and therefore anyone snooping a connection will only see gobbledigook - in no way are they broadcast in clear text.

      The actual vulnerability here is that someone can, using their own constructed SSL keys, perform a m

      • Most sane programs would throw a hissy fit if someone tried to MITM an SSL communication with constructed SSL keys--
        A) because the thumbprint would drastically change and
        B) because the cert would not be signed by a trusted CA

        • by smash (1351)
          Point B does not apply if the third party owns the CA infrastructure. But yes, trusting third party keys for secure comms is retarded.
    • The fact that Apple can read iMessages and hand them over to the authorities is hardly surprising, especially given that we know they co-operate with the NSA. TFS leaves the last and far more interesting bit right until the end: Usernames and passwords sent in cleartext.

      In other words all those people using Starbucks' free wifi are broadcasting their Apple ID and password to everyone else in range.

      I read somewhere that the NSA referred to Steve Jobs as 'Big Brother'. That should be all we need to know to assume that ALL Apple products will sell their users out.

    • by cgimusic (2788705)
      I seriously doubt that is what the researchers meant. I think they are saying the passwords will be in clear text when they reach Apple's servers, not that they are not sent over HTTPS.
    • by smash (1351)
      And hardly surprising either, given that the alternative, SMS (which is charged at stupendous rate) is sent in... cleartext. And email is sent in... cleartext.
  • Upshot? (Score:3, Informative)

    by stevemoink (134725) on Thursday October 17, 2013 @12:56PM (#45154317)

    "The upshot of this is that Apple has the ability to read users' messages if it so chooses."

    I do not think upshot means what you think it means.

  • by nimbius (983462) on Thursday October 17, 2013 @01:01PM (#45154391) Homepage
    at no time should we have any expectation of privacy in a SaaS or PaaS environment that is controlled by an american company. the government has numerous laws that require corporations to preserve data for investigation both with and without a warrant provided, which in turn guarantees corporations will engineer systems to ensure they are compliant. Corporations do not exist to pick fights with the government or question legislation until it begins to impact their quarterly earnings, and as most people arent concerned about their privacy its only natural corporations in turn arent either. if snapchat users, gmail users, facebook users and paypal users en-masse boycotted their respective service providers, im certain the message would be clearly sent that spying on customers kills business.

    but as customers are clearly powerless to do anything about the spying, and corporations are well aware of this, nothing will change. we need our gmail and our facebook if only because we're without alternative or uncomfortable with the idea of learning something new. You'll eventually need an app that resists snooping, which is hard when apple controls the platform and can simply engineer access to your messages through numerous means such as keylogging.
  • It seems to me that most of these big, high visibility companies haven't bothered waiting for "orders" from anyone. They've been just rolling over like good little bitches and turning information over based merely on requests.
  • ...absolutely no-one is surprised....

  • You're reverse-engineering it wrong.
  • by Anonymous Coward

    Did these researchers offer any insight as to the religious tendencies of the pope or the defecatory habits of bears in woodland environments?

  • Now we're closer to an imessage SMS gateway...

  • One illegal unconstitutional agency to rule them all and in the darkness blind them.

  • by rabtech (223758) on Thursday October 17, 2013 @05:05PM (#45157549) Homepage

    Google can read your email!

    Jabber servers can read your IMs! So can Yahoo! So can AOL!

    Oh wait, this is Apple. Nevermind, carry on with the hysterics.

    (FYI: No matter what scheme you devise, key management always gets you because if Apple doesn't have the keys, it makes iMessage much, much harder to use. If they do, then someone can snoop the messages. If you use a chain of trust, who ever sits at the top of the chain can be compromised. In an ideal world, people would learn about crypto keys and understand how to manage them, but you'd have to meet face to face to avoid mistaken identities).

  • by rabtech (223758) on Thursday October 17, 2013 @06:33PM (#45158479) Homepage

    The system appears secure; hacking it requires injecting your own certificate into the trusted roots on the device.

    Further, forging messages requires you compromise the private key which is only contained on the device (Apple doesn't know it). The public key is submitted to Apple's push CA which generates a certificate. The public part of your key is what other devices see when they get a copy of your certificate. So far, so good.

    The issue is, of course, that Apple controls the CA so in theory if the government ordered them to issue a certificate in your name to the government, the gov could then monitor your communications or forge your identity.

    Apple claims not to be able to read iMessages and that appears to be true, and as far as I'm aware not even the Patriot act requires them to issue forged certificates (aka allow the government to impersonate you digitally). So insofar as the law works and is followed, there is no legal authority to compel Apple to issue bunk certificates.

    For the curious, when you send a message it contacts Apple and requests the list of public certs for a given URI (telephone number, email address, etc). Apple responds with a list of the public certs issued to each of your registered devices, which the client then uses to send messages encrypted with that public key to each, and also signed with your own private key. The receiver does a similar lookup and uses your public key to validate the signature (proving you sent the message and that it was sent from the correct device even), then uses its own private key to decrypt the message you encrypted with the public key.

    I'm not sure how this could be improved. No matter what you do, someone has to be in charge of saying "The certificate for mobile number xxx-yyy-zzzz is ..." and that gives you a chain of trust problem. The alternative is requiring every iMessage user to meet face-to-face to exchange keys before sending any messages.

    • by kermidge (2221646)

      "The issue is, of course, that Apple controls the CA so in theory if the government ordered them to issue a certificate in your name to the government, the gov could then monitor your communications or forge your identity.

      Apple claims not to be able to read iMessages and that appears to be true, and as far as I'm aware not even the Patriot act requires them to issue forged certificates (aka allow the government to impersonate you digitally). So insofar as the law works and is followed, there is no legal aut

  • Secured or not. Encrypted data have to be decrypted somewhere. :(

  • Theoretically the Constitution could be changed such that only dogs are allowed to have any control of the government, vote, run for office, piss on the sidewalk, etc. But it is unlikely. Trust me.

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson

Working...