Become a fan of Slashdot on Facebook


Forgot your password?
Communications Encryption Privacy Security Apple Your Rights Online

Researchers Show Apple Can Read iMessages 124

Trailrunner7 writes "The Apple iMessage protocol has been shrouded in secrecy for years now, but a pair of security researchers have reverse-engineered the protocol [original analysis] and found that Apple controls the encryption key infrastructure for the system and therefore has the ability to read users' text messages–or decrypt them and hand them over at the order of a government agency. ... The researchers found that while that basic framework makes sense from a security point of view, there are a number of issues with the iMessage system. One major issue is that Apple itself controls the encryption key infrastructure use for iMessage, and has the keys for each individual user. The upshot of this is that Apple has the ability to read users' messages if it so chooses. The researchers who looked at iMessage, known as Pod2g and GG, said that there is no evidence that Apple is in fact reading users' iMessages, but it's possible that the company could. Users' AppleID passwords also are sent in clear text to the Apple servers."
This discussion has been archived. No new comments can be posted.

Researchers Show Apple Can Read iMessages

Comments Filter:
  • Re:Terrible summary (Score:5, Interesting)

    by gl4ss ( 559668 ) on Thursday October 17, 2013 @01:04PM (#45154425) Homepage Journal

    Excuse me, but how do we know this? Except for your prejudice and paranoia, do you have any actual evidence?

    because technically and in practice the agencies can ask and order them to co-operate. it's not like it's a choice you know. they have no choice in the matter - except choice of going out of business, *eo's potentially going to jail and so forth. that's not really an option.

    in that context proving the opposite would have been a feat. so it would have been an interesting article if they had proved that apple can't read the imessages. besides, if they can reset your password without your account breaking then they can read your stuff. eos.

  • Re:Terrible summary (Score:5, Interesting)

    by Andy Dodd ( 701 ) <{atd7} {at} {}> on Thursday October 17, 2013 @01:14PM (#45154599) Homepage

    Keep in mind that between some of the more recent Snowden disclosures, and some of the disclosures coming out of Lavabit's shutdown (I think it was Lavabit that was printing SSL private keys in 4-point text???), the NSA can easily MITM these streams without anyone noticing as they are forcing US-based companies to provide them with SSL private keys for just this purpose.

    If the password were a salted hash there would at least be some level of protection here, although as long as Apple has a password reset mechanism and a way to recover "old" messages after a reset - it's nearly impossible for them to guarantee that someone who has legal power over Apple (such as the FISA courts) can't read messages.

Experience varies directly with equipment ruined.