Researchers Show Apple Can Read iMessages

Trailrunner7 writes "The Apple iMessage protocol has been shrouded in secrecy for years now, but a pair of security researchers have reverse-engineered the protocol [original analysis] and found that Apple controls the encryption key infrastructure for the system and therefore has the ability to read users' text messages–or decrypt them and hand them over at the order of a government agency. ... The researchers found that while that basic framework makes sense from a security point of view, there are a number of issues with the iMessage system. One major issue is that Apple itself controls the encryption key infrastructure use for iMessage, and has the keys for each individual user. The upshot of this is that Apple has the ability to read users' messages if it so chooses. The researchers who looked at iMessage, known as Pod2g and GG, said that there is no evidence that Apple is in fact reading users' iMessages, but it's possible that the company could. Users' AppleID passwords also are sent in clear text to the Apple servers."

Terrible summary

[AmiMoJo]

The fact that Apple can read iMessages and hand them over to the authorities is hardly surprising, especially given that we know they co-operate with the NSA. TFS leaves the last and far more interesting bit right until the end: Usernames and passwords sent in cleartext.

In other words all those people using Starbucks' free wifi are broadcasting their Apple ID and password to everyone else in range.

Re:Terrible summary

[gl4ss]

Excuse me, but how do we know this? Except for your prejudice and paranoia, do you have any actual evidence?

because technically and in practice the agencies can ask and order them to co-operate. it's not like it's a choice you know. they have no choice in the matter - except choice of going out of business, *eo's potentially going to jail and so forth. that's not really an option.

in that context proving the opposite would have been a feat. so it would have been an interesting article if they had proved that apple can't read the imessages. besides, if they can reset your password without your account breaking then they can read your stuff. eos.

Re:

[Zemran]

" if they had proved that apple can't read the imessages. "

In any situation, take an image, load said image to clone machine, reset password on interesting account and look as much as you like... Live machine still unaffected.

Re:

[dwightk]

*eo's potentially going to jail and so forth.

c*o's ?

Re:

[david_thornley]

What does it matter if Apple responds reluctantly but properly to apparently valid court orders or just hands everything over gleefully? In either case the government gets what it wants, and the court orders seem to be wide-reaching enough to grab pretty much everything. Apple, like any other company large or small, is in real trouble if it doesn't cooperate with court orders.

The only way to keep online secrets nowadays is to use strong encryption on your own machines (not shared; there are some ingeni

Re:Terrible summary

[Ash Vince]

The fact that Apple can read iMessages and hand them over to the authorities is hardly surprising, especially given that we know they co-operate with the NSA.

Excuse me, but how do we know this? Except for your prejudice and paranoia, do you have any actual evidence?

Any US based executive that refused to co-operate with an NSA request can be sent to prison. You can try challenging them in the relevant (secret) mickey mouse course of rubber stamps or you can look for the odd work around like just disclosing what you have from the logs then closing down your entire service so you do not have to do it again.

Re:

[macsimcon]

Sorry, that just isn't true.

If your company creates a system that doesn't allow you access to customer information (say, because it's encrypted, and only the customer has the key), neither your nor your company can be compelled to reprogram your system so you get the keys, and can therefore hand them over to the government.

The trick is in how you design the system. If it's onerous or impossible to provide the government the information, no amount of NSLs are going to matter.

Now, I'm not claiming that Messag

Re:

[Anonymous Coward]

>If your company creates a system that doesn't allow you access to customer information (say, because it's encrypted, and only the customer has the key), neither your nor your company can be compelled to reprogram your system so you get the keys, and can therefore hand them over to the government.

The recent issue with Lavabit shows that this is no longer true.

Re:

[smash]

And then they shut you down on claims of harboring terrorist communications, and because you're unable to prove otherwise (due to not having access to the content you store) you're fucked. The only secure comms that will work is encryption done on the endpoint and using whatever cleartext carrier medium. This way the government has to come after the endpoints, which is a lot more time consuming and expensive than just shutting down a central service.

Re:

[Anonymous Coward]

How the fuck did this AC get modded informative with that speculative bullshit? Look at the fingerprint thing for example:

Apple admits, ‘iPhone 5s Fingerprint Database To Be Shared With NSA [hackersnewsbulletin.com]

Tim Richardson, District Manager of Apple’s North America Marketing Department admits about the sharing of Database with NSA ... he told: “Frankly, if a person is foolish enough to allow something as specific and criminally implicit as their fingerprints to be cataloged by faceless corporations and Go

Re:

[Anonymous Coward]

Apple admits, âiPhone 5s Fingerprint Database To Be Shared With NSAâ(TM)

Um, no.

http://www.theguardian.com/technology/2013/sep/27/no-nsa-iphone-5s-fingerprint-apple [theguardian.com]

Important quote, in case you decide to not read the linked article:

Reality check: the article claiming this comes from a right-wing "satire" site. Why are people confused? Because the satire's badly executed.

And, before you don your tinfoil hat in an attempt to refute this information, please try to remember that my source is The Guardian - you know, the source of the Snowden information.

So, yeah - please do think twice before spouting off moronic stupidity.

Re:

[DJRumpy]

The Apple hate has grown to the point where they are marking satire as 'informative'? Seriously? I would expect my parents to fall for something like this. Any /. user that does needs to hand in their geek card.

No fingerprint sharing

[MikeMo]

I'm sorry, but part of your comment is just plain wrong. Firstly, Apple is not collecting your fingerprint, only something similar to a hash of the fingerprint's characteristics. Secondly, it isn't shared with anyone. Thirdly, the explicitly state in this article [apple.com] that your actual fingerprint can not be reverse engineered from the data the store on the phone.

In addition to this, the NYPD's stated reason for pushing the iPhone 5s is that it makes iPhone theft a thing of the past, which it clearly, demonstrably does. The link you posted saying NYPD is after the fingerprints is clearly, demonstrably false. Now, I'm sure you can find folks that say something different, but I can also show you pictures of Obama shaking hands with space aliens - you can find anything you like, but it doesn't make it true.

Finally, Apple (and Google) outright deny [allthingsd.com] sharing data with the NSA.

You can continue to believe that they are sharing if you like, but stating that they have admitted they are sharing is incorrect.

Sweet onions

[mynameiskhan]

That last link is akin to reading Onion and considering it real news. Only the Chinese gov. will assume it to be true info.

Re:

[Anonymous Coward]

You are aware that the National Report is satire, right? (Aparently not) It's like the Onion, only more obvious.

Re:

[smash]

Update: The Source (National Report) is said to be a Parody site and the news they published is a rumor, that’s why we want to inform to all the users, “This News is awaiting confirmation” - See more at: http://hackersnewsbulletin.com/2013/09/apple-admits-iphone-5s-fingerprint-database-shared-nsa.html#sthash.hTPDiee9.dpuf [hackersnewsbulletin.com]

Yeah right..... and do you really think an apple exec would be that blunt and offensive about it?

Re: Terrible summary

[Anonymous Coward]

I have plenty of evidence. And this topic really isn't anything new. Apple have woeful security practices that broadcast their own customers private data while using no encryption whatsoever. You need to research a little more instead of being a tool.

Re:

[JSG]

The article only mentions the username going in clear.

Re:

[Shabbs]

The article only mentions the username going in clear.

Might want to double check that...

FTA: "Users’ AppleID passwords also are sent in clear text to the Apple servers."

http://threatpost.com/apple-imessage-open-to-man-in-the-middle-spoofing-attacks/102610 [threatpost.com]

Re:Terrible summary

[OlivierB]

The username and password are sent in clear text in the SSL tunnel. So no, people at Starbucks won't get your username and password.

What this suggests is that iMessage should only be sending a hash of the username and password to Apple Servers without ever sending those things even within a SSL tunnel.

Re:

[phantomfive]

iMessage should only be sending a hash of the username and password to Apple Servers without ever sending those things even within a SSL tunnel.

If you do that, then the hash becomes the password, so anyone who gets the hash can log into your account.

Re:

[OlivierB]

Ok, I could have made this a little more explicit.

For something like iMessage, where the client and the server are trusted, but not the communication channel you could very well (for example) input your user name and password on the client, have the client generate hashes of the username and login, sign said hashes with the sever's public key and send them over to the server.

That's one step better than cleartext auth wrapped with SSL but, as someone else remarked, a SRP (or even DH) exchange is pretty strai

Re:

[phantomfive]

If the communication channel is not trusted, and someone gets the hash, then how will the server know it is getting the hash from you and not from an attacker?

That's why the hash essentially becomes the password, because in that situation the attacker can use it to impersonate you.

Re:

[DMUTPeregrine]

Use a message authentication code to ensure the hash was sent from the iPhone registered to the appropriate user. That way an attacker needs both the hash of the password and the secret key stored on the phone.

And even if the hash becomes the password, at least it isn't the same as every other password the user uses for every service. Whereas the original password probably is.

Re:Terrible summary

[Laxori666]

From TFA [quarkslab.com]:

Second surprise was actually bigger: we saw our AppleID and password going through this SSL communication. Yes, the clear text password... There can be a lot of good reason to send the password as cleartext, ssh does it for instance. But here, we dont see any reason for Apple to get our password.

Firstly, it means that Apple can replay our password using for instance our email also on many websites. Ok, Apple has no reason to do so. But what of intelligence agencies? Secondly, it also means that anyone capable of adding a certificate and able to proxify the communications can get user's AppleID and password, thus get access to iCloud accounts, backups, buy apps, ....

Re:

[HiThere]

They're also saying that any man-in-the-middle would get sufficient information to impersonate you, and could do anything that you are allowed to do.

That was "good enough" security in 1970 on mainframe terminals, but they weren't broadcast over the internet. And there wasn't much malicious hacking. As it is.... well, I'm just glad that I don't use their services.

Re:

[smash]

If someone has MITM'd you, they are ALREADY IMPERSONATING YOU.

Re:

[cbhacking]

SSH only "has the same architecture" if you use password auth instead of public key auth. The latter is considerably safer. Additionally, there are *still* other, better options, such as SRP.

Re:

[Bert64]

But this is the password to your *apple id*... Apple clearly already have that password so sending it to them again is irrelevant.

Re:Terrible summary

[Anonymous Coward]

Also, the password isn't sent over the wire in cleartext; it's sent as cleartext *inside of the SSL stream*. As in: you need to defeat SSL to read it as a man in the middle. SSH does the same thing.

Re:

[sribe]

...it's sent as cleartext *inside of the SSL stream*...

Why, oh why, did you post that like two minutes after my mod points expired???

Re:Terrible summary

[Andy Dodd]

Keep in mind that between some of the more recent Snowden disclosures, and some of the disclosures coming out of Lavabit's shutdown (I think it was Lavabit that was printing SSL private keys in 4-point text???), the NSA can easily MITM these streams without anyone noticing as they are forcing US-based companies to provide them with SSL private keys for just this purpose.

If the password were a salted hash there would at least be some level of protection here, although as long as Apple has a password reset mechanism and a way to recover "old" messages after a reset - it's nearly impossible for them to guarantee that someone who has legal power over Apple (such as the FISA courts) can't read messages.

Re:

[tlhIngan]

Keep in mind that between some of the more recent Snowden disclosures, and some of the disclosures coming out of Lavabit's shutdown (I think it was Lavabit that was printing SSL private keys in 4-point text???), the NSA can easily MITM these streams without anyone noticing as they are forcing US-based companies to provide them with SSL private keys for just this purpose.

If the password were a salted hash there would at least be some level of protection here, although as long as Apple has a password reset me

Re:

[smash]

The NSA likely already has a trusted cert on your Mac or Windows machine, and can deploy signed code that will be transparently executed by your OS. So you're probably boned anyhow.

Re:

[Urza9814]

sslstrip perhaps?

No seriously, that's not rhetorical. I forget what all it does and I can't check because the site is blocked from work...so I dunno if it would work against iMessage or not...

Re:

[smash]

Pretty much. If you're doing dodgy stuff that you don't want to share with the NSA on any closed-source operating system, on a machine connected to the internet.... well, good luck with that.

Re:

[JohnnyMindcrime]

Encryption (e.g. in SSL) actually serves two important purposes - it encrypts clear text such that it appears like rubbish to anyone taking a look, but it also acts as authentication security because it allows you to validate that the endpoint you are communicating with is who they say they are.

In SSH, for example, you can do away with passwords entirely by using private and public keys - the idea being that you encrypt with the private key and give the public key to the other endpoint, the algorithm used f

Re:

[smash]

Or, more likely not even needing to hack the device [wikipedia.org].

Re:

[isorox]

Also, the password isn't sent over the wire in cleartext; it's sent as cleartext *inside of the SSL stream*. As in: you need to defeat SSL to read it as a man in the middle. SSH does the same thing.

I tunnel my SSL traffic over an SSH tunnel through an SSTP vpn, what could possibly go wrong?

Re:

[smash]

NSA owns your RNG?

Re:

[smash]

self signed certs for the win. we just need a proper random number generator, and an out-of-band method of key exchange (sneakernet/snail mail).

Re:

[HiThere]

It's a bit stronger than that. Yes, Apple can, but so can any man-in-the-middle. So you have to trust the entire chain of connections between you and Apple.

Now man-in-the-middle attacks aren't that common, but they also aren't that difficult. It would probably only affect a small group of people at a time, depending on where the compromise took place. But this would seem to mean that Apple may have been telling the truth when they denied sharing information with the NSA. The NSA didn't need to ask them

Re:

[smash]

If your SSL connection is MITM'd you are boned anyway, and have far bigger problems. If the NSA is MITMing Apple (or microsoft/google) services, then they could just as easily deploy a signed keylogging trojan (if iOS or WinMobile or Android, etc. doesn't already have one pre-installed) to monitor everything via your device.

Re:

[DarkOx]

The only facts are that Apple can read iMessages, and that this was always well known and obvious.

Any encrypted messaging scheme where some third party handles the keys and the cipher text pretty much implies said third party *can* see the messages in clear text.

This is even the case of asymmetric crypto because if you obtain the public key through the same channel the cipher text is to be sent over you can be man in the middle attacked easily.

Honestly if security is of primary concern third party key manag

Re:

[Wingsy]

"The only facts are that Apple can read iMessages, and that this was always well known and obvious."

Well, except that they can't, and never did.

http://allthingsd.com/20131018/apple-no-we-cant-read-your-imessages/ [allthingsd.com]

Now I'm sure you will choose not to believe this, but think for a minute ... just how much trouble do you think Apple would be in if they are lying about this and get caught at it? Not even a stupid company would take such a chance, and Apple ain't stupid.

Re:

[smash]

Honestly if security is of primary concern third party key management is FAIL.

And here's pretty much the only thing that needs to be said. If you're wanting stuff encrypted, do it yourself.

Re:

[Anonymous Coward]

From TFA: "we saw our AppleID and password going through this SSL communication".

The password is cleartext over an SSL connection. So, no, all the people in Starbucks are not broadcasting to everyone else in range. Apple just isn't hashing, encrypting or otherwise obscuring the password when sent through the SSL connection. So they have access to the password in iMessage; they have access to the password when someone uses icloud.com, appleid.apple.com, or any other Web based access to Apple Services so,

Re:

[Dunbal]

"I use Apple products because they are 'safer'".

Re: Terrible summary

[um... Lucas]

Has apple ever claimed that iMessages were secure? I'm not thinking so. Just that you could send iMessages to other ios users and not get billed for lots of texts, which are far less secure still than iMessages. Next story?

Re:

[JohnnyMindcrime]

In other words all those people using Starbucks' free wifi are broadcasting their Apple ID and password to everyone else in range.

I've never owned an Apple device in my life and have no intention of ever doing so - but wrong is wrong and I have to correct you.

The passwords are encrypted over SSL and therefore anyone snooping a connection will only see gobbledigook - in no way are they broadcast in clear text.

The actual vulnerability here is that someone can, using their own constructed SSL keys, perform a m

Re:

[LordLimecat]

Most sane programs would throw a hissy fit if someone tried to MITM an SSL communication with constructed SSL keys--
A) because the thumbprint would drastically change and
B) because the cert would not be signed by a trusted CA

Re:

[smash]

Point B does not apply if the third party owns the CA infrastructure. But yes, trusting third party keys for secure comms is retarded.

Re:

[myowntrueself]

The fact that Apple can read iMessages and hand them over to the authorities is hardly surprising, especially given that we know they co-operate with the NSA. TFS leaves the last and far more interesting bit right until the end: Usernames and passwords sent in cleartext.

In other words all those people using Starbucks' free wifi are broadcasting their Apple ID and password to everyone else in range.

I read somewhere that the NSA referred to Steve Jobs as 'Big Brother'. That should be all we need to know to assume that ALL Apple products will sell their users out.

Re:

[cgimusic]

I seriously doubt that is what the researchers meant. I think they are saying the passwords will be in clear text when they reach Apple's servers, not that they are not sent over HTTPS.

Re:

[smash]

And hardly surprising either, given that the alternative, SMS (which is charged at stupendous rate) is sent in... cleartext. And email is sent in... cleartext.

Upshot?

[stevemoink]

"The upshot of this is that Apple has the ability to read users' messages if it so chooses."

I do not think upshot means what you think it means.

Re:

[roc97007]

All that schpeal about how they can decrypt your messages, but this gets a single sentance at the end: "Users' AppleID passwords also are sent in clear text to the Apple servers."? Would that pe the same AppleID that is tied to a credit card, so you can buy things in the Apple store?

That Apple can read your messages is not at all supriseing, THIS tidbit is shocking!

Yep. I just bought the entire Grateful Dead catalog on your credit card. Thanks!

Re:

[Dr. Sheldon Cooper]

It's "spiel."

You're welcome.

Comment removed

[account_deleted]

Comment removed based on user account deletion

At the order of a government agency?

[stevegee58]

It seems to me that most of these big, high visibility companies haven't bothered waiting for "orders" from anyone. They've been just rolling over like good little bitches and turning information over based merely on requests.

And....

[roc97007]

...absolutely no-one is surprised....

Wrong

[globalist]

You're reverse-engineering it wrong.

Really?

[Anonymous Coward]

Did these researchers offer any insight as to the religious tendencies of the pope or the defecatory habits of bears in woodland environments?

great!

[nblender]

Now we're closer to an imessage SMS gateway...

The cold hard fact is the NSA reads them all

[WillAffleckUW]

One illegal unconstitutional agency to rule them all and in the darkness blind them.

Re:

[AHuxley]

Thanks to Snowden we now know the US brands are helpers too :)

Oh no!

[rabtech]

Google can read your email!

Jabber servers can read your IMs! So can Yahoo! So can AOL!

Oh wait, this is Apple. Nevermind, carry on with the hysterics.

(FYI: No matter what scheme you devise, key management always gets you because if Apple doesn't have the keys, it makes iMessage much, much harder to use. If they do, then someone can snoop the messages. If you use a chain of trust, who ever sits at the top of the chain can be compromised. In an ideal world, people would learn about crypto keys and understand how to manage them, but you'd have to meet face to face to avoid mistaken identities).

Oh really thats not what I heard

[openthomas]

http://slashdot.org/story/13/04/04/1825231/want-to-keep-messages-from-the-feds-use-imessage [slashdot.org] These guys called it http://www.techdirt.com/articles/20130405/01485922590/dea-accused-leaking-misleading-info-falsely-implying-that-it-cant-read-apple-imessages.shtml [techdirt.com] So leaked documents are being used for disinformation. Hmm... http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document [theguardian.com]

To add some more information about the protocol

[rabtech]

The system appears secure; hacking it requires injecting your own certificate into the trusted roots on the device.

Further, forging messages requires you compromise the private key which is only contained on the device (Apple doesn't know it). The public key is submitted to Apple's push CA which generates a certificate. The public part of your key is what other devices see when they get a copy of your certificate. So far, so good.

The issue is, of course, that Apple controls the CA so in theory if the government ordered them to issue a certificate in your name to the government, the gov could then monitor your communications or forge your identity.

Apple claims not to be able to read iMessages and that appears to be true, and as far as I'm aware not even the Patriot act requires them to issue forged certificates (aka allow the government to impersonate you digitally). So insofar as the law works and is followed, there is no legal authority to compel Apple to issue bunk certificates.

For the curious, when you send a message it contacts Apple and requests the list of public certs for a given URI (telephone number, email address, etc). Apple responds with a list of the public certs issued to each of your registered devices, which the client then uses to send messages encrypted with that public key to each, and also signed with your own private key. The receiver does a similar lookup and uses your public key to validate the signature (proving you sent the message and that it was sent from the correct device even), then uses its own private key to decrypt the message you encrypted with the public key.

I'm not sure how this could be improved. No matter what you do, someone has to be in charge of saying "The certificate for mobile number xxx-yyy-zzzz is ..." and that gives you a chain of trust problem. The alternative is requiring every iMessage user to meet face-to-face to exchange keys before sending any messages.

Re:

[kermidge]

"The issue is, of course, that Apple controls the CA so in theory if the government ordered them to issue a certificate in your name to the government, the gov could then monitor your communications or forge your identity.

Apple claims not to be able to read iMessages and that appears to be true, and as far as I'm aware not even the Patriot act requires them to issue forged certificates (aka allow the government to impersonate you digitally). So insofar as the law works and is followed, there is no legal aut

Assume any providers can sniff your connections.

[antdude]

Secured or not. Encrypted data have to be decrypted somewhere. :(

Theory Smeary

[pubwvj]

Theoretically the Constitution could be changed such that only dogs are allowed to have any control of the government, vote, run for office, piss on the sidewalk, etc. But it is unlikely. Trust me.

Re:

[Richy_T]

And yet it is a word that has a meaning that fits with the way it was used in the sentence. Funny that.

Re:

[jamiesan]

He who controls the spice controls the universe.