• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Apple Can Break Through its iMessage System

Updated on Oct 23, 2013 by Guest Authors

In the view of IT security firm Quarkslab, Apple lied when it said it totally couldn’t read iMessage contents. In fact, the researchers at the company said, Apple could furtively eavesdrop on conversations between users out of some sinister intentions or under government coercion.

Cyril Cattiaux, and his colleague with the handle “gg”, explained fully in a white paper the string of methods for anybody within Apple to ambush iMessages. Here’s what the presentation says in summary:

Although there is nothing yet to suggest Apple is actually reading iMessage communications, the end-to-end encryption tool used in the instant messaging system is not snoop proof, either. That means the public keys that supposedly secure the iMessage infrastructure is not hard to crack. Also, the cryptography system isn’t transparent enough to detect whether a message shows up on the device of the intended recipient or falls in the booby trap of the National Security Agency or other third-parties.

mitm1

Apple’s suspicious public key server

The recipient decrypts an incoming iMessage using a private key after an iOS device that extracts the receiver’s public key from Apple’s private server encrypted that message. Senders of encrypted messages need to trust the keys from Apple’s server as truly belonging to the recipient.

A server, indeed, has to be public for senders to determine any alterations to a key. Along this line, the sender is alerted whether a key can be trusted or part of a man-in-the-middle attack (when that key has been changed). But Apple of course has full control of its key server, meaning the company could decide to change the directory anytime if it wanted to read contents of iMessage.

The security flaw also extends to other Apple products such as iMac, Mac Pro, MacBook Pro, MacBook Pro Retina, iPhone, iPod Touch and iPad.

What attackers can do

What aggravates this systemic vulnerability is the capability of a hacker to stealthily change the iMessage before it turns up at the recipient’s device, without the sender and receiver knowing it.

Apple may be telling what it deems proper when it says it’s not intent on re-engineering the iMessage system to penetrate private conversations, but the flaw of the technology lingers for as long as the company refuses to address Quarkslab’s security concerns.

Apple’s recent alleged involvement in NSA’s surveillance program called PRISM remains fresh in our minds. So the tech firm’s assurance that nobody could read encrypted messages within its network is doubtful. Everyone is virtually suspect here.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

POLONO PL60Thermal Label Printer Review

DaranEner NEO2000 Power Station Review – A Beast In A Portable Design

Autonomous SmartDesk Junior Review – Kid Standing Desk with Pegboard and Adjustable Height

OKP Life K2P Robot Vacuum Cleaner Review – Who Should Buy this Vacuum?

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • BLUETTI Valentine’s Day Deals for Canada
  • BLUETTI’s Romantic Deals this Valentine – Up to 30% Off
  • Google Is Launching Bard to Fight ChatGPT, Here Is How It Works
  • POLONO PL60Thermal Label Printer Review

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}