Researchers claim to have discovered Apple’s technical ability to read iMessages despite encryption
To unveil concept and claims alongside attack demonstration at HITBSecConf 2013 KL
SECURITY researchers have discovered a flaw which they claim gives Apple Inc the technical capability to read any iMessage, casting doubt on the Cupertino, California-based giant's own claim that conversations that take place over iMessage and FaceTime are protected by end-to-end encryption.
Cyril Cattiaux and GG, security researchers from Quarkslab based in France are set to unveil their findings in a presentation entitled 'How Apple Can Read Your iMessages and How You Can Prevent It' at the upcoming Hack in The Box Security Conference (HITBSecConf) set to take place in Kuala Lumpur on Oct 16.
In an email interview with Digital News Asia (DNA), Cattiaux -- better known under the moniker Pod2G -- said that the duo has been working on iMessage for approximately six months now, on different subjects.
“Finally, we focused on the encryption mechanisms utilised and if they are really protecting the user privacy. We were surprised about Apple claims on its commitment. We were pretty sure that it could read user messages, so we tried to build a proof of concept code,” he said.
He clarified that it wasn’t a security vulnerability but rather a conception issue giving Apple the ability to read messages transmitted over its closed-source, undocumented protocol.
“A big part of the iMessage protocol is protected at the binary level via obfuscation techniques, and also, the protocol is closed-source and not documented anywhere,” he added.
Despite the encryption used by Apple, the duo claimed to have discovered a method of performing a man-in-the-middle (MITM) attack, which can intercept these messages and allow them to be read.
After the United States’ National Security Agency's (NSA) secret surveillance programme came to light earlier this year, the discovery adds to the heightened scrutiny in ongoing discussions over how much or how little American technology companies can do to resist government demands for information and data.
Earlier this month, Facebook and Yahoo joined Google and Microsoft in addressing the US Foreign Intelligence Surveillance Court to legally allow them to make public the data requests received from the NSA as part of the PRISM programme.
The news that messages sent over Apple’s messaging platform can be read comes after a spirited denial in June this year, when the company issued a statement reaffirming its commitment to user privacy.
Apple stated that it took pains to protect personal information stored on its servers, in many cases by not collecting it in the first place.
"For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them," company officials wrote.
"Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form."
In a separate interview with TechCrunch, the researchers stated that the iMessage protocol is strong and only Apple or a powerful institution could tamper with it.
“Technically, we can do it and we’ll demo it, but there are some prerequisites. In a position of an external attacker, the encryption is strong enough to consider other targets to spy on a particular phone. In the position of Apple, things are really different,” Cattiaux told TechCrunch’s Matthew Panzarino.
In October of last year, Apple shared that 300 billion iMessages have been sent since the system mades its debut in the autumn of 2011. The company stated that 140 million iOS users are sending one billion iMessages every day around the world.
When asked by DNA what kind of response they are expecting from Apple, Cyril said that they didn’t think the technology giant would answer their claims.
“Maybe we didn't make the right move, and we're looking forward to get in touch with them in order to make iMessage even more secure.
“We would be happy if they fix the issues in the operating system itself, because requiring people to use our tweaks to improve their privacy is not the best solution. That would definitely be much more efficient if it were to be natively built into iOS or OS X platforms,” he said.
The team intends to release a tool for jailbroken devices preventing such man-in-the-middle attacks at HITBSecConf, but said that there is no practical solution for non-jailbroken devices.
“Protecting iMessages means talking to system services that we are not allowed to when writing an AppStore application. If there's no update coming from Apple, there's no fix,” Cattiaux said.
At the moment, avowing iMessage is the best solution for those who are critically concerned about their privacy, he said.
Alongside outlining the security protocols involved in iMessage and attack demonstration, more information and thoughts on the issue can be expected at their presentation, come October.
To read the presentation synopsis, click here.
For more information on HITBSecConf 2013 KL, click here.
Security heavyweights from Akamai and FB at HITBSecConf KL
HITB spreads its wings, and nearly sinks
WhatsApp security flaws back in the spotlight
More companies using encryption to protect sensitive data
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.