I recently read that Apple can use reverse-engineering to read the messages that are sent through its iMessage service. What is preventing hackers from reverse-engineering my messages, and how can I prevent them from being seen?
Ask the expert
Do you have a security question for Michael Cobb? Submit it now via email! (All questions are anonymous.)
Following Edward Snowden's revelations of the PRISM surveillance program run by the NSA, there has been a lot of debate as to how secure various third-party messaging systems may be. Like most other vendors, Apple has assured that its iMessage conversations are "protected by end-to-end encryption so no one but the sender and receiver can see or read them." However, the company also stated that it "cannot decrypt that data" -- a claim that has sparked controversy with researchers from QuarksLab alleging this is not the case.
So what is the real situation? Should enterprises be concerned?
The end-to-end encryption protecting iMessages uses a random Advanced Encryption Standard key that's encrypted with a Rivest-Shamir-Adleman algorithm key belonging to the recipient. A separate Elliptic Curve Digital Signature Algorithm key is used for authentication. To circumvent these controls an attacker must install fraudulent certificates on the target Apple devices and then set up a rogue server masqueraded as an Apple server to redirect and capture the traffic from both targets. Such a man-in-the-middle attack against the iMessage infrastructure is highly complex and is beyond just about everyone outside of the three-letter agencies. If a device is compromised, it is much simpler to just access the message before it is even encrypted and processed by Apple's servers.
What is a concern, though, is that Apple controls the entire iMessage infrastructure. IMessages are sent to one or more Apple servers and then delivered to one or more devices belonging to the recipient(s). Apple is already playing the role of the man-in-the-middle so could, in theory, introduce fake public keys since it's the mediator of any public key exchanges during an iMessage conversation. Unlike third-party attacks, Apple or a rogue Apple employee could change the proper keys with keys controlled by Apple or other parties without having to ever hack into a user's device. This would allow the company or rogue user to read the content of targeted conversations without any knowledge of interception by the parties exchanging iMessages. The ability to use counterfeit digital credentials is made easier due to Apple's lack of certificate pinning between clients and servers.
The privacy of iMessage is good enough for the average user, but, as with any closed messaging service, users can never be exactly sure of how it works and are reliant on verbal assurances. Operators may even be prevented from admitting if messages are being intercepted by a government order.
To help enterprises mitigate potential risks, QuarksLab developed iMITMProtect, an open source tool that keeps a record of keys retrieved by iMessage on OS X so any changes to keys can be spotted. It's important to note, however, that if the information being exchanged is sensitive to the point that complete secrecy is essential, messaging services like iMessages are simply not an option. Any such messages should be encrypted using certificates issued by a trusted certificate authority -- not by anyone in control of the messaging infrastructure -- and routed through the Internet by a standard mail client such as Thunderbird or Windows Live Mail.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.