Monday, October 21, 2013

Apple's iMessage security is a myth.

Apple's iMessage instant messenger service, which has made headlines for being uncrackable by law enforcement, is not so secure after all, according to Quarkslab.

An internal document from the United States Drug Enforcement Administration published by CNET in April stated that it was impossible to intercept iMessages between two Apple devices.

"As Apple claims, there is end-to-end encryption," Quarkslab researcher Cyril Cattiaux said. "The weakness is in the key infrastructure as it is controlled by Apple they can change a key any time they want, thus read the content of our iMessages."

Further, metadata about messages is sensitive, Cattiaux pointed out -- and Apple has that metadata.

Apple insists that iMessage is not architected to let it read messages and insisted that Quarkslab discussed theoretical vulnerabilities that would require Cupertino to re-engineer the iMessage system to exploit it, something the company does not plan to do.

"At the 10,000-foot level, Quarkslab's technical argument is that it is possible to reverse-engineer Apple's encryption technology," Randy Abrams, a director of research at NSS Labs, told TechNewsWorld.

However, the effort required "is such that you already have to be a person of extreme interest to some group somewhere in the world with a high level of technical expertise, and be worth the investment of time and effort," he continued. "No average user, or even crook, is likely to be worth the effort."

Source: Tech News World

No comments:

Post a Comment