Latest in Apple

Image credit:

Researchers challenge Apple's 'unbreakable' iMessages

Share
Tweet
Share
Save

Sponsored Links

Shortly after revelations about the NSA's data-snooping programs became public, Apple publicly stated that the end-to-end encryption used in iMessage was so good that it was impossible for anyone -- including Apple -- to break the code. Now security researchers are saying that it could be possible for someone inside Apple to intercept uncoded messages either for themselves or the government.

The researchers spoke at the Hack in the Box conference in Kuala Lumpur, with iOS jailbreaker Cyril Cattiaux going so far as to call Apple's assertion that iMessage encryption is rock-solid "just basically lies." The team noted that there's no evidence that Apple or the NSA is actually reading iMessages, but say that it's possible.

Apple uses public key cryptography to encrypt iMessages, and Cattiaux says that "Apple has full control over this public key directory." That means that a sender doesn't have the ability to see whether a key has changed, or if the key is actually under the control of the recipient. Another researcher noted that "they give the key and nobody can really know if it's a substitute or anything like that ... it's a matter of trust."

Cryptography expert Moxie Marlinspike wasn't involved with the research, but noted that trusting another party to manage cryptography keys on your behalf is no more secure than trusting them with unencrypted text. As Paul Kocher of Cryptography Research put it in an email to Computerworld, "It isn't fair to criticize Apple too heavily since other services aren't better (and most are worse)."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Google WiFi successor could include Assistant-enabled beacons

Google WiFi successor could include Assistant-enabled beacons

View
'Dragon Ball Z: Kakarot' arrives on January 17th, 2020

'Dragon Ball Z: Kakarot' arrives on January 17th, 2020

View
Nintendo is holding an online 'Mario Kart 8 Deluxe' tournament this Sunday

Nintendo is holding an online 'Mario Kart 8 Deluxe' tournament this Sunday

View
LinkedIn's new quizzes can prove you're not lying on your resume

LinkedIn's new quizzes can prove you're not lying on your resume

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr