Apple Can Read Your iMessages "Whenever They Want,” Researchers Claim

The Citizen's Guide to the Future
Sept. 19 2013 3:48 PM

Apple Can Read Your iMessages "Whenever They Want,” Researchers Claim

151278442
Even your iMessages might not be safe.

Photo by Andy Kropa/Getty Images

Apple says that when people communicate using its iMessage service, their chats are secured using strong encryption. But security researchers are questioning the company’s claims after uncovering what they say is a flaw that enables the messages to be spied on.

Back in April, Apple’s iMessage service attracted attention after a document showed that the Drug Enforcement Agency was complaining internally about not being able to snoop on communications sent using the service. Apple has consistently said that the messages are exchanged using "secure end-to-end encryption," meaning it can’t hand them over to authorities. Even after the technology giant was linked to the National Security Agency ‘s PRISM surveillance program in June, it put out a statement reiterating that iMessage conversations “are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.”

Advertisement

However, it seems that the service is not as secure as Apple would like to have you believe. Two researchers at the security firm Quarkslab claim that they have been studying the protocol used by iMessage, and that “Apple can technically read your iMessages whenever they want.” The researchers, who are due to present their findings at the HITB Security Conference in Asia in October, have apparently found a way to circumvent the encryption using a so-called “man-in-the-middle” attack, which usually involves a hacker covertly bypassing the encryption by using a fake security certificate.

That this may be possible with iMessage is not evidence that Apple has been covertly reading people’s messages, but it does mean that the company’s encryption is vulnerable to being exploited by a sophisticated hacker group or spy agency. One of the Quarkslab researchers told Techcrunch that “the iMessage protocol is strong,” though added that “Apple or a powerful institution (NSA is randomly chosen as an example) could tamper with it.” The researchers say that they are planning to release a tool that will shield against potential iMessage snooping attacks, and hope to work with Apple to strengthen the security of the service. Apple had not responded to a request for comment at time of publication.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

TODAY IN SLATE

Medical Examiner

Here’s Where We Stand With Ebola

Even experienced international disaster responders are shocked at how bad it’s gotten.

It’s Legal for Obama to Bomb Syria Because He Says It Is

Divestment Is Fine but Mostly Symbolic. There’s a Better Way for Universities to Fight Climate Change.

I Stand With Emma Watson on Women’s Rights

Even though I know I’m going to get flak for it.

It Is Very Stupid to Compare Hope Solo to Ray Rice

Building a Better Workplace

In Defense of HR

Startups and small businesses shouldn’t skip over a human resources department.

Why Are Lighter-Skinned Latinos and Asians More Likely to Vote Republican?

How Ted Cruz and Scott Brown Misunderstand What It Means to Be an American Citizen

  News & Politics
View From Chicago
Sept. 23 2014 11:39 AM Obama Can Bomb Pretty Much Anything He Wants To The real constraint on a president’s war-making powers is political, not legal.
  Business
Business Insider
Sept. 23 2014 10:03 AM Watch Steve Jobs Tell Michael Dell, "We're Coming After You"
  Life
The Eye
Sept. 23 2014 11:33 AM High-Concept Stuff Designed to Remind People That They Don’t Need Stuff  
  Double X
The XX Factor
Sept. 23 2014 11:13 AM Why Is This Mother in Prison for Helping Her Daughter Get an Abortion?
  Slate Plus
Slate Plus
Sept. 22 2014 1:52 PM Tell Us What You Think About Slate Plus Help us improve our new membership program.
  Arts
Brow Beat
Sept. 23 2014 11:48 AM Punky Brewster, the Feminist Punk Icon That Wasn’t
  Technology
Future Tense
Sept. 23 2014 10:51 AM Is Apple Picking a Fight With the U.S. Government? Not exactly.
  Health & Science
Bad Astronomy
Sept. 23 2014 11:00 AM Google Exec: Climate Change Deniers Are “Just Literally Lying”
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.