Apple Can Read Your iMessages "Whenever They Want,” Researchers Claim

Future Tense
The Citizen's Guide to the Future
Sept. 19 2013 3:48 PM

Apple Can Read Your iMessages "Whenever They Want,” Researchers Claim

151278442
Even your iMessages might not be safe.

Photo by Andy Kropa/Getty Images

Apple says that when people communicate using its iMessage service, their chats are secured using strong encryption. But security researchers are questioning the company’s claims after uncovering what they say is a flaw that enables the messages to be spied on.

Back in April, Apple’s iMessage service attracted attention after a document showed that the Drug Enforcement Agency was complaining internally about not being able to snoop on communications sent using the service. Apple has consistently said that the messages are exchanged using "secure end-to-end encryption," meaning it can’t hand them over to authorities. Even after the technology giant was linked to the National Security Agency ‘s PRISM surveillance program in June, it put out a statement reiterating that iMessage conversations “are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.”

Advertisement

However, it seems that the service is not as secure as Apple would like to have you believe. Two researchers at the security firm Quarkslab claim that they have been studying the protocol used by iMessage, and that “Apple can technically read your iMessages whenever they want.” The researchers, who are due to present their findings at the HITB Security Conference in Asia in October, have apparently found a way to circumvent the encryption using a so-called “man-in-the-middle” attack, which usually involves a hacker covertly bypassing the encryption by using a fake security certificate.

That this may be possible with iMessage is not evidence that Apple has been covertly reading people’s messages, but it does mean that the company’s encryption is vulnerable to being exploited by a sophisticated hacker group or spy agency. One of the Quarkslab researchers told Techcrunch that “the iMessage protocol is strong,” though added that “Apple or a powerful institution (NSA is randomly chosen as an example) could tamper with it.” The researchers say that they are planning to release a tool that will shield against potential iMessage snooping attacks, and hope to work with Apple to strengthen the security of the service. Apple had not responded to a request for comment at time of publication.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

TODAY IN SLATE

Culturebox

The Ebola Story

How our minds build narratives out of disaster.

The Budget Disaster That Completely Sabotaged the WHO’s Response to Ebola

PowerPoint Is the Worst, and Now It’s the Latest Way to Hack Into Your Computer

The Shooting Tragedies That Forged Canada’s Gun Politics

A Highly Unscientific Ranking of Crazy-Old German Beers

Education

Welcome to 13th Grade!

Some high schools are offering a fifth year. That’s a great idea.

Culturebox

The Actual World

“Mount Thoreau” and the naming of things in the wilderness.

Want Kids to Delay Sex? Let Planned Parenthood Teach Them Sex Ed.

Would You Trust Walmart to Provide Your Health Care? (You Should.)

  News & Politics
Politics
Oct. 22 2014 9:42 PM Landslide Landrieu Can the Louisiana Democrat use the powers of incumbency to save herself one more time?
  Business
Continuously Operating
Oct. 22 2014 2:38 PM Crack Open an Old One A highly unscientific evaluation of Germany’s oldest breweries.
  Life
Gentleman Scholar
Oct. 22 2014 5:54 PM May I Offer to Sharpen My Friends’ Knives? Or would that be rude?
  Double X
The XX Factor
Oct. 22 2014 4:27 PM Three Ways Your Text Messages Change After You Get Married
  Slate Plus
Tv Club
Oct. 22 2014 5:27 PM The Slate Walking Dead Podcast A spoiler-filled discussion of Episodes 1 and 2.
  Arts
Culturebox
Oct. 22 2014 11:54 PM The Actual World “Mount Thoreau” and the naming of things in the wilderness.
  Technology
Future Tense
Oct. 22 2014 5:33 PM One More Reason Not to Use PowerPoint: It’s The Gateway for a Serious Windows Vulnerability
  Health & Science
Wild Things
Oct. 22 2014 2:42 PM Orcas, Via Drone, for the First Time Ever
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.