Although some have said in the past that Apple Inc. (NASDAQ:AAPL)’s iMessage system isn’t truly private, some researchers claim to have proof that both Apple and the National Security Agency can read those messages. That’s according to Lorenzo Franceschi-Bicchierai of Mashable.
Jailbreak hacker explains why Apple’s iMessage isn’t private
According to the report, Cyril Cattiaux, an iOS jailbreaker who doesn’t want to give his full name and is known as pod2g and gg, wrote a blog post on Quarkslab regarding the findings from two researchers. The post emphasizes that they are not saying that Apple Inc. (NASDAQ:AAPL) reads users’ iMessages, but rather, that it is able to do so.
They note that there is end-to-end encryption of those messages, just as Apple Inc. (NASDAQ:AAPL) claims. However, they say the weakness lies in Apple Inc. (NASDAQ:AAPL)’s control of the key infrastructure because it can change a key anytime they want. And since Apple Inc. (NASDAQ:AAPL) can read those messages whenever it wants, it can also provide the messages to law enforcement if officials produce a court order requiring it to do so.
The NSA can spy on you—with or without Apple’s help
The researchers also said if Apple Inc. (NASDAQ:AAPL) wanted to make it easier for the NSA or another government agency to spy on one of its users, the company could add another device to the user’s account without notifying him that a new device had been added. Usually users receive a message when there’s a new device linked to their Apple ID.
They even suggest that powerful government agencies may be able to spy on iMessage users without Apple’s help by compromising the certificates used by devices to connect with Apple Inc. (NASDAQ:AAPL)’s servers when sending or receiving messages. They also claim that Apple ID passwords aren’t encrypted, so it would be easy for hackers to steal those passwords and use them to access other devices.
Apple defends iMessage
A spokesperson for Apple Inc. (NASDAQ:AAPL) said the findings of the researchers are only theoretical, saying that the iMessage service isn’t made to allow the company to read users’ messages. She added that the research talked about “theoretical vulnerabilities” which would require them to “re-engineer” iMessage so that they could exploit it. She also said that they currently don’t have any plans to do that.
Apple Inc. (NASDAQ:AAPL) also said its iMessage system is private earlier this year after details about the NSA’s PRISM data mining program surfaced. Privacy has become an even greater concern this year as more and more information reveals just how much data the government is able to access.