Tuesday, October 22, 2013

iMessage End-to-End Encryption

John Gruber:

Leaving aside the moral implications of flat-out lying to their customers, I would think that if iMessage’s back-end were designed with a weakness exploitable by Apple as Quarkslab supposes, Apple would say or promise nothing with regard to iMessage’s susceptibility to server-side decryption rather than compound that weakness with blatant lies to the contrary. To lie would be to take an enormous PR risk for a relatively small PR gain. I say “small PR gain” simply because I doubt most people who use iMessage even know their messages are supposed to be securely encrypted from end-to-end. I say “large PR risk” because if Apple’s statements regarding iMessage encryption are eventually discredited, the backlash in the press will be severe (and justly so).

I agree, but I still think that it’s a mistake to focus on the end-to-end encryption and Apple’s statements about same. Most iMessage users are probably using iCloud Backup, which does retain copies of the messages, and does not encrypt them with a device key. There’s no need to intercept messages that are already being stored. Since Apple has not, to my knowledge, claimed otherwise, I think it’s reasonable to assume that when it provides data to law enforcement this includes data from backups.

Update (2018-04-20): @agilethumbs:

And end to end encryption only matters if you can verify the identity of the other party, which you can’t with iMessage. Wiretapping iMessage is trivial and 100% is happening now. Apple removed their warrant canary four years ago.

7 Comments RSS · Twitter

This is a very good point.

I think there's another problem with Gruber's assessment. Sure, Apple probably isn't lying, but the fact that they have the theoretical ability to access iMessages means that they can be compelled to do so, secretly, in the future. Just trusting Apple and hoping that they won't disclose your private data isn't good enough anymore.

[...] still think this is misleading because it ignores the fact that iCloud backups are encrypted with a key [...]

[…] they mean here is that iCloud backups are not encrypted. So, as I’ve said, it’s pretty much irrelevant that the iMessage communications themselves are encrypted […]

[…] is the point I keep mentioning. iCloud backup is the only way to back up an iPhone without a Mac or PC, and there’s no way […]

[…] iMessage End-to-End Encryption, Can Apple Read Your iMessages?, iOS Security White Paper (Nick […]

Leave a Comment