Friday, February 28, 2014

iOS Security White Paper

Apple (PDF):

Apple does not log messages or attachments, and their contents are protected by end-to-end encryption so no one but the sender and receiver can access them. Apple cannot decrypt the data.

I still think this is misleading because it ignores the fact that iCloud backups are encrypted with a key that’s in Apple’s possession. We know this because you can buy a new iPhone and restore your backup simply by entering your Apple ID and password. And we know that your password itself is not the key because Apple’s support people can restore your account access if you forget your password.

The other important point is that, since Apple’s servers are handing out the keys, Apple could easily be the “man in the middle” if it ever wanted to intercept messages. In other words, the security in iMessage is purely due to policy (trusting that Apple is not doing this) rather than the architecture or something that we can verify.

The white paper is well worth reading, though I’m not sure why everyone is treating it as a new document, rather than an update to the previous version.

7 Comments RSS · Twitter

Apple's artful deception, for I see no other word, worries me. I do not imagine for a minute they are plotting against their users and covering up for the NSA, that would be taking it rather too far, but I cannot quite understand either why they employ such deceptive language time and time again, while discussing iMessage. Surely saying nothing beyond vague promises of security, à la Skype for years, would be much easier?

I signed up for iCloud two-step authentication, and it informs you several times that if you lose your password, you can use a combination of recovery key and trusted device (iPhone or iPad) to reset. You must agree, several times if fact, that Apple will be unable to resue you if you lose all three.

I think there is benefit to the measure of protecting users from themselves (providing backups that Apple can restore), but two-step authentication seems to be an answer to the security conscious who don't want to just take Apple's word. I'm not a security expert by any means, but perhaps you can comment on this.

@Kyle Here’s Apple’s FAQ on two-factor authentication. I have not seen a detailed white paper on how it works or what security Apple is claiming, though. I guess in theory your iCloud backup could be encrypted with the recovery key, which Apple generates and sends to you but claims it doesn’t store. This is not as secure as the iMessage key that’s generated on the device and never leaves it.

[…] they mean here is that iCloud backups are not encrypted. So, as I’ve said, it’s pretty much irrelevant that the iMessage communications themselves are […]

[…] More on iCloud Backups and Encryption […]

[…] iMessage End-to-End Encryption, Can Apple Read Your iMessages?, iOS Security White Paper (Nick […]

[…] is “encrypted” is not enough information to decide which method is more secure. Apple holds the keys to iCloud backups, but only users know their local backup […]

Leave a Comment