Apple Is Trying to Make iMessages More Private
Lorenzo Franceschi-Bicchierai (via Hacker News):
But, as several security and privacy researchers warned over the years, there’s always been a major, somewhat overlooked catch: If you back up iMessages to iCloud, then Apple—or authorities who can force the company to turn the back ups over—can still read those messages, which to some extent defeats the purpose of the encryption.
[…]
Starting with the upcoming iOS11 all your conversations in iMessage will be automatically synchronized across your iPad, iPhone, Mac and whatever other iGizmo you own, he said. As anyone who uses iMessage knows, that’s something that you can’t do right now. And it leads to annoyances such as having to manually delete messages on all your devices if you want to get rid of an embarrassing message, or having to restore a full backup if you want old iMessages on a newer iDevice.
But if iMessages, which are supposed to be end-to-end encrypted, now sync, doesn’t that mean Apple can decrypt and read them at some point? Apple says that soon won’t be the case.
I look forward to hearing how this works and whether it also affects backups.
Previously: iMessage End-to-End Encryption, Can Apple Read Your iMessages?, iOS Security White Paper (Nick Heer).
Update (2017-08-07): Mark Rowe (also Steven Sinofsky):
Huh. The “Messages in iCloud” feature has been removed in iOS 11 beta 5 and will ship in a future software update to iOS 11.
6 Comments RSS · Twitter
+1. I've been very curious about the technical changes to both iMessage and iCloud backups since this was announced.
"But if iMessages, which are supposed to be end-to-end encrypted, now sync, doesn’t that mean Apple can decrypt and read them at some point?"
I'm baffled by this logic. What am I missing?
If Apple no longer holds the key to the content of the messages, then they are safe on Apple servers, and safe during syncing.
The only issue raised is that this would mean that if a user lost their iCloud password, there would be no recovery possible. But surely this just means that messages will be stored with a different key than the iCloud account itself, no? So if you lose your password, then you'll just lose all stored messages, and not the entirety of your iCloud account.
@Chucky They were end-to-end encrypted before, and Apple didn’t have the key (only for backups). Each device encrypted the messages to only be read on your other devices. Now (it seems) you will be able to get a new device and sync (not restore from backup) all your old messages. So, unless they are relying on you having another device, with the full message history, which can re-encrypt the messages for the new device, they must be getting the messages from the server, and they cannot have been already encrypted for the new device because it didn’t exist at the time the messages were sent. If they use the iCloud password, then Apple would get a copy of it every time you log into iCloud.com. So maybe they make you remember a Messages password that stays on the device. Or maybe there’s some other scheme (like iCloud Keychain uses, but which also has limitations).
> unless they are relying on you having another device
This maybe points to 2FA being the conduit for it. If you go through 2FA, then a new device gets a opportunity to set up its own private key so the device you use for approving the new device can safely send up whatever key is needed to decrypt the old messages. The new device gets the key and can decrypt the messages. And the server never sees the key.
[…] Firm to Operate China iCloud Accounts, Apple Starts Using Google Cloud Platform, iOS 5 and iCloud, Apple Is Trying to Make iMessages More Private, Apple’s iMessage Metadata Logs, Can Apple Read Your […]