Thursday, January 14, 2021

Reminder: iMessage Not Meaningfully E2E

David Heinemeier Hansson (Hacker News):

If you use iCloud Backup AT ALL, which is the default, your use of iMessage is not E2E because Apple has a backup of the encryption keys 🤯. And even if you turn off this backup, your recipient probably didn’t. So iMessage is not meaningfully E2E at all!

[…]

Apple’s marketing of iMessage’s E2E is seriously deceptive.

You would think a company serious about privacy would explain the situation in plain English. Or allow more granular control so that you don’t have to choose between giving Apple all your messages and not having a cloud backup.

David Heinemeier Hansson:

I cannot believe Apple conned me into thinking iMessage was meaningfully E2E 😞.

David Heinemeier Hansson:

So say you wake up one morning. Realize that Apple has been lying about E2E with asterisks and omissions and defaults, and you then turn off your iCloud backup. How long does it take before these backups are permanently gone from Apple’s servers? Can’t find a retention answer.

Noah Williams:

Hey so since @dhh has just reminded me of all the ways Apple deceives us into thinking their products are secure, I’d just like to compile my thoughts on all the ways backdoors currently exist within iOS[…]

Apple saves your call logs to the cloud unless you turn off iCloud Drive (not iCloud backups)[…]

[…]

The default length of an iOS passcode which you’re prompted to setup out of the box is six digits, which is laughably easy to brute force.

[…]

Also, you can’t even request to disable server side logging of Siri commands without putting your phone in supervised mode…

Previously:

Update (2021-01-18): See also: Hacker News.

14 Comments RSS · Twitter

I don't know, TBH I think this is utter nonsense. I don't have iCloud backup enabled for good reasons, after all it contains everything you do on your phone, not just messages. Do you want all that on the clown? Where by all means is the surprise in that?

I do agree that Apple could do much more on the encryption front (I won't ever use any such services, e.g. iCloud photos neither, until the data is properly encrypted on device - it is not much to ask for, essentially all cloud backup services work that way since like 10+ years). Or on distributed services in the first place (let me run my "myCloud" on my AppleTV, it's plenty capable for that, let me own my data).

But the thing which is close to ridiculous is that this is coming from someone hosting an email service which doesn't even provide that level of security conceptually, switches or not.

This probably means that iMessage can be E2E and if people are serious about security they already new about unsecure nature of iCloud backups and disabled them. And for many unexperienced users iCloud backup is a bad deal too, just because 5Gb is ridiculously insufficient and backup often is a first candidate to drop in order to free up space for photos.

The bigger issue is that most people use 3rd party email clients to login to iCloud. That is not encrypted too, and data from those services can be harvested for various reasons.

The importance of E2E that iMessage can provide is more vital in countries where other services are prohibited, like China. It's better to have iMessage there as it is now, than not to have it at all.

> The bigger issue is that most people use 3rd party email clients to login to iCloud. That is not encrypted too, and data from those services can be harvested for various reasons.

Where is the issue here? Or more specifically, why does the 3rd party matter? iCloud _email_ is just standard IMAP4(S). If you want the content encrypted (apart from the TLS transport encryption all clients do), setup S/MIME or PGP. The former is even supported by iOS natively. (it's a little work, but supported, if you need it, you'd do it - it's very unfortunate that Apple didn't invest to make secure email much easier)

@Helge The surprise is that Apple consistently advertises how private iMessage is without mentioning the backup backdoor. They literally say ”there’s no way for Apple to read your messages when they’re in transit between devices,” which is written that way to give you the impression that it’s secure, but it leaves out backup and also their ability to distribute fake keys. So you end up with smart people like DHH only just figuring out the truth 9 years later.

Hopefully they add this. As we all know, the best way to get a bug fixed at Apple is to file a Feedback. Wait, I meant to say, the best way to get a bug fixed is BAD PR from high-profile developers like DHH. If that doesn’t do it, I’d love to see someone ask an Apple exec, in an interview, why their privacy isn’t as good as Facebook’s. Because WhatsApp has end-to-end encryption.

Since there is no proper alternative to iCloud backups (i.e. there's no third-party tool you can install to backup your phone regularly to a local destination), iCloud Backup is the only reasonable option most people have.

(Any option that starts with "connect your device to your computer" is a non-starter for most people.)

I've known about this for ... years. People need to be more skeptical of Apple, Messages never really was that secure and there are other messengers that do "multi device messaging right" like Signal and even Keybase, post Zoom acquisition.

Apple needs to learn how to do this right without "acquiring" another messenger like Wickr or Signal. All they'll do is cut off cross platform support and then take a good product and sherlock it. And by sherlocking I mean "mess it up."

Where did all your good, security conscious people go, Apple?

@Helge when a use creates a new Apple ID it's not easy not to use 3rd party service, let's say a local ISP mail provider. For many people it means that they provide some abstract service that is not secure.
Yes, some experts can do it all in a secure way, but vast majority of people will use what they have, like a university address, or from ISP, some will use GMail, but that's not available in all countries. It will not be secure all all.
Thus password resets and numerous phishing emails will be sent there. Who captures that is a question.
It all would be much safer and robust if people are asked for a unique ID name and the email and all other communication from that point on is managed by Apple.
One does not need any 3rd party email address to login to GMail, Google handles it all. It's possible to add backup addresses, but not required. Because of that it's harder to hack into GMail.

That’s known and published by apple since the beginning of iCloud backup. My understanding is, that every service (like photos) in iCloud is properly encrypted, so should be messages in the Cloud, enabled 2 y ago. Then, the messages are not in iCloud backup anymore (as all the other enabled services). Some differing information anyone?

@Tom iCloud Photo Library is not E2E. Messages in the Cloud is, but the key is in iCloud backup, which is equivalent to having the messages there, too.

[…] and “true end-to-end decryption in a way that Apple cannot reverse” remains a source of consternation, especially as Apple’s own documentation is anything but […]

Things Apple can't do much about:

* as long as customers expect some kind of 'out' for emergency support cases, someone at Apple needs a key to decrypt backups. "I know what I'm doing" buttons only get you so far.

Things Apple could do something about:

* their messaging in general could improve. What gets encrypted, what can Apple read, etc. I've found this quite confusing with Apple Pay, for example: please just make a matrix of customer, bank, store, Apple, and show me who sees what information.

* regarding e-mail encryption, they need to look into making this easy to setup. I'm not sure if everyone is waiting for someone else to do it, or if there's some reason this can't be meaningfully solved at a mass scale. Office 365 also makes this needlessly hard. Just give me a certificate server and a front-end that generates an S/MIME cert. (PGP, in contrast, isn't going to work. Sorry, but nobody builds a "web of trust".)

* alternatives to iCloud backups. Hopefully, we'll eventually see something like Full Disk Access, but even if not, we should get some equivalent of Time Machine.

@Sören Yes, Settings should show you in plain English what Apple can read, and I should be able to authorize an app to make my own cloud backup.

[…] backups — that is, those to an account without Advanced Data Protection — through the same loophole as existing iMessage end-to-end encryption? It does not seem to me that Apple’s goal has ever […]

Leave a Comment