US Officials Recommend Encrypted Messaging Apps
The hacking campaign, nicknamed Salt Typhoon by Microsoft, is one of the largest intelligence compromises in U.S. history, and it has not yet been fully remediated. Officials on a news call Tuesday refused to set a timetable for declaring the country’s telecommunications systems free of interlopers.
[…]
In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications.
Via John Gruber:
It seems kind of new for the FBI to call encryption “our friend”, but now that I think about it, their beef over the years has primarily been about gaining access to locked devices, not eavesdropping on communication protocols. Their advocacy stance on device encryption has not changed — they still want a “back door for good guys” there. Their thinking, I think, is that E2EE communications are a good thing because they protect against remote eavesdropping from foreign adversaries — exactly like this campaign waged by China. The FBI doesn’t need to intercept communications over the wire. When the FBI wants to see someone’s communications, they get a warrant to seize their devices. That’s why the FBI wants device back doors, but are now encouraging the use of protocols that are truly E2EE. But that’s not to say that law enforcement agencies worldwide don’t still fantasize about mandatory “back doors for good guys”.
Sophisticated state-sponsored campaigns from China are constantly targeting network appliances and devices. Among the culprits are four major APT groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant. Volt Typhoon made headlines earlier this year when the FBI removed their malware from hundreds of routers across the US.
The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. By abusing their components that make up part of the infrastructure, the Chinese are said to have been able to eavesdrop on political and industrial leaders in multiple countries.
While writing the previous item regarding the FBI encouraging the use of E2EE text and call protocols, I wound up at the Play Store page for Google Messages. It’s shamefully misleading regarding Google Messages’s support for end-to-end encryption. As I wrote in the previous post, Google Messages does support E2EE, but only over RCS and only if all participants in the chat are using a recent version of Google Messages. But the second screenshot in the Play Store listing flatly declares “Conversations are end-to-end encrypted”, full stop. That is some serious bullshit.
I don’t see what the big deal is when the third sentence of the description says: “End-to-end encryption is on by default when you message other Google Messages users who have RCS enabled.”
Apple marketed iMessage as end-to-end encrypted for years, even though it really wasn’t if you had iCloud backup enabled. And it still isn’t, by default—you have to opt into Advanced Data Protection. Neither the App Store nor the Messages & Privacy page mentions this.
The Government executed a search warrant at Defendant’s residence and seized fifty-two devices, including an iPhone and an iPad. Law enforcement identified contraband on several devices, but could not examine the iPad, which was passcode-protected, or the iPhone, which would not power on.
The Government retained the iPad and iPhone for over a year. Eventually, with the assistance of a digital forensics expert who had not previously been involved in the investigation, the Government was able to repair the iPhone and power it on. The Government then applied for, and received, a new search warrant. Pursuant to this authority, agents searched the iPhone and—thanks to intervening developments in digital forensics tools—the iPad.
The most logical assumption would be that a non-working device would be of limited evidentiary value. But the DHS (whose Homeland Security Investigations unit took point in this case) apparently felt otherwise.
What’s almost hidden here is that reviving the phone led to the government being able to crack it, despite the presence of a passcode. And, in case you’re still wondering about the value of walled gardens, cracking the iPhone immediately led to cracking the iPad, which suggests if the government has one Apple device owned by a suspect it can get into, it can probably get into the rest of their Apple devices.
[…]
This is another government party extensively modifying seized property to make it more receptive to phone-cracking efforts. One would think a court would need to be apprised of this opportunity before it became a reality, if for no other reason than the original warrant only authorized a search, not the literal cracking of a cell phone (or its casing, at least) to replace a circuit board and install new firmware.
This was apparently an iPhone 6, however.
Previously:
- China Possibly Hacking US “Lawful Access” Backdoor
- Apple Drops Lawsuit Against NSO Group
- Apple Intelligence Privacy Dark Patterns
- Apple Alerts Users to Mercenary Spyware Attacks
- UK Proposal to Weaken Messaging Security
- Advanced Data Protection for iCloud
- WhatsApp More Private Than iMessage
- FBI Guide to Getting Messaging Data
- Google Messages Adds End-to-End Encryption
- Reminder: iMessage Not Meaningfully E2E
- Attorney General William Barr on Encryption Policy
- Apple’s iMessage Metadata Logs
- FBI Asks Apple for Secure Golden Key
- Can Apple Read Your iMessages?
12 Comments RSS · Twitter · Mastodon
iMessage is end to end encrypted. If those messages are decrypted upon receipt and written to storage, then that storage is backed up to an unencrypted location or a location where a key is escrowed, that doesn’t suddenly make the protocol plaintext.
If unencrypted or key-escrowed backups mean a protocol can’t be declared “end to end encrypted” then there are no end to end encrypted protocols.
@Yet The iMessage protocol is E2EE, but the iMessage service/system, the thing that people actually use, is not (by default). Wikipedia says “E2EE is a method of implementing a secure communication system where only communicating users can participate. No one else, including the system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to read or send messages.” This is clearly not the case with the standard iPhone configuration.
In contrast, Google Messages, if the participants have recent devices (where RCS and E2EE backups are enabled by default), is automatically E2EE.
@Michael Tsai is correct. If the platform provider can decrypt something, it isn't E2EE. That's pretty clear.
Gruber being weird about non Apple stuff is just how he rolls.
The Wikipedia article explains that “E2E encryption” originally meant (at the time of iMessage’s launch) exactly what it sounds like (and no more). Encrypted during transit (only).
But that in 2014 the term‘s meaning was changed something something WhatsApp.
See the “Etymology” section https://en.m.wikipedia.org/wiki/End-to-end_encryption#:~:text=Etymology
@Someone else Regardless of the term used, Apple has consistently told customers that it can’t access the message data. Here they are in 2013 saying that they don’t provide iMessage data to law enforcement because they “cannot decrypt that data” and that they do “not store data related to customers’ location.” But at that time they did store the encryption key and did store the IP address, which could be used to geolocate users.
@Michael, I don’t have a horse in this race but according to apple:
“Messages are backed up in iCloud and encrypted if you enable iCloud Backup or Messages in iCloud. iMessage is end-to-end encrypted. The phone number or email address you use is shown to the people you contact, and you can choose to share your name and photo.” Nov 6, 2024
Is that actually untrue?
@Someone It’s correct but a sleight of hand because “encrypted” in the first part actually means “Apple can read it.”
@Michael, I understand what you’re saying now:
iMessages are encrypted at rest, but the user’s key is stored in the backup unless you have Advanced Data Protection on. so I guess it’s possible to decrypt.
https://warnerchad.medium.com/is-apple-imessage-end-to-end-encrypted-it-depends-8bcdcbd8c89b
“In other words, if you’re not using Advanced Data Protection, and you have iCloud Backup enabled on any device where you use iMessage, the key to decrypt your messages is included in the backup stored on Apple’s servers. Apple can read your backup; note that in the Data categories and encryption section of the Apple iCloud security overview, the type of encryption under Standard data protection for iCloud Backup (including device and Messages backup) is listed as In transit & on server, not End-to-end. Under Advanced Data Protection, it’s End-to-end”
I don’t personally don’t think that everything should be encrypted anyway, and that iMessage is encrypted enough for the average user who backs up to iCloud, but maybe I’ll feel different in 4 years.
Remember that the other person having Advanced Data Protection enabled is also a factor which you can’t know from your view.
E2EE is so vague as to have different meaning that you need follow up questions to know what you are dealing with. A good clue that storage of your ends are encrypted is if you choose a key and the provider can’t help you if you lose that key.
@Someone Yes. If you look at the Previously links above, I’ve been writing about this since 2013 or so. That it is still a surprise to people is a clue that Apple is not explaining it clearly.
@Eric Indeed.
@Michael, I knew about the iCloud backup = access to all user’s data but I didn’t know the mechanism, and now I’m curious about what exactly of iMessage’s backup can be decrypted (all?) and what can’t (as that’s rarely in the news.)
But to my ears, E2E doesn’t require “encryption at rest to everyone but owner”. I’ve always assumed that once it’s decrypted, its the users responsibility to safe/private storage.
But maybe that’s Gigabyte = 1024 or 1000 megabytes… a shifting but technically correct interpretation… and apple’s using the definition that’s beneficial to their marketing.
But as seen in my link to apple’s PR above, Apple does make it sound like iMessage is encrypted-to-anyone-but-the-owner and that would be misleading, or at least contradictory to my first paragraph above.
@Someone Yes, all of the iMessage data can be decrypted by Apple, unless you opt into Advanced Data Protection.
Apple uses E2EE to mean that they can’t read it. They are very careful to not say anything incorrect, but the way they write it gives an incorrect impression unless you understand their definitions and read it carefully.
When they say that messages are backed up and encrypted and that iMessage is E2EE, it sounds like the second part is building on the first, i.e. that iMessage data is backed up and everything to do with iMessage is E2EE.
What they actually mean is that delivery of an iMessage that you send to someone is E2EE and that the data for the Messages app is backed up but not E2EE.