Image: Flickr, afagen
Security experts have long suspected that iMessage is not as safe and impenetrable as Apple claims. But a group of researchers says it has proof that Apple can indeed eavesdrop on your iMessages — and the NSA can, too.
The researchers, through a careful and thorough study of the iMessage protocol, conclude that Apple has the ability to intercept and decrypt iMessages. Even though the messages are encrypted end-to-end, Apple manages the keys needed to encrypt and exchange the messages, the researchers found.
"Yes, there is end-to-end encryption as Apple claims, but the weakness is in the key infrastructure as it is controlled by Apple: They can change a key anytime they want, thus read the content of our iMessages," reads a blog post published on Thursday by Cyril Cattiaux, an iOS jailbreak hacker known as "pod2g," and "gg" (who doesn't want to reveal his full name), two security researchers who exclusively shared the post in advance with Mashable.
UPDATE — Oct. 18, 10:33 a.m.: Apple says the issue uncovered by the security researchers is just theoretical, and that the iMessage system is not designed to allow Apple to eavesdrop on its users' communications.
"iMessage is not architected to allow Apple to read messages," says Trudy Muller, an Apple spokesperson. "The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so."The researchers discovered that when an Apple device sends an iMessage to another device, instead of exchanging the encryption keys directly — as other encryption apps do — the keys are managed by a directory called "ESS server."
Therefore, if a law enforcement agency or the NSA is interested in the content of someone's iMessages, it could approach Apple with a request to make a small change in the way the server manages the keys — and then perform live surveillance, reading every message the suspect sends. No cases of such surveillance have been reported, and Apple has stated that, in general, it only responds to requests that get carefully evaluated by its legal team.
The two researchers, with the help of Quarkslab colleague Fred Raynal, showed that Apple controls the encryption keys used to scramble iMessages, which gives it the ability to perform a so-called "man in the middle attack." In cryptography, this refers to a scenario in which — unbeknownst to the two people messaging one another — a malicious eavesdropper stands between them, relaying the messages and impersonating the sender and the receiver.
Mashable showed the research to two independent technology experts, who both agreed that the researchers' claims are legitimate and backed up by their findings.
"Because Apple controls the device and they issue the keys, it's clear that if Apple wanted, they could 'man in the middle' so that they could themselves decrypt it,” Ashkan Soltani, an independent privacy researcher who has recently worked with The Washington Post on its NSA coverage, told Mashable. "By storing the keys, by being the key arbiter, it puts them in a position that let's them tamper with the keys."
Matthew Green, a cryptography researcher and professor at Johns Hopkins University Information Security Institute, agrees.
"It seems that they have pretty much unfettered ability — technologically — to eavesdrop if they wanted to," Green said. "Yes, it's end-to-end encrypted, which is good […] but it's only encrypted with the key that Apple tells me is your key."
Experts like Green, who has written extensively on the subject, have long suspected Apple's claims that iMessages can't be read by anyone but the sender and receiver may have been exaggerated. But previously, no one was able to prove that iMessages could be intercepted — only that they could be retrieved through backups in iCloud.
Apple has repeatedly denied its ability to eavesdrop on iMessages. In fact, over the summer, the company went on the record with a bold denial.
"Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them," read a statement issued by Apple following the revelation of NSA top secret surveillance program PRISM. "Apple cannot decrypt that data."
But according to the new research, it can.
"Apple's claim that they cant read end-to-end encrypted iMessage is definitely not true," the researchers wrote, who work for Quarkslab and presented their findings at the HackInTheBox conference in Kuala Lumpur on Thursday (you can see their presentation slides here.)
Apple did not respond to multiple requests for comment.
oltani, the privacy researcher, notes another way of intercepting the messages: If a government agency like the NSA approached Apple and asked to eavesdrop on iMessages, Apple could add a device to a user's account without sending him a notification. Usually, when a new device is linked to an Apple ID, the user is notified.
"It seems trivial to have Apple suppress that message," Soltani said, explaining that Apple could "simply add a third device which is a monitoring station that can intercept."
The researchers claim that this "man the middle attack" could potentially happen even without Apple's cooperation. The researchers note that a powerful agency like the NSA — or China — could perform such attacks by compromising the certificates that an iPhone or iPad uses when connecting to the server to send messages. While these
attacks "are unpractical to the average hacker," they are possible for large-scale attackers, the researchers note in their blog post.
According to the researchers, when an iPhone or an iPad sends a message to Apple's server, there is no "certificate pinning." This means a hacker could use a fake certificate to trick the devices into sending keys and messages. In 2011, hackers obtained bogus certificates that would have potentially allowed them to impersonate websites like Google and Microsoft, letting them steal users' login and password information.
The Quarkslab researchers claim that something similar could take place with iMessage, too. They found that the Apple ID password is not encrypted, so a hacker with access to iMessages could potentially also steal a user's Apple ID and use it to access other devices.
The research doesn't accuse Apple of intercepting messages; it simply shows that it is technically possible for them to do so if approached by a government agency. However, these findings cast serious doubt on Apple's previous claims.
"An important lesson for companies: don't oversell the security capabilities of your product,"Matthew Green tweeted. "Someone will take it apart to check your work."
0 comments
Post a Comment