NPC Seal
We use cookies to ensure you get the best browsing experience. By continued use, you agree to our privacy policy and accept our use of such cookies. For further information, click FIND OUT MORE.
I AGREE FIND OUT MORE
x
advertisement
Filtered by: Scitech
SciTech

Apple can read your iMessages, researchers warn


Think the messages you send via Apple's iMessage platform are fully secure? Think again: Apple employees can read them if they wanted to—or if ordered to by the government.
 
At least that's the claim made by researchers from Quarkslab who have reverse-engineered the instant messaging platform.
 
"(W)e are not saying (that) Apple reads your iMessages. What we are saying (is that) Apple can read your iMessages if they choose to, or if they are required to do so by a government order," the researchers said in a blog post.
 
They also said that while there is end-to-end encryption, Apple controls the key infrastructure, and can potentially read the content of iMessages.
 
Apple also has users' metadata - such as the sender and intended recipient of an iMessage.
 
Yet, it said the question involving access to IM messages is "more ethic than legal."
 
"For people working in the security industry, this is not a surprise. It is the role of a government to ensure security of people, and governments need ways to eavesdrop dangerous people. The question is more ethic than legal, and deals with the power given to intelligence agencies," Quarkslab said.
 
It suggested the possibility of a man-in-the-middle (MITM) attack, which assumes one can overcome the defenses Apple had set up for the iMessage system.
 
Such an MITM attack has the potential not just to intercept an iMessage but also to modify it, it said.
 
"Apple's claim that they cant read end-to-end encrypted iMessage is definitely not true. As everyone suspected: yes they can!" it said.
 
'Unpractical to hackers'
 
On the other hand, Quarkslab said present attempts at an MITM attack on Apple may be "unpractical to the average hacker" because of the security measures built into the iMessage infrastructure.
 
A separate article on ArsTechnica noted the finding was delivered at a Hack in the Box presentation.
 
It added the finding "contrasts sharply" with Apple's assurances that iMessage conversations are encrypted such that no one but the sender and receiver can see or read them, and that Apple "cannot decrypt that data."
 
ArsTechnica cited the QuarksLab findings indicating such MITM exploits against iMessage "require so much effort that they could probably be carried out only by three-letter agencies, and even then only under limited circumstances."
 
However, it added there is "no technical measure stopping Apple employees, working under a secret court order or otherwise, from performing the same kind of attack and making it completely transparent to the parties exchanging iMessages."
 
"Unlike third-party attacks, these insider exploits would require no tampering of end-user devices," it added.
 
Because of this, the researchers urged Apple to fully document the way the popular messaging service works. — TJD, GMA News
Tags: apple, cybersecurity
LATEST ELEKSYON 2025 RESULTS
News
Voter's Education
Candidates
Find out your candidates' profile
Debates
Find the latest news
Stand on Issues
Find out individual candidate platforms
MyKodigo
Choose your candidates and print out your selection.
Voter's Profile
Voter Demographics
Most Popular