Apple claims that iMessage uses encryption that is impossible to crack. However, a security researcher now states that this is a pure lie and that Apple can easily eavesdrop on any user they like due to the design of iMessage.
At the security research conference, Hack in the Box, in Malaysia, the security research firm, Quarkslab, has presented some results concerning the security of the Apple iMessage system. Apple has since its release claimed that the encryption system used by iMessage is impossible to crack and still withholds this stance. However, Cyril Cattiaux at Quarkslab has now studied the implementation of iMessage and states that the Apple iMessage encryption system is very easily cracked and any messages transmitted using it can easily be intercepted and decrypted.
The problem with iMessage is that it is a closed system where Apple alone handles the public keys which are distributed to the iDevices. This also means that Apple can very easily decrypt all iMessage messages provided that they are interested. Considering the recent events where Apple is supposedly part of the Prismm program, it is not very far fetched to believe that Apple will give out all iMessage transscripts if they are urged to do so by certain government agencies.
Cyril Cattiaux further on says that for users, the only thing to do right now is to hold on to the belief that Apple is respecting the privacy and the user agreements of its users. However, it is unlikely that anyone who is security aware would believe such a privacy respectfulness from any company. This does once again raise the question about how securely fingerprints on iPhone 5S are handled. Apparently, the iMessage security is extremely exaggerated by Apple and for the same reason, the iPhone 5S fingerprint storage security could be very exaggerated as well.
No comments:
Post a Comment