Skip to main content
  1. Home
  2. Computing
  3. News

Despite Apple’s push for encryption, iMessage remains insecure

By

iMessage 2
Image used with permission by copyright holder
Last month, Apple CEO  Tim Cook released a startling letter in which he claimed the company was “challenging the FBI’s demands” to open up a backdoor on the iPhone. From this emerged a wealth of various stances from publications, politicians, and even late night talk show hosts, who all reached the consensus that no one really knows what to do in the privacy vs. protection debate.

Despite Apple’s urge for encryption, however, research conducted by Johns Hopkins University cryptography professor Matthew Green and a handful of his students has determined that Apple may already be open to vulnerabilities — or at least the iMessage portion of it. In fact, Green went so far as to say that Apple’s iMessage encryption is fundamentally broken, requiring the company to mandate a complete cryptographical overhaul if it wants to keep its users safe from unsolicited lurking.

Recommended Videos

Especially at a time when the US government is doing everything in its legal jurisdiction to get its hands on a backdoor into encryption, this could be unfortunate for Apple if it doesn’t act quickly. A susceptibility to this degree could leave the Cupertino company open to not only pesky vigilante hackers, but the bureaucratic ones as well.

“I’ve always felt that one of the most compelling arguments against this approach — an argument I’ve made along with other colleagues — is that we just don’t know how to construct such backdoors securely,” the professor explained in a blog post abbreviating the complete research paper. “But lately I’ve come to believe that this position doesn’t go far enough — in the sense that it is woefully optimistic. The fact of the matter is that forget backdoors: we barely know how to make encryption work at all.”

Put simply, the flaws found by Green and his pack of students can make it so those skilled enough to test their abilities could decrypt multimedia attachments, including both pictures and video from iMessage. Although the post mentions that certificate pinning has effectively made iMessage less exposed, a person could theoretically access Apple’s servers and proceed to take the attachments anyway, in the case that there’s a Push Notification Service server liability.

Green complimented iMessage for using “end-to-end encryption” dating back to 2011, but unfortunately it appears as though Apple uses the term quite loosely. True end-to-end encryption would keep messaging conversations between only those participating internally. Apple’s protection of iMessage does not extend to the server, leaving a gap in its defenses.

If a hacker were to take hold of the key server, they would in turn be able to intercept messages as they are being typed — those that have not already undergone the encryption process. Be that as it may, more threatening is the prospect of attackers making their way into already-encrypted messages, which is totally possible, according to Green and his disciples.

“In the long term,” Green explained, “Apple should drop iMessage like a hot rock and move to Signal/Axolotl.” In the meantime, Green recommends that users update to iOS 9.3 and the latest version of OS X, which implement fixes that mitigate some, though not all, of the vulnerability.

Editors' Recommendations

Topics
Gabe Carey
Gabe Carey
Former Digital Trends Contributor
A freelancer for Digital Trends, Gabe Carey has been covering the intersection of video games and technology since he was 16…
7 hidden iMessage features you need to be using
hidden iMessage features.

Apple's iMessage is a widely used messaging app with over 1 billion active users. It was launched in 2011 and is deeply integrated into Apple devices, allowing iPhone, iPad, and Mac users to exchange text messages, photos, videos, and more seamlessly across platforms.

Over the years, Apple has introduced many new features to the Messages app. You probably use some of them every day, but others are easy to overlook and forget about it. Below are a few of our favorite hidden iMessage features — and ones you should be using if you aren't already.
Pinning messages

Read more
Apple Sports app looks to rule live scores and stats on iOS
The Apple Sports app on an iPhone.

As if what it's done with MLS Season Pass wasn't proof enough that Apple is serious about sports, today we have another example. Enter Apple Sports, a new app for iPhone that aims to be the only app you'll need for live sports scores, real-time stats, and more.

Apple Sports is available today in the U.S., Canada, and the U.K. Inside it you'll find the likes of MLS, NBA, college basketball, Premier League, Bundesliga, LaLiga, Liga MX, Ligue 1, and Serie A — and that's just for starters. We're still in the offseason for sports like Major League Baseball, the NFL and college football, and the National Women's Soccer League and WNBA, but you'll see them all in Apple Sports once games begin.

Read more
How to save text messages on iPhone and Android
iMessage on an iPhone.

We receive a lot of important information via text. Whether it’s a date you need to set or important work-related info, you might find yourself wanting to save a text message. Modern smartphones all offer a way to back up your core data and transfer it to another device. However, transfers sometimes don’t include your text messages unless you save them ahead of time or are transferring across the same mobile operating system.

Here's how to save your text messages in Android and iOS.
How to save your text messages on iPhone
There are multiple ways to backup your iPhone text messages. Here are the easiest.
How to make iPhone text message backups using iExplorer
The most universal method of saving your iPhone text messages is via the iExplorer program.

Read more