Apple's iMessage Encryption Seems to Be Pretty Good
The U.S. Drug Enforcement Agency has complained (in a classified report, not publicly) that Apple’s iMessage end-to-end encryption scheme can’t be broken. On the one hand, I’m not surprised; end-to-end encryption of a messaging system is a fairly easy cryptographic problem, and it should be unbreakable. On the other hand, it’s nice to have some confirmation that Apple is looking out for the users’ best interests and not the governments’.
Still, it’s impossible for us to know if iMessage encryption is actually secure. It’s certainly possible that Apple messed up somewhere, and since we have no idea how their encryption actually works, we can’t verify its functionality. It would be really nice if Apple would release the specifications of iMessage security.
EDITED TO ADD (4/8): There’s more to this story:
The DEA memo simply observes that, because iMessages are encrypted and sent via the Internet through Apple’s servers, a conventional wiretap installed at the cellular carrier’s facility isn’t going to catch those iMessages along with conventional text messages. Which shouldn’t exactly be surprising: A search of your postal mail isn’t going to capture your phone calls either; they’re just different communications channels. But the CNET article strongly implies that this means encrypted iMessages cannot be accessed by law enforcement at all. That is almost certainly false.
The question is whether iMessage uses true end-to-end encryption, or whether Apple has copies of the keys.
Another article.
J. Oquendo • April 5, 2013 1:25 PM
Please don’t confuse the issue(s) here. DEA is complaining in reference to CALEA taps. iMessages are not sent via the routes as phones (they don’t need towers). There is a difference for example when you restore your phone. All they’d have to do is get a warrant for your iCloud storage. Remember, you can restore everything on a phone from iCloud and that will include those encrypted messages.
Kind of misleading. Its not that they CAN’T decrypt, its because a typical CALEA tap will never see those messages.