Rebutting Apple's claim of Imessage security: Apple can too spy on users

Ios jailbreaker and security researcher Cyril Cattiaux presented his work on Apple's Imessage software at the Hack in the Box conference in Kuala Lumpur. Apple had previously stated that its messaging software was resistant to Prism-style surveillance because of its secure key-handling, through which the company itself could not see what its users were saying. Cattiaux called this "basically lies" and showed that there was scope for undetectably swapping out keys, allowing the company (or anyone it cooperates with) to spy on users. Cattiaux worked with other researchers, including Moxie Marlinspike, and showed that there were ways of designing Imessage such that users could detect key-substitutions and other attacks on the integrity of their messages, but that Apple had chosen to implement their system in a less secure way.

When someone sends an iMessage, the iOS device pulls the recipient's public key from Apple's non-public key server to create the ciphertext, or encrypted message. The iMessage is decrypted by the recipient using their private key.

The problem is "Apple has full control over this public key directory," Cattiaux said.

Trust has always been an issue with public keys. To send an encrypted message, the sender frequently has to trust that the key listed on the key server used to relay the message actually belongs to the recipient.

With a public server, such as MIT's PGP Public Key Server, the sender can at least see more information, such as whether a key has changed. At that point, the sender can decide whether they want to trust it or not if they suspect a man in the middle attack. Apple's key server is not public, the researchers say.

"The biggest problem here is you just cannot control that the public key you are using when you are ciphering the message is really the key of your recipient and not, for example, the public key of some guy in Apple," Cattiaux said.

Cattiaux's fellow researcher, who goes by the name GG, added that: "In Apple's case, it's that they give the key and nobody can really know if it's a substitute or anything like that. In fact, it's a matter of trust. It's a real problem for users."

Apple's claim of unbreakable iMessage encryption 'basically lies,' researchers say [Jeremy Kirk/MacWorld]

Start the discussion at bbs.boingboing.net