Apple has assured iMessage users that it does not have easy access to the messages sent through its servers and that it has no desire to read them anyway. The statement comes after security researchers at QuarksLab claimed the Cupertino company could intercept iMessage communications between its users if it wanted to.
“Apple can read your iMessages if they choose to, or if they are required to do so by a government order,” QuarksLab said in a white paper that was presented to Hack in the Box conference attendees on Thursday.
The company explained that because Apple has control over the iMessage encryption keys that are used to protect messages between sender and recipient, it could carry out a “man-in-the-middle” attack on the two and intercept the messages without alerting users if it wanted to.
“As Apple claims, there is end-to-end encryption,” QuarksLab said. “The weakness is in the key infrastructure as it is controlled by Apple: They can change a key anytime they want, thus read the content of our iMessages.”
So, while Apple’s system may be very good at preventing an outside attacker from accessing your iMessages, theoretically, it is possible to intercept them internally, according to QuarksLab. But Apple insists it’s not that easy, and that QuarksLab’s theory is nothing more than just a theory.
“iMessage is not architected to allow Apple to read messages,” said Apple spokeswoman Trudy Muller said in a statement to AllThingsD. “The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”
I wouldn’t worry about Apple reading your iMessages, then. It’s highly unlikely the company is interested in them anyway, and if it was, it would have to change the way its entire system works in order to intercept them.
Source: AllThingsD
