Back in April, we discovered that Apple uses end-to-end encryption to make it all but impossible for someone to read your iMessage conversations.
However, at this year’s “Hack in the Box” conference in Kuala Lumpur, security research firm Quarkslab made a presentation that implied that Apple’s messaging system isn’t as secure as we might think. To follow up on Quarkslab’s claim, Apple has reiterated that it cannot read iMessages, even if it wanted to.
According to MacWorld, during the presentation at the hacker convention, the security firm said that Apple’s claim that iMessage is protected by unbreakable encryption is “just basically lies.” Quarkslab explained that Apple uses a non-public key server to create an encrypted message and has “full control over this public key directory.” The security research company went on to say that, theoretically, Apple could change the key at anytime, without the user’s knowledge. They would have to re-architecture the iMessage service in order to do so, but it is possible.
Apple, however, strongly disagrees with Quarkslab’s presentation and is speaking out about it. “iMessage is not architected to allow Apple to read messages,” said Apple spokeswoman Trudy Muller in a statement to AllThingsD. “The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”
Muller’s statement isn’t that much different than what Quarkslab’s claim is. Basically, both are saying that Apple would have to re-engineer iMessage in order to make it possible to read conversations. Both have said that Apple is not currently doing so. Quarkslab is just saying they could if they wanted to, or if they were forced to by a government agency. The public would never know about the changes because the key server is private.