Apple’s iMessage system shows the company could easily intercept communications on the service despite its assurances to the contrary, researchers claimed Thursday at a security conference.
Apple asserted in June, following disclosures about the NSA’s data collection programs, that iMessage, which lets users send texts over Wi-Fi for free, is protected by end-to-end encryption that makes it impossible for Apple or anyone else to descramble the messages.
The researchers at the Hack in the Box conference in Kuala Lumpur showed it would be possible for someone inside Apple, of their own volition or because they were forced to by a government, to intercept messages
The researchers were able to create a bogus certificate authority and then add it to an iPhone Keychain to proxify SSL encrypted communications to and from the device, and in the process discovered that their AppleID and password was being transmitted in clear text.
Apple didn't directly address the claims about iMessage and pointed instead to a statement it issued in June after the disclosures about the NSA’s Prism data collection program.
Apple uses public key cryptography to encrypt iMessages between the sender and the recipient. But its system for managing public keys is opaque, the researchers said, making it impossible to know if iMessages are being sent to a third party such as the NSA.
Cattiaux said, “The biggest problem here is you just cannot control that the public key you are using when you are ciphering the message is really the key of your recipient and not, for example, the public key of some guy in Apple,”
Cattiaux said a solution for Apple would be to store public keys locally in a protected database within iOS, as then the keys could be compared. As part of their presentation, the researchers released an application, “MITM Protect,” for jailbroken devices that allows for such a comparison.
Apple asserted in June, following disclosures about the NSA’s data collection programs, that iMessage, which lets users send texts over Wi-Fi for free, is protected by end-to-end encryption that makes it impossible for Apple or anyone else to descramble the messages.
The researchers at the Hack in the Box conference in Kuala Lumpur showed it would be possible for someone inside Apple, of their own volition or because they were forced to by a government, to intercept messages
The researchers were able to create a bogus certificate authority and then add it to an iPhone Keychain to proxify SSL encrypted communications to and from the device, and in the process discovered that their AppleID and password was being transmitted in clear text.
Apple didn't directly address the claims about iMessage and pointed instead to a statement it issued in June after the disclosures about the NSA’s Prism data collection program.
Apple uses public key cryptography to encrypt iMessages between the sender and the recipient. But its system for managing public keys is opaque, the researchers said, making it impossible to know if iMessages are being sent to a third party such as the NSA.
Cattiaux said, “The biggest problem here is you just cannot control that the public key you are using when you are ciphering the message is really the key of your recipient and not, for example, the public key of some guy in Apple,”
Cattiaux said a solution for Apple would be to store public keys locally in a protected database within iOS, as then the keys could be compared. As part of their presentation, the researchers released an application, “MITM Protect,” for jailbroken devices that allows for such a comparison.
No comments:
Post a Comment