Apple's iMessage system could be decrypted by employees on government orders,
according to claims from security researchers.
Earlier this year, Apple said: "Conversations which take place over
iMessage and FaceTime are protected by end-to-end encryption so no one but
the sender and receiver can see or read them. Apple cannot decrypt that data."
But Quarkslab, a Paris-based security firm, disputed those claims at a Hack in
the Box conference in Kuala Lumpur on Thursday, according to Ars
Technica.
Quarkslab claimed, on its blog:
"Apple can read your iMessages if they choose to, or if they are
required to do so by a government order."
The researchers explained that there is no evidence iMessages are being
decrypted by Apple or the government, but that it would be possible.
It wrote: "There is end-to-end encryption as Apple claims, but the
weakness is in the key infrastructure as it is controlled by Apple: they can
change a key anytime they want, thus read the content of our iMessages."
The messages could not be read by hackers, as they would require physical control of the device and the installation of malicious software such as fake certificates.
The messages could not be read by hackers, as they would require physical control of the device and the installation of malicious software such as fake certificates.
Apple employees would not need this as, if they were working under a court
order, could control the infrastructure without tampering with the device.
Apple made their claims about security encryption in June, following information leaks by National Security Agency contractor Edward Snowden, who classified information about the agency's practices.
An Apple spokesman said: "iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so."
Apple made their claims about security encryption in June, following information leaks by National Security Agency contractor Edward Snowden, who classified information about the agency's practices.
An Apple spokesman said: "iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so."
The messages could not be read by hackers, as they would require physical
control of the device and the installation of malicious software such as
fake certificates.
Apple employees would not need this as, if they were working under a court order, could control the infrastructure without tampering with the device.
Apple made their claims about security encryption in June, following information leaks by National Security Agency contractor Edward Snowden, who classified information about the agency's practices.
An Apple spokesman said: "iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so."
Apple employees would not need this as, if they were working under a court order, could control the infrastructure without tampering with the device.
Apple made their claims about security encryption in June, following information leaks by National Security Agency contractor Edward Snowden, who classified information about the agency's practices.
An Apple spokesman said: "iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so."
Source: Telegraph
No comments:
Post a Comment