October 18, 2013
Apple wants you to know, once again, that they aren't spying on you. This declaration comes just hours after a security firm suggested otherwise, according to AllThingD. In a new report, QuarksLab notes that Apple has the tools to intercept iMessage communications. This conclusion is largely based on Apple owning the keys that help secure iMessages. These keys encrypt messages between sender and the recipient. They note, “Apple can read your iMessages if they choose to, or if they are required to do so by a government order.” Because of this, AllThingsD says:
(Apple) could theoretically conduct a so-called “man-in-the-middle attack” on the two, making sender and recipient believe they are chatting directly and securely with one another, when they aren’t — and reviewing their communications.Apple says this isn’t correct. Through a spokesperson, the company says, “iMessage is not architected to allow Apple to read messages.” As a result, “The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.” This statement comes just three months after the company published, "Apple's Commitment to Customer Privacy." This says, in part, “conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.” As I read it, both sides are probably right in their statements. With some code changes, Apple could read our messages. However, they probably aren’t doing so. Unfortunately, words mean very little in today’s environment. We know that the National Security Agency has been snooping on U.S. citizens, at least on a meta basis, and has probably done so without court orders. As independent security research Ashkan Soltani concludes, “We’ve recently seen indication of companies like Skype or Lavabit being forced to enable interception capabilities in their system, so it would be naive to think that Apple wasn’t at least approached by the government at some point.” What do you think? Do you believe Apple's words? See also: Anonymous: Apple's Touch ID Is Deliberately Insecure, Tech Companies Want Greater Transparency After NSA Fiasco, and Google's Eric Schmidt Claims Android Is 'More Secure Than The iPhone'.