Back in June, in the wake of the NSA scandal that engulfed the US — and the UK — Apple released a statement saying it couldn’t and wouldn’t read customers’ missives sent using its iMessage service. This week, a security company contradicted that, claiming it is theoretically possible. And now Apple has hit back with another statement, repeating its earlier claim.
According to Apple’s June statement, iMessages are protected by “end-to-end encryption”, so the Cupertino company “cannot decrypt that data.” But is that really the case?
Presenting a white paper at the Hack in the Box conference in Kuala Lumpur, researchers from Paris-based security firm Quarkslab claimed Apple could indeed decrypt messages.
“Apple’s claim that they can’t read end-to-end encrypted iMessage[s] is definitely not true,” Quarkslab said in the paper. “As everyone suspected: Yes they can!”
Though it wouldn’t be easy. If Apple did want to snoop on our messages about what we’re having for tea, it would have to disrupt the encryption between communications and basically change how iMessage works.
In a statement to AllThingsD, Apple spokesperson Trudy Muller acknowledged the complete reengineering needed to access our messages. And Muller said Apple has no desire to do that.
“iMessage is not architected to allow Apple to read messages,” she said. “The research discusses theoretical vulnerabilities that would require Apple to reengineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”
Customer privacy is a touchy subject, especially for us Brits following revelations this side of the pond. Do you feel your messages are safe on iMessage? Are you wary of how much of your info these companies have access to? Let me know in the comments, or on our non-data-harvesting Facebook page.