News by Andrew Kameka on Friday October 18, 2013.
|Sponsored links, if any, appear in green.|
Apple has fired back at claims from security researchers who suggest that it's possible for Apple to intercept iMessage correspondence and read user messages, or perhaps show them to the government, without user consent.
At a security conference in Malaysia, two men claimed that the way iMessages are sent makes it possible for Apple to snoop on users. That's because all iMessages are handled by a key that Apple controls to encrypt messages from one sender and the decrypt it for the recipient. Quarkslabs suggests that there's no current reason to believe Apple reads message, but it's theoretically possible that the company could intercept messages using keys or let a third-party monitor correspondence that people believe to be private.
Spying on iMessage users is not possible under the current setup, according to Apple. The company issued the following statement to AllThingsD in response to the privacy claims:
"iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so."
This is not the first time that Apple has had to respond to claims that its iOS and Mac OS messaging platform could be used as a tool for government. A news report in June related to leaks from former NSA contractor Edward Snowden alleged that Apple was among several tech companies participating in the PRISM program that gave governments access to warrantless-snooping for private communication. Apple responded that it had no such involvement and it was not possible to share iMessage communication because it has end-to-end encryption.
QuarksLab contends that it is indeed possible if Apple had the right motivation, such as a court order compelling it to participate in the alleged government spying programs. The security company says it does not believe Apple currently spies on users or has any reason to monitor correspondence, merely that it's possible. A more technical and detailed explanation of how message interception might work is available at Quarkslab.via: AllThingsD
Andrew is MobileBurn.com's managing editor. He is based in Miami, Florida.