Despite Apple’s push for encryption, iMessage remains insecure

iMessage 2
Last month, Apple CEO  Tim Cook released a startling letter in which he claimed the company was “challenging the FBI’s demands” to open up a backdoor on the iPhone. From this emerged a wealth of various stances from publications, politicians, and even late night talk show hosts, who all reached the consensus that no one really knows what to do in the privacy vs. protection debate.

Despite Apple’s urge for encryption, however, research conducted by Johns Hopkins University cryptography professor Matthew Green and a handful of his students has determined that Apple may already be open to vulnerabilities — or at least the iMessage portion of it. In fact, Green went so far as to say that Apple’s iMessage encryption is fundamentally broken, requiring the company to mandate a complete cryptographical overhaul if it wants to keep its users safe from unsolicited lurking.

Especially at a time when the US government is doing everything in its legal jurisdiction to get its hands on a backdoor into encryption, this could be unfortunate for Apple if it doesn’t act quickly. A susceptibility to this degree could leave the Cupertino company open to not only pesky vigilante hackers, but the bureaucratic ones as well.

“I’ve always felt that one of the most compelling arguments against this approach — an argument I’ve made along with other colleagues — is that we just don’t know how to construct such backdoors securely,” the professor explained in a blog post abbreviating the complete research paper. “But lately I’ve come to believe that this position doesn’t go far enough — in the sense that it is woefully optimistic. The fact of the matter is that forget backdoors: we barely know how to make encryption work at all.”

Put simply, the flaws found by Green and his pack of students can make it so those skilled enough to test their abilities could decrypt multimedia attachments, including both pictures and video from iMessage. Although the post mentions that certificate pinning has effectively made iMessage less exposed, a person could theoretically access Apple’s servers and proceed to take the attachments anyway, in the case that there’s a Push Notification Service server liability.

Green complimented iMessage for using “end-to-end encryption” dating back to 2011, but unfortunately it appears as though Apple uses the term quite loosely. True end-to-end encryption would keep messaging conversations between only those participating internally. Apple’s protection of iMessage does not extend to the server, leaving a gap in its defenses.

If a hacker were to take hold of the key server, they would in turn be able to intercept messages as they are being typed — those that have not already undergone the encryption process. Be that as it may, more threatening is the prospect of attackers making their way into already-encrypted messages, which is totally possible, according to Green and his disciples.

“In the long term,” Green explained, “Apple should drop iMessage like a hot rock and move to Signal/Axolotl.” In the meantime, Green recommends that users update to iOS 9.3 and the latest version of OS X, which implement fixes that mitigate some, though not all, of the vulnerability.

Emerging Tech

Microsoft’s friendly new A.I wants to figure out what you want — before you ask

Move over Siri and Alexa! Microsoft wants to build a new type of virtual assistant that wants to be your friend. Already making waves in Asia, could this be the future of A.I. BFFs?
Home Theater

The best movies on Netflix in November, from 'Buster Scruggs’ to ‘Dracula’

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, witty humor, or anything else.
Movies & TV

The best shows on Netflix, from 'The Haunting of Hill House’ to ‘The Good Place’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Home Theater

A recent Twitter leak may show the upcoming AirPods 2 model

Apple plans to release new AirPods much the same as it does new iPhones, and a wireless charging case, water resistance, and better Siri integration are among the improvements we can expect in future models.

Playing ‘Battlefield V’ on an $800 Nvidia card is stunning. And disappointing

‘Battlefield V’ is the first game to use Nvidia’s ray tracing support, now available with the RTX 2080 and 2080 Ti graphics cards. The feature can, in an ideal scenario, make the game look better, but the performance hit may not be…
Smart Home

All the best Amazon Black Friday deals for 2018

Amazon may be an online-only retailer, but that doesn’t mean its Black Friday sales are anything to sniff at. In fact, due to its online status, Amazon has huge flexibility with the range of products and deals it can offer. Here's our…

HP takes $100 off of leather-clad Spectre Folio 13 bundle for Black Friday

HP is offering a discount to Black Friday shoppers for a bundle that includes its leather-wrapped answer to Apple's MacBook Air. HP is offering a $100 discount on the Spectre Folio 13 when bundled with a mouse and leather sleeve.

Save a heap with these Black Friday 2018 graphics card deals

The Black Friday 2018 sales period is finally here and it's brought with it a tonne of great component deals. We've been scouring websites and catalogs for days to find you the best graphics cards deals for Black Friday 2018.

The best Target Black Friday deals for 2018

The mega-retailer opens its doors to the most competitive shoppers at 6 p.m. on Thursday, November 22, and signs indicate that the retailer means business this year. We've sifted through all of the deals, from consumer electronics to small…

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.

Cyber Monday 2018: When it takes place and where to find the best deals

Cyber Monday is still a ways off, but it's never too early to start planning ahead. With so many different deals to choose from during one of the biggest shopping holidays of the year, going in with a little know-how makes all the…

Ditch the passwords and buy Xbox games with just your face

Passwords are the past. The latest version of Windows 10 allows you to sign in with your Microsoft account on the web through Microsoft Edge using Windows Hello or a FIDO 2 Yubikey. 

Canceling Amazon Prime is easy, and you might get a refund

Don't be intimidated. Learning how to cancel Amazon Prime is easier than you might think. You might even get a partial or full refund on the cost, depending on how much you've used it. Check out our quick-hit guide for doing so.

Editing a PDF is easy when you have the right tools in hand

Editing PDF files can be a real pain, but there are a few tricks to make the process a bit easier. This guide will give you three easy methods for how to edit a PDF, two of which work without needing Adobe Acrobat.