Skip to main content
  1. Home
  2. Mobile
  3. News

Despite FBI whining, iMessage isn’t invincible after all, researcher claims

Kate Conger
By

how to save text messages
Kritchanut/Shutterstock
FBI director James Comey has been campaigning against Apple and Google’s decision to introduce “end-to-end” encryption on the companies’ respective smartphones since they announced it last fall. Most recently, Comey testified before the Senate Judiciary Committee about the dangers of encryption and asked Senators to pressure tech companies into rolling it back so that the contents of smartphones would be accessible to law enforcement. Comey argued that criminals are “going dark,” hiding evidence of their wrongdoing behind encryption that his agency cannot break.

However, Comey’s arguments about encryption don’t align with how iPhone encryption actually works, claims computer-security researcher Nicholas Weaver. In a post on the blog Lawfare on Tuesday, Weaver points out that, even if encryption protects the contents of your iMessages, the FBI can still obtain plenty of information about you from your iPhone — for instance, your location data and your iMessage metadata would both be accessible to law enforcement with a warrant.

Crucially, Weaver also points out that iPhone users who enable iCloud backups would be vulnerable to a FBI search warrant. iCloud backs up the contents of messages to Apple’s servers, making the messages themselves easily accessible — a far cry from the inaccessibility described by Comey before the Senate Judiciary Committee.

Related

“Finally, there is iMessage, whose ‘end-to-end’ nature, despite FBI complaints, contains some significant weaknesses and deserves scare-quotes,” Weaver explains. Even though Apple CEO Tim Cook has claimed that there is no way for the company to read users’ iMessages, Weaver points out that it is possible to compromise the cryptography used to encrypt these messages.

Some encryption systems use a public keyserver, where users can look up and independently verify each other’s keys. However, Apple’s keyserver is private, so users have no way to independently verify each other’s keys. Apple could collaborate with law enforcement to provide a false key, thereby intercepting a specific user’s messages, and the user would be none the wiser. Weaver writes, “There remains a critical flaw: There is no user interface for Alice to discover (and therefore independently confirm) Bob’s keys.  Without this feature, there is no way for Alice to detect that an Apple keyserver gave her a different set of keys for Bob.  Without such an interface, iMessage is ‘backdoor enabled’ by design: The keyserver itself provides the backdoor.” Weaver says this vulnerability could also be used to tap into FaceTime calls.

“If one desires confidentiality, I think the only role for iMessage is instructing someone how to use Signal [an open-source encrypted messaging app],” Weaver concludes.

Editors' Recommendations

Topics
Video-editing app LumaFusion to get a Galaxy Tab S8 launch
A tablet featuring the LumaFusion video editing app.
Apple vs. Samsung: Who has the best lock screen customization in 2022?
Lock screen comparison of One UI 5 and iOS 16
The Pixel 7 is Google’s iPhone, and it’s my favorite Android phone so far
Google Pixel 7 rainbow gradient home screen on a blue placemat
Your iPhone may be collecting more personal data than you realize
The power key on the side of the iPhone 14 Plus.
iPhone 15: price, release date, specs, and all other rumors
Someone holding the iPhone 14 Pro Max.
Fitbit Cyber Monday Deals: Save on Sense 2, Charge 5, and Versa 2
Fall 22 Fitbit lineup inlcuding Sense 2, Versa 4, and Inspire 3.
Apple Cyber Monday Deals: Apple Watch, AirPods, iPad, MacBook
Best Cyber Monday Apple Deals
Get these JBL earbuds and 4 months of Music Unlimited for $25
The JBL Vibe 200 True Wireless Earbuds and their charging case.
OnePlus’ new Android update policy matches Samsung, shames Google
OnePlus 10T camera module.
How Apple can fix iOS 16’s messy lock screen customization in iOS 17
iOS 16 lock screen on an iPhone 14 Pro
The best voice-changing apps for Android and iOS
Spotify Wrapped 2022: what it is and how to view it
Spotify Wrapped 2022.
Save $225 on the unlocked Samsung Galaxy S22 Ultra with this deal
Samsung Galaxy S22 Ultra screen in hand.