Apple says it would re-engineer iMessages to exploit it!

Apple has responded following claims from QuarksLab that the smartphone giant could read their users iMessages if they wanted to/ or were directed to do so.


One of the major highlights of the recently held Hack in the Box conference was QuarksLab presenting a white paper on how a ‘man in the middle’ intrusion can be used to decrypt messages. It was further highlighted that Apple had the capacity to initiate man in the middle attack due to its control of the ESS servers. Furthermore, it is common knowledge that iMessages are routed to Apple PUSH server.

According to QuarksLab, Apple can do this by first sending a fake RSA/ECDSA key to the sender. Then Apple can alter the payload of the message before it reaches its final destination. The conclusion was that since Apple can change a key whenever they want, it is possible to read the content of iMessages at will.

The news gained further traction when an independent security researches acknowledged the claim to be authentic.

Now, what does Apple have to say?

Trudy Muller, spokesperson for Apple has addressed the concern and highlighted that iMessages has not been coded in a manner to allow privacy overrides. According to him, the research from QuarkLabs is theoretical and has no basis in reality.

In order to execute such an attack as mentioned earlier, Apple would have to reengineer its iMessage system. Apple has no intentions or need for doing so.

Apple’s answer to the security concerns has been met with some skepticism. Some compare its case with that of Skype and Lavabit. Both of them were forced to add intrusion capacities in their system. So it is hard to imagine if Apple was not contacted by the government to do the same. QuarksLab believes that even if Apple doesn’t have the capability to do so, analysts at agencies such as NSA surely do.

(via AllThingsD)  

F0r M0re UpDaTing: Be 0ne 0f My New F0ll0wers 0n Twitter, 0ne 0f My New Fan 0n FaceB00k, And Here Is The Feeds.

 


blog comments powered by Disqus
Octofinder Blog Catalog