Hackers: Here's video of how Apple's iMessage surveillance flaw works
Hackers this week showed security conference attendees findings and demonstrations directly contradicting Apple's public claim that it can't read iMessages.
Even though the messages are encrypted end-to-end as Apple claims, according to QuarksLab researchers showed a packed room at Hack In The Box Kuala Lumpur, due to the lack of certificate pinning, "Apple can technically read your iMessages whenever they want."
More worryingly, in the presentation "How Apple Can Read Your iMessages and How You Can Prevent It," the researchers also showed that iMessages can be intercepted and instantly changed via a man-in-the-middle (MiTM) attack. The message interception allows a third-party attacker to seamlessly change the sent message before it arrives — and with the sender impersonated, the iMessage recipient is none the wiser.