Skip to main content

Apple denies iMessage vulnerability after security firm publishes flaw

posted onOctober 18, 2013
by l33tdawg

Touting its commitment to user privacy in the wake of the NSA surveillance scandal earlier this year, Apple said that the end-to-end encryption protecting its iMessage instant-messenger service is so secure that even the company itself cannot decrypt it. But, on Thursday, security outfit QuarksLab disputed that claim, arguing that Apple could intercept iMessage communications if it wanted to.

“Apple can read your iMessages if they choose to, or if they are required to do so by a government order,” QuarksLab said in a white paper presented Thursday at the Hack in the Box conference. Apple disagrees — vehemently. We’ll get to that in a minute.

QuarksLab research is far too labyrinthine to summarize here, but the gist of it is this: Because Apple controls the keys used to encrypt iMessages between sender and the recipient, it could theoretically conduct a so-called “man-in-the-middle attack” on the two, making sender and recipient believe they are chatting directly and securely with one another, when they aren’t — and reviewing their communications.

Source

Tags

Apple iMessage Security HITB2013KUL

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th