Of Course iMessages Isn't Perfectly Secure - Nothing Is
iMessage is supposed to be bulletproof. Apple claims its end-to-end encrypted messaging service, as well as its video messaging app FaceTime, are so secure that even it lacks the means to decrypt the data sent between sender and receiver. No backdoors, no workarounds, nothing.
But security researcher QuarksLAB suggested on Thursday that Apple’s playing a kind of semantic game, that iMessages isn’t as seamlessly secure as claimed and that Apple could in fact lay hands on your encrypted data if it really, really wanted to. In short, say the researchers, while they’re not claiming Apple in fact reads iMessages, they “can … if they choose to, or if they are required to do so by a government order.”
In short — and the exhaustively analytical version is here — QuarksLAB says the problem’s by design: Apple controls the key infrastructure, thus “they can change a key anytime they want,” giving them access to your content. What’s more, Apple conveys the messages, so it has your metadata, too. Apple’s response? “iMessage is not architected to allow Apple to read messages,” Apple spokesperson Trudy Muller told AllThingsD. “The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”