iMessage

Apple has taken steps to make it harder for hackers to gain access to FaceTime and iMessage by extending its optional two-step verification process to cover the services.

The addition means that even if a hacker has access to a user's username and password, they still won't be able to use the services on a new device because the user would be sent a 4-digit verification code to a selected device that would need to be used to authorize the new device.

 The Electronic Frontier Foundation or EFF, a non-profit digital rights group, has investigated the security of various messaging apps and created a new Secure Messaging Scorecard, ranking messaging apps and tools like iMessage, FaceTime, BlackBerry Messenger, Skype, Snapchat, and more, based on seven different factors:

iMessage is supposed to be bulletproof. Apple claims its end-to-end encrypted messaging service, as well as its video messaging app FaceTime, are so secure that even it lacks the means to decrypt the data sent between sender and receiver. No backdoors, no workarounds, nothing.

Hackers this week showed security conference attendees findings and demonstrations directly contradicting Apple's public claim that it can't read iMessages.

Even though the messages are encrypted end-to-end as Apple claims, according to QuarksLab researchers showed a packed room at Hack In The Box Kuala Lumpur, due to the lack of certificate pinning, "Apple can technically read your iMessages whenever they want."

Security experts have long suspected that iMessage is not as safe and impenetrable as Apple claims. But a group of researchers says it has proof that Apple can indeed eavesdrop on your iMessages — and the NSA can, too.

The researchers, through a careful and thorough study of the iMessage protocol, conclude that Apple has the ability to intercept and decrypt iMessages. Even though the messages are encrypted end-to-end, Apple manages the keys needed to encrypt and exchange the messages, the researchers found.

Touting its commitment to user privacy in the wake of the NSA surveillance scandal earlier this year, Apple said that the end-to-end encryption protecting its iMessage instant-messenger service is so secure that even the company itself cannot decrypt it. But, on Thursday, security outfit QuarksLab disputed that claim, arguing that Apple could intercept iMessage communications if it wanted to.

Researchers at the Hack in the Box conference in Kuala Lumpur Thursday showed that Apple on its own or per orders by the U.S. government could harvest messages sent over its proprietary service, which lets people using Apple mobile devices send text messages for free.

Apple has said that its end-to-end encryption prevents the company or anyone else from descrambling the messages. That claim is "just basically lies," Cyril Cattiaux, a developer of iOS jailbreak software and a researcher at Quarkslab, said, as reported by IDG News Service.

A close look at Apple's iMessage system shows the company could easily intercept communications on the service despite its assurances to the contrary, researchers claimed Thursday at a security conference.

Apple asserted in June, following disclosures about the NSA's data collection programs, that iMessage, which lets users send texts over Wi-Fi for free, is protected by end-to-end encryption that makes it impossible for Apple or anyone else to descramble the messages.

An app that purportedly spoofed a Mac so that Android smartphone and tablet owners could send and receive text-like messages through Apple's iMessage service disappeared today from the Google Play app store.

Google confirmed that it yanked the app for violating its store policies.

Dubbed "iMessage Chat," the app came under quick fire Monday from other app developers who said the program may have been harvesting Apple ID usernames and passwords by passing packets through a China-based server.