Research Claims Apple and NSA Can Read your iMessages, Apple Denies it : News : HNGN

Security experts discovered that Apple and the National Security Agency (NSA) can actually read your iMessages. However, Apple stands firm that its instant messaging service is secured and impassable.

Messages in the iMessage service are really encrypted end-to-end, however, since Apple designates the keys required to encrypt and exchange messages, they have also the ability to decrypt them.

According to a blog postshared exclusively in advance with Mashable by Cyril Cattiaux, an iOS jailbreak hacker known as "pod2g" and his colleague who chose not to disclose his real name, "gg," "Yes, there is end-to-end encryption as Apple claims, but the weakness is in the key infrastructure as it is controlled by Apple: They can change a key anytime they want, thus read the content of our iMessages."

That simply means that if NSA, or any law enforcing agency, wanted to know the content of a certain iMessage, it could simply knock in Apple's door, make a request and then do live surveillance by peeking at every message sent by their target. However, there has been no cases of such things have been reported, and Apple confirmed that the company responds only to requests carefully evaluated by its legal department.

With the help of Fred Raynal, their Quarkslab colleague, "pod2g" and "gg" were able to prove that Apple holds the encryption keys that can be used to scramble iMessages, thus giving them the ability to be a "man in the middle attack."

A "man in the middle attack" is an invisible eavesdropper that stands between the sender and the receiver. If a message goes through him, he can decrypt the message, read it and alter the message's content then send it to the receiver. This happens without the knowledge of both the sender and receiver.

Meanwhile, Apple firmly denied that they can read theirs users' iMessages.

Apple spokesperson Trudy Muller told Mashable, "iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would need Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so."