Apple can read your iMessages, security firm says

French security firm says communication sent over Apple's iMessage can be decrypted, despite what the company said earlier this year.

Jason Cipriani/CNET

In June, Apple said that communication over iMessage is protected by "end-to-end encryption," and so secure that even the company itself "cannot decrypt that data." But on Thursday, security researchers disputed that claim.

At the Hack in the Box conference in Kuala Lumpur, Quarkslab -- a Paris-based security firm -- presented findings that said people at Apple would in fact be able to decrypt messages, either because of a government request or on an employee's own accord, according to multiplereports.

"Apple's claim that they can't read end-to-end encrypted iMessage[s] is definitely not true," QuarksLab wrote in a white paper about their findings. "As everyone suspected: Yes they can!"

Apple made those comments following information leaks by National Security Agency contractor Edward Snowden, who this summer detailed classified information about the agency's practices.

Apple did not respond to a request for comment.

To be clear, the researchers did not say there is any indication Apple or the government is reading anyone's messages, only that it would in fact be possible -- despite claims to the contrary.

The good news, Ars Technica notes, is that it would be very difficult for a potential eavesdropper to unscramble the encryption, something that requires, among other things, physical control of the device and the installation of malicious software such as fake certificates. Therefore, the real threat could come from an employee, working under a court order, carrying out such an attack since Apple controls the entire infrastructure and wouldn't have to tamper with a device.

"The weakness is in the key infrastructure as it is controlled by Apple," Quarkslab's white paper concludes. "They can change a key anytime they want, thus read the content of our iMessages."

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

The WRT1900ACS is Linksys' new best Wi-Fi router to date

CNET editor Dong Ngo compares the new WRT1900ACS and the old WRT1900AC Wi-Fi routers from Linksys. Find out which one is better!

by Dong Ngo