Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
September 19, 2013 08:12 pm GMT

Security Researchers Claim Apple, Others Technically Capable Of Intercepting iMessages

Apple iMessageTwo security researchers have posted an outline for a talk about Apple’s iMessage security to be presented next month. The report claims that Apple could but not that it does intercept iMessages and read them if it wishes. Apple had previously claimed, via its security documents, that iMessages were encrypted end-to-end and were unable to read them. Researchers ‘GG’ and Cyril ‘Pod2G‘ Cattiaux of firm Quarkslab claim that they have discovered a method to perform a man-in-the-middle (MITM) attack which can intercept these messages and allow them to be read, despite the encryption used by Apple. Cattiaux, under the moniker Pod2G, may be familiar to many in the iOS jailbreak community. He was formerly part of the Chronic Dev Team, one of the larger jailbreak groups and has discovered several exploits that allow these teams to perform their unlocking of the iOS system partition. A brief for the presentation, which will take place at the HITB Security Conference in Asianext month reads: Can Apple read your iMessages? YES. Do they do it? Unfortunately, we can not answer. Quarkslab team studied iMessage protocol for quite some time. We will explain the protocol layers, with Push then iMessage itself. With this understanding, we will be able to try to build a MITM attack toward iMessage. We will explain the mandatory conditions for the MITM to succeed. We will take you deep into the crypto used for encryption, authentication and key management. All pieces put together will prove that Apple can technically read your iMessages whenever they want. The implication, then, is that Apple and other malicious actorscouldintercept iMessages and read them using the attack. The researchers donot say that Apple is doing this, or that anyone is currently leveraging this vulnerability. Instead, it’s designed to expose an attack that could be used this way and, apparently, to counter the claim by Apple that there is no way for it to read the messages. The researchers say that they have confirmed that iMessages are encrypted end-to-end, and are not claiming that they can intercept it, just that they can demonstrate how an attack could be performed by a company with the resources. Apple’s statement about iMessage security is as follows: For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt

Original Link: http://feedproxy.google.com/~r/Techcrunch/~3/PpPjsdxTUkU/

Share this article:    Share on Facebook
View Full Article

Techcrunch

TechCrunch is a leading technology blog, dedicated to obsessively profiling startups, reviewing new Internet products, and breaking tech news.

More About this Source Visit Techcrunch