An Interest In:
Web News this Week
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
- March 22, 2024
September 19, 2013 08:12 pm GMT
Original Link: http://feedproxy.google.com/~r/Techcrunch/~3/PpPjsdxTUkU/
Security Researchers Claim Apple, Others Technically Capable Of Intercepting iMessages
Two security researchers have posted an outline for a talk about Apple’s iMessage security to be presented next month. The report claims that Apple could but not that it does intercept iMessages and read them if it wishes. Apple had previously claimed, via its security documents, that iMessages were encrypted end-to-end and were unable to read them. Researchers ‘GG’ and Cyril ‘Pod2G‘ Cattiaux of firm Quarkslab claim that they have discovered a method to perform a man-in-the-middle (MITM) attack which can intercept these messages and allow them to be read, despite the encryption used by Apple. Cattiaux, under the moniker Pod2G, may be familiar to many in the iOS jailbreak community. He was formerly part of the Chronic Dev Team, one of the larger jailbreak groups and has discovered several exploits that allow these teams to perform their unlocking of the iOS system partition. A brief for the presentation, which will take place at the HITB Security Conference in Asianext month reads: Can Apple read your iMessages? YES. Do they do it? Unfortunately, we can not answer. Quarkslab team studied iMessage protocol for quite some time. We will explain the protocol layers, with Push then iMessage itself. With this understanding, we will be able to try to build a MITM attack toward iMessage. We will explain the mandatory conditions for the MITM to succeed. We will take you deep into the crypto used for encryption, authentication and key management. All pieces put together will prove that Apple can technically read your iMessages whenever they want. The implication, then, is that Apple and other malicious actorscouldintercept iMessages and read them using the attack. The researchers donot say that Apple is doing this, or that anyone is currently leveraging this vulnerability. Instead, it’s designed to expose an attack that could be used this way and, apparently, to counter the claim by Apple that there is no way for it to read the messages. The researchers say that they have confirmed that iMessages are encrypted end-to-end, and are not claiming that they can intercept it, just that they can demonstrate how an attack could be performed by a company with the resources. Apple’s statement about iMessage security is as follows: For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decryptOriginal Link: http://feedproxy.google.com/~r/Techcrunch/~3/PpPjsdxTUkU/
Share this article:
Tweet
View Full Article
Techcrunch
TechCrunch is a leading technology blog, dedicated to obsessively profiling startups, reviewing new Internet products, and breaking tech news.More About this Source Visit Techcrunch