Apple Counters Hackers’ Claims About iMessage Snooping Flaw

Apple is defending iMessage security’s honor

Photo by BEN STANSALL/AFP/Getty Images

Apple is hitting back at hackers’ claims that its iMessage service could be subject to snooping.

Back in September, researchers at the security firm Quarkslab probed the encryption protocol used by the iMessage service to secure users’ communications. Apple has previously stated that the messages “are protected by end-to-end encryption so no one but the sender and receiver can see or read them.” However, the Quarkslab team claimed they had discovered that “Apple can technically read your iMessages whenever they want.”

On Thursday, Quarkslab offered new insight into their findings at the HITB security conference in Malaysia, showing off how they had found a way to intercept iMessages in real time by performing a so-called “man-in-the-middle attack” on a targeted iPhone. The researchers have no evidence that this type of snooping has been performed by Apple or any government agency seeking to conduct surveillance. Their point is that a sophisticated adversary could potentially exploit the same flaw in order to eavesdrop on conversations.

But Apple isn’t buying it. Following Quarkslab’s presentation Thursday, spokeswoman Trudy Muller told the website AllThingsD:

iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.

Even if iMessages can theoretically be read by Apple, it’s safe to say the service is still more secure than conventional text messages. Earlier this year, for instance, an internal Drug Enforcement Agency document revealed agents complaining about their lack of ability to eavesdrop on iMessage due to its encryption. But following recent revelations about the broad scope of NSA surveillance, which implicated Apple, trust in major American technology companies is rapidly evaporating. Quarkslab’s claims, theoretical or otherwise, tap into the same privacy and trust issues—and will likely be enough to prompt some to ditch iMessage for a more secure alternative, despite Apple’s rebuttal.