clock menu more-arrow no yes

Filed under:

Apple denies iMessage vulnerability after security firm publishes flaw

New, 95 comments
WWDC Stock images
WWDC Stock images

Apple is reiterating its stance that iMessages are secure communications, after a security firm published research saying that Apple itself is capable of decrypting and reading them. "iMessage is not architected to allow Apple to read messages,” an Apple spokesperson tells All Things D. Researchers from Quarklabs posited that Apple, should it choose to or if pressed to do so by a government agency, would be capable of decrypting iMessage communications as they moved between a sender and a receiver — a potentially huge distinction from what Apple claimed in June, that "no one but the sender and receiver can see or read [FaceTime calls and iMessages]. Apple cannot decrypt that data."

The vulnerability that Quarklabs points to revolves around encryption keys. "[Apple] can change a key anytime they want, thus read the content of our iMessages," Quarklabs writes. In its statement to All Things D, Apple doesn't strictly deny that this is possible, "The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so." As Quarklabs notes, it isn't trying to say that Apple is already reading iMessages, but it wants to make it clear that within its current implementation, iMessage simply isn't a perfectly secure system.