Apple�s iMessage Defense Against Spying Has One Flaw
hbaker1 at pipeline.com
Wed Sep 9 14:07:54 EDT 2015
FYI -- Of course the same flaw can be used by non-U.S. govts.
Apples iMessage Defense Against Spying Has One Flaw
Joseph Cox Security 09.08.15 1:10 pm.
Yesterday, the New York Times mentioned a trend thats becoming more common: tech companies fighting back against government requests for user data, among them Microsoft and Apple. According to the report, the Justice Department obtained a court order demanding that Apple provides the iMessages sent between crime suspects, in real time.
Apple said that wasnt possible, because its iMessage service was encrypted.
But, the thing is, there is actually a very high likelihood that, technologically, iMessage could be wiretapped, because it does not allow users to verify encryption keys when writing or receiving messages.
How iMessage Works
When someone-lets call her Alice-sends a text over iMessage, the content doesnt simply travel from Alices Apple device to another. First, Alices device contacts one of Apples servers. Called ESS, this server stores all of the public encryption keys for iMessage users.
From here, the Apple server provides Alice with, say, Bobs encryption keys. Then armed with this information, Alices iPhone encrypts the message, sends the garbled text to Apple, which then forwards it over to Bob, who can decrypt it.
At no point in this process does Apple see the actual content of the message, because it is encrypted before it leaves Alices device, aka end-point. Hence, the label end-to-end encryption.
This centralized approach to key management isnt necessarily a problem, and is the same process that other encrypted messaging services use. Signal, developed by Open Whisper Systems, also makes a users device connect to a central server of keys, Nicholas Weaver a senior researcher from the International Computer Science Institute, told WIRED in an email.
However, as pointed out by Weaver in a recent post on the Lawfare Blog, it is impossible for an iMessage user to make sure that the Apple server has provided them with the right set of encryption keys.
Without such an interface, iMessage is backdoor enabled by design: the keyserver itself provides the backdoor, Weaver writes.
Weaver says that, if configured to do so, the Apple server could, instead of providing Alice with Bobs correct keys, send an additional one that the FBI had access to. Indeed, this was highlighted by researchers as far back as 2013, and Matthew Green, assistant professor at Johns Hopkins University also previously laid out a similar case.
[In that case] the FBI (but not Apple) can decrypt all iMessages sent to Alice in the future, Weaver continues. Likewise, by adding another FBI key to all messages that Alice sends herself, it would be possible for the agency to snoop all of her outgoing texts too.
The Solution? Let Us Verify Our Keys
So, the only way around this potential backdoor is in allowing users to verify what keys they have received. With Signal, users can hit a Verify identity button, and the app will display their key fingerprint, as well as that of the person theyre communicating with. To make sure that theyve been issued the genuine keys, the pair can then send this code over another means of contact, or just show it to each other in person.
Hardly anybody actually does verify keys offline, but the capability of doing so is what forces the keyserver to be honest, Weaver continued. Its worth pointing out that Open Whisper Systems partnered with WhatsApp to deliver end-to-end encryption, but that service, like iMessage, does not have a feature to verify users fingerprints.
Its unclear why Apple has not implemented some sort of manual verification method. The company did not respond to a request for comment.
Regardless, it would likely be a pretty easy addition to make to iMessage. A long press of view keys would be sufficient, Weaver said, although he anticipated that Apple could probably come up with some other, even easier-to-use method.
This is all assuming that the FBI, or other agency, could find the legal standing to compel Apple to send bogus encryption keys to a target. As the New York Times piece pointed out, a court order was obtained to demand Apple deliver unencrypted messages. Although that request was apparently unsuccessful, the technological groundwork for wiretapping iMessage is there, at least for the time being.
More information about the cryptography