[Cryptography] Apple�s iMessage Defense Against Spying Has One Flaw

Ryan Carboni ryacko at gmail.com
Thu Sep 10 02:48:51 EDT 2015


For example, pursuant to these sections Apple makes available the following:
{Apple legal source}

Device Registration (name, address, email address, telephone number, iCloud
Apple ID)

Customer Service Records

iTunes (name, physical address, email address, and telephone number,
purchase/download transactions and connections, update/re-download
connections, and iTunes Match connections, iTunes subscriber information
and connection logs with IP addresses, specific content purchased or

Apple Retail Store Transactions (cash, credit/debit card, or gift card
transactions, type of card, name of the purchaser, email address, date/time
of the transaction, amount of the transaction, and store location, receipt

Apple Online Store Purchases (name, shipping address, telephone number,
email address, product purchased, purchase amount)

iTunes Gift Cards (sixteen-digit alphanumeric code, nineteen-digit code,
any purchases, name of the store, location, date, and time, user account

iCloud (music, photos, documents, iCloud email, encryption keys, Subscriber
Information, iCloud feature connections, connection logs with IP addresses,
Mail Logs, records of incoming and outgoing communications such as time,
date, sender email addresses, and recipient email addresses, Email Content,
Other iCloud Content, Photo Stream, Docs, Contacts, Calendars, Bookmarks,
iOS Device Backups, stored photos, documents, contacts, calendars,
bookmarks and iOS device backups, photos and videos in the users’ camera
roll, device settings, app data, iMessage, SMS, and MMS messages and

Find My iPhone (including connection logs)

Other Available Device Information (MAC Address for Bluetooth, Ethernet,
WiFi, or FireWire)

Requests for Apple Retail Store Surveillance Videos

Game Center (Connection logs with IP addresses, specific game(s) played)

iOS Device Activation (including upgrades the software, IP addresses, ICCID
numbers, and other device identifiers)

Sign-on Logs (iTunes, iCloud, My Apple ID, and Apple Discussions,
Connection logs with IP addresses, Sign-on transactional records)

My Apple ID and iForgot Logs (password reset actions, Connection logs with
IP addresses)

FaceTime (logs when a FaceTime call invitation is initiated, content
protected by 15 bits of entropy if secure enclave baked key is obtained
from manufacturer)

iOS 7 and below the passcodes and full access can be immediately granted.
Encrypted device backups are available for all versions 8 and beyond -
these are protected by just ~15 bits of entropy by default passcode with
access to the secure enclave keying material which is also subject to legal
compulsion and reasonably we can expect the intelligence community to have
access to them.

Their warranty canary was removed, their system (despite claims) is easy to
subvert, there was no big legal case (just a show), they were an early
adopter to upstream programs such as PRISM, they would be breaking the law
if they truly (in praxis) were they preventing access, and yeah... they can
claim they don't give access if they outsource their backdoor to a separate
manufacturer (Apple's entire strategy is to own the entire manufacturing
pipeline - so what's with the outsourcing anyway).

Even if you fool yourself into thinking the touted "Secure Enclave" is
secure for your particular threat model - just pretend that - look over the
list above again.

Yes a thousand times.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150909/17e6adf1/attachment.html>

More information about the cryptography mailing list