[Cryptography] Signal planning no support for plaintext SMS

[Ron Garret]

On Nov 9, 2022, at 12:28 PM, Shironeko <shironeko at waifu.club> wrote:

> Ron Garret <ron at flownet.com> writes:
>> Apple can push an OS update that gives them access to your keys even without iCloud any time they want.  So with or without iCloud, your security with iMessage is entirely dependent on Apple’s trustworthiness.
>> 
>> And this is true in general for any vendor. The only way you can be absolutely
>> sure that there isn’t a back door in your comms is to build your own silicon
>> foundry from the ground up. The minute you use *any* third-party hardware or
>> software *anywhere* in your process you open yourself up to a rusting-trust
>> attack.
>> 
>> So as a practical matter you have to trust someone, especially if you’re a muggle.  It might as well be Apple.
> 
> This is has nothing to do with the problem I mentioned. Trusting trust is a very
> real but different threat.
> 
> What I want to point out is that iMessage’s existing implementation is
> verifiably non-secure. It is not a theoretical attack vector or something they
> hide in an upgrade. Apple performs an mitm attack on their supposedly “end to
> end encrypted” system literally every day, it’s called recovering from an iCloud
> backup. If they system is “end to end encrypted” they will not have the ability
> to do that.

That is not true.  It is possible to implement a secure end-to-end-encrypted cloud backup.  The ability to recover from an iCloud baclup is, in and of itself, not evidence of anything.

What makes Apple’s implementation insecure is that they back up your keys as well as you data.  But that is completely orthogonal to your original criticism:

> From all I can gather the security of iMessage drops to basically the same level as email the moment you enable iCloud. Your message keys are stored in iCloud and Apple have full access.

I reiterate: Apple’s ability t read your messages is not contingent on your enabling iCloud.  They can, if they choose to, read your messages with or without iCloud backup enabled.  Your privacy depends entirely on their trustworthiness either way.

rg