Security research firm QuarksLab recently dropped a bombshell on iOS users with a presentation at the Hack in the Box conference that described how Apple could read your encrypted iMessages.
While the method described is complex, what QuarksLab showed in a nutshell is that while messages sent through Apple’s text message replacement service are encrypted end-to-end, Apple controls the encryption keys that protect those messages, and can change those keys in order to get access to the content of the messages, if, for example, the government ordered the company to.
It’s worth noting that QuarksLab did not say that this was something Apple was currently doing, but that it was something they could do in the future. Unsurprisingly, that touched off a firestorm.
For its part, Apple says that they’re not interested in implementing what was described in the paper.
“iMessage is not architected to allow Apple to read messages,” Apple spokeswoman Trudy Miller told AllThingsD. “The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”
Still, even with Apple’s theoretical ability to snoop, iMessage is still well-secured against outside attackers, which is better than other services, including SMS, which can be attacked just by setting up a fake cell tower.
Blair Hanley Frank is GeekWire’s Bay Area Correspondent. He has also worked for Macworld, PCWorld and TechHive. He can be found on Twitter @belril.