Apple denies claims that it can or will read users' iMessages

Apple has previously stated that with iMessage's built-in end-to-end encryption, it would be impossible for anyone to hack into the messages including the company itself. Security research company QuarksLab challenged this on Thursday at the Hack in the Box conference, stating, "Apple can read your iMessages if they choose to, or if they are required to do so by a government order." Today, Apple is firing back.

First, for some additional background, QuarksLab detailed how it came to this conclusion a bit further. "The weakness is in the key infrastructure as it is controlled by Apple: They can change a key anytime they want, thus read the content of our iMessages," it explained.

"iMessage is not architected to allow Apple to read messages," an Apple spokeswoman told AllThingsD. "The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so."

That doesn't exactly state that QuarksLab's claim is false, but it's basically saying it's never going to happen.

It's interesting that Apple chose to defend itself against this particular claim. The company does get bullied or at least challenged often but usually doesn't issue public responses unless it's something serious. The NSA scandal probably has an influence on Apple wanting to maintain a positive image for privacy and security in the public eye. Hopefully, the defense stated above is future-proof.

Source: AllThingsD | Image via Apple

Report a problem with article
Previous Story

Stop-motion animation powers latest Windows 8.1 commercial

Next Story

Windows Server 2012 R2 released

43 Comments

Commenting is disabled on this article.

this is the thing can you or can your not read "encrypted"messages, i thin you can and doesnt matter what messxaging service you get it from its the dame

ThunderRiver said,
Well, we will know Apple lies if someone there will be "sponsored" messages

of course they do. it's in there best interests to do such a thing. No apple garbage thank you.

soldier1st said,

of course they do. it's in there best interests to do such a thing. No apple garbage thank you.

Only if you can promise to quit posting garbage.

So terrorists or anyone else who wants to do illegal stuff could just communicate using this and be 100% secure?? Apple is a big company with many users so i do not believing that the US government has not put pressure on them to have a "backdoor", and as we know its a crime not to comply with court orders.

This seems more like a stunt, claim its secure to lure the bad people in to using it then blam they all get arrested.

Kalint said,
Conversations between Apple users usually consist of: baaaa, baaaaaaa, baaaaa, baaaaa

They consist of: money, money,money, drm, drm, drm, control, control, control, lock down lock down, lock down, restrict customers, restrict customers, restrict customers.(most of this isn't limited to just apple)

I see new trollware rolled out to the fandroids extra early this weekend!

Bleep, bleep, bleep, bleep, bleep, bleep, bleep, bleep!

Well Apple claims that currently it has no way to because of the encryption, however QuarksLab argues that with some work it's possible. Apple is basically saying it's not willing to put in the work to read them.

Wait so... Apple says they can't, Quarks says they can with some work, and you say they can already based upon the opposite of what both sides are saying?

You're entitled to your opinion man, but I don't follow how both sides are wrong based on... well, nothing.

Quarks say Apple could. Apple didnt say they cant. Apple said they could but didnt want to put forth the effort. I am guessing basing of my own assumptions. Again, my opinion.

techbeck said,
I dont believe for one second that Apple cannot read user messages.

Apple can read user messages if they want. if a user were given a private key that apple had no copy of, then apple couldn't read them, unless they hacked in.

techbeck said,
I dont believe for one second that Apple cannot read user messages.

If they know how to encrypt it, there's no way in heck, you're going to tell me they don't know how to unencrypt it!

you encrypt something with a public key,and decrypt it with the private key.

a sender retrieves the recipients public key off of apples servers, uses this key to encrypt the message. the recipient then has a private key on their phone, which they use to decrypt the message. on the surface, this looks like its totally secure,since only the recipient has the private key to decrypt the message,and this private key is physically in his phone.

the big vulnerability in this is, apple can, if they choose, give the sender the wrong public key, perhaps the public key of an NSA guy. now when the sender sends the message, the NSA guy uses his own private key to decrypt them message. To prevent suspicion, the NSA guy can then relay this message back to the intended recipient,and the whole process can seem transparent.

I'd say its a totally legit concern,and apple can do it if they wanted to or were forced to.

FriendlyBully said,
It's not Apple's fault the US government believes there are almost 7 billion terrorists at large.

Including themselves?

FriendlyBully said,
It's not Apple's fault the US government believes there are almost 7 billion terrorists at large.

Unbelievable that people like you are still allowed access to the internet.

Jarrichvdv said,

Unbelievable that people like you are still allowed access to the internet.

I too am surprised that his Internet access hasn't been revoked for speaking out against the NSA and the US Government. They have the power. Surely there is a form you can fill out to protect us from FrindlyBully being on the Internet. Carry on, and Hail Obama!

Lord Method Man said,
Please, give Apple a break.

LMAO... That's never gonna get old now thanks to that Neowin editorial... lol

FriendlyBully said,
It's not Apple's fault the US government believes there are almost 7 billion terrorists at large.

Oh please...you don't believe that do you?