Two security researchers have posted an outline for a talk about Apple’s iMessage security to be presented next month. The report claims that Apple could — but not that it does — intercept iMessages and read them if it wishes.
Apple had previously claimed, via its security documents, that iMessages were encrypted end-to-end and that it is unable to read them. Researchers ‘GG’ and Cyril ‘Pod2G‘ Cattiaux of firm Quarkslab claim that they have discovered a method to perform a man-in-the-middle (MITM) attack, which can intercept these messages and allow them to be read, despite the encryption used by Apple.
Cattiaux, under the moniker Pod2G, may be familiar to many in the iOS jailbreak community. He was formerly part of the Chronic Dev Team, one of the larger jailbreak groups and has discovered several exploits that allow these teams to perform their unlocking of the iOS system partition.
A brief for the presentation, entitled How Apple Can Read Your iMessages and How You Can Prevent It, which will take place at the HITB Security Conference in Asia next month, reads:
Can Apple read your iMessages? YES. Do they do it? Unfortunately, we can not answer.
Quarkslab team studied iMessage protocol for quite some time. We will explain the protocol layers, with Push then iMessage itself. With this understanding, we will be able to try to build a MITM attack toward iMessage. We will explain the mandatory conditions for the MITM to succeed. We will take you deep into the crypto used for encryption, authentication and key management. All pieces put together will prove that Apple can technically read your iMessages whenever they want.
The implication, then, is that Apple could intercept iMessages and read them using the attack. The researchers do not say that Apple is doing this, or that anyone is currently leveraging this vulnerability. Instead, the disclosure is designed to expose an attack that could be used this way and, apparently, to counter the claim by Apple that there is no way for it to read the messages.
The researchers say that they have confirmed that iMessages are encrypted end-to-end, and are not claiming that they can intercept it, just that they can demonstrate how an attack could be performed.
Apple’s statement about iMessage security is as follows:
For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.
We reached out to the researchers and were given answers to some questions about the presentation by Cattiaux.
TC: What versions of iOS or OS X are vulnerable?
CC: The conception flaw letting Apple intercept and read iMessages is in the protocol, not in a specific software or hardware.
It means that every Apple product that is compatible with iMessages is affected. Basically, nearly all current Apple products: iMac, Mac Pro, MacBook Pro, MacBook Pro Retina, iPhone, iPod Touch, iPad. We will release a tweak for jailbroken iOS devices and an application for OS X just after the presentation.
TC: Is this something that can be performed on OS X as well?
CC: Yes, and the OS X version will be more advanced than its iOS counterpart.
TC: Has the vulnerability been disclosed to Apple?
CC: A big part of the iMessage protocol is protected at the binary level (obfuscation techniques), and also, the protocol is closed-source and not documented anywhere. We thus considered that Apple wouldn’t answer our claims anyway. Maybe we didn’t make the right move, and we’re looking forward to get in touch with them in order to make iMessage even more secure. We would be happy if they fix the issues in the operating system itself, because requiring people to use our tweaks to improve their privacy is not the best solution. That would definitely be much more efficient it is was natively built into iOS or OS X themselves.
TC: Is this attack something you feel can be widely distributed or leveraged, or is it so difficult that this is not likely?
CC: The iMessage protocol is strong. Only Apple or a powerful institution (NSA is randomly chosen as an example) could tamper with it.
TC: Does it require physical access to a user’s device? If not, then can you give some details on what info you need to make it happen?
CC: Basically, if you are Apple or the NSA, it doesn’t require any prerequisites.
TC: Technically, this means that Apple could very well be forced to intercept messages on court request (if this method is accurate). Do you have any reason to believe Apple knew about the vulnerability?
CC: We haven’t seen any evidence that Apple has read iMessages of people, we would have [this] evidence if they had tried to spy [on] us. But [this is] not the case. In the same way, nobody can prove they [made] the design flaw intentionally to spy on people. It may be, or it is just a consequence of another choice. Only Apple can [know].
TC: This isn’t just Apple that is in a position to intercept, correct? If you guys can do it, other people could technically do it?
CC: Technically, we can do it and we’ll demo it, but there are some prerequisites. In a position of an external attacker, the encryption is strong enough to consider other targets to spy on a particular phone. In the position of Apple, things are really different
We went on to ask Cattiaux about the background of Quarkslab and why they chose to take on the ‘hacking’ of iMessage.
“Firstly, Quarkslab [has] a pretty good knowledge on DRM penetration testing. We do work with big customers to verify and improve their DRM security,” says Cattiaux. “Secondly, iMessage is quite a challenge. Add to that we wanted to understand the protocol (privacy issues or not), and we needed a use case to test one of our internal R&D project[s], all that made iMessage the perfect candidate.”
The importance here is immediately evident in light of the recent revelations regarding the NSA and its widely scoped information requests to companies like Apple, Google, Microsoft and many others. Obviously, Apple would have little individual motivation to read or intercept your iMessages, and plenty of incentive to keep them as private as possible. Cryptography researchers have delved into Apple’s iMessage claims previously, but that has been difficult because Apple has not published specifications.
But if Apple’s iMessage system is vulnerable to a MITM attack — which apparently places an intercepting party in the sending process at a time when the messages are un-encrypted and available for viewing — then it could theoretically be forced to exercise this ability by a court order for information.
From what the researchers are telling us so far, only Apple or a company with enormous resources like the NSA would be capable of performing this kind of interception.
We’ll have to wait for the talk, which is set for the HITB conference on October 16 and 17 in Kuala Lumpur, Malaysia. We have reached out to Apple for comment on the researchers’ discovery.