Apple Explains Exactly How Secure iMessage Really Is

Millions and millions of people use iMessage every day. But how many people know exactly what’s going on behind the scenes, or what happens to a message once you send it?

Maybe a handful. Up until now, the vast majority of what we knew about iMessage’s inner workings came from reverse engineering and best guesses. This week, however, Apple quietly released a document that breaks it all down.

If you know your stuff when it comes to cryptography, you can find the document here. The iMessage bit starts at page 20, but there’s all sorts of crazy interesting stuff regarding cloud keychain and hardware security packed in there too.

If you don’t know much about crypto, I’ll try to break it down a bit below. I admittedly have plenty of gaps in my crypto knowledge, but I’ve triple-checked this with people who know considerably more about this topic than I.

Before we dive in to the deeper stuff, you’ve got to understand one overarching concept at play here. It’s a fairly standard concept in the tech world, but it’s not something that most people ever have to think about. It’s called public-key cryptography.

To over simplify it: imagine you have a mail box. This box has two keys. One key lets you drop mail into the mail slot, and one key lets you take mail out. The input key and the pickup key are entirely different; one can never be used to replace the other. You can give away a million copies of your input key, and no one could use it to do anything but put mail in. Unless they find a copy of your pickup key or find a weakness in the way your mailbox was designed, your message is safe.

This is the thinking behind public-key cryptography. Your “public key” is like the mail slot key. You can share it with the world, and anyone can encrypt messages to send to you. But the public key only works in one direction. Once a message is encrypted, that public key can’t be used to decrypt it, or reverse the encryption. Once encrypted, your private key (the mail pickup key, in the analogy above) is the only way (barring exploits/brute force with a supercomputer) to restore the message to its original readable form.

With that, here’s how iMessage works:

Too long, didnt read? Basically: Unless Apple is omitting something or there’s some backdoor tucked into their many-layers-deep encryption (which, while unlikely, isn’t inconceivable) they really can’t read your iMessages without a fairly insane amount of effort. Sure, they could theoretically brute force their way past your private key. Or they could scrap the entire system and replace it with something with glaring security holes, and hope no one notices.

But the same could be said for any service where someone else is even temporarily storing your messages — when you’re putting things into a black box, even if you think you know exactly how that black box works, you’re trusting that the black box hasn’t changed. And if Apple intends on ever lurking through your iMessages, they’ve made it pretty damned hard for themselves.

Update: As some have pointed out, there are, in fact, potential points of failure in this security model as detailed. For example: because Apple is encrypting messages/data once for each device and has control over the key infrastructure, they may (if, say, by court order) be able to throw another public key into the mix— thereby allowing messages sent to you after that point to be read by whoever has the corresponding private key.

Latest Stories