There is zero control over what public keys get handed over to your phone to encrypt an iMessage with. For all we know, whenever you want to send a message to $USER, your phone gets a public key for $USERs iPhone, her iPad and the NSA master key.
Tim Cook can state that they can't decrypt the message all he wants, but as long as there's no control over what public keys we encrypt the message with, the statement that Apple or the NSA can't read the messages is a half-truth at best.
Don't use iMessage for anything you wouldn't be using email for. Assume every message you send over iMessage to be public.
>If the government laid a subpoena to get iMessages, we can’t provide it. It’s encrypted and we don’t have a key. And so it’s sort of — the door is closed.
But the government can (and probably has) force you to have the phones send a copy of every message to some government server encrypted with the government's public key. They don't need to subpoena messages - they already got them all.
He didn't make a statement that Apple or the NSA can't read your messages. He said that Apple can't read your messages. However since you are so concerned about half truths, if you're going to criticise someone's statements, it would be nice if you'd address what they actually are saying.
It's entirely possible that the NSA has hacked Apple, or that an Apple employee has been subverted by the NSA and inserted a back door into the encryption system. Tim Cook wouldn't know about that and can't give assurances of that kind, and isn't trying to. All he can do is state what Apple as a company intends and can do acting according to it's policies.
So yes it's entirely possible Apple or the NSA has back door keys to iMessage. Tim Cook is now publicly on record saying that Apple don't. That's not a 'half truth at best'. It's either true or it's a lie. I'm not telling you to believe him or not, but historically these things have a way of coming to light eventually, one way or another.
If the government laid a subpoena to get iMessages, we can’t provide it. It’s encrypted and we don’t have a key.
It's encrypted and they don't have the key, but since the user does not have any control over the public keys being added, they could add a trusted public key and get it anyway. So they can actually provide messages if they really wanted to.
I don't believe they really want to. But the thing we should've learnt from last year's revelations is (1) that companies can be forced to do so anyway via secret courts; and (2) the NSA is willing to make a 'technical solution' otherwise.
So, Tim Cook is not being completely honest here. Apart from what hardware can do, the only way to trust such an application is if you had the source code, the source code of the operating system and the source code to firmware blobs, and some way to prove that everything was compiled from public source code without modifications. Since that is not going to happen, iMessage should be considered as secure as unencrypted e-mail when it comes to governments. Of course, it does provide more protection than e-mail against less equipped actors.
They can't create trusted public keys after the fact, they'd have to already have them. So there's no half truth. Either they currently create and store such public keys or they don't. Tim Cooke is saying they don't. That statement can't be half true. It's either true or false.
tl;dr: Apple can send you a public key of Bob's new device. Apple can pretend to send you a public key of Bob's new device. And since it's proprietary software, they can trigger a resend of your recent messages to Bob.
Moreover, if you use iCloud backups, they have the keys to your kingdom, since it fails the 'mud puddle test':
So this ends up being as "simple" as answering the question: Do you trust Apple? Given they control the operating system and all around it, having the directory server controlled by someone else (or distributed) doesn't solve the problem as they have access to anything they want in your device, meaning they don't need any keys to begin with.
I wouldn't trust any company that blatantly dodges the question of security with a half truth. It's clear he's playing word games for PR points.
You can reset your password and redownload all of your messages to a new device if you use iCloud backup. Cook is full of shit when he says that Apple doesn't have the capability. They own the system.
Even a dedicated civilian could reset your password, associate a device with your account and receive all messages going forward. To state that Apple cannot is such a laughable claim that it becomes clear that it's just a PR game. Which calls into question how sincere he is in his feelings about privacy.
For the record, you cannot redownload old messages in iMessage; if you use iCloud Backup, a civilian could fetch messages from there, but if not, they're out of luck.
Fair enough, I was mistaken. Security is hard, but no one should get a pass playing games like this when it comes to security.
A civilian could still associate another key (device) to the account if they're dedicated with the password or a password reset (not as stealthy) assuming 2FA is disabled. And Apple could surely do it stealthily since they own the system.
They have the capability, and it's too kind to his statement by calling it a half-truth in that respect because it's really a lie when he says "[Apple doesn't] have the capability."
>And since it's proprietary software, they can trigger a resend of your recent messages to Bob.
Apple control iOS so they could just release an update that disables crypto and leaks all the messages - your point is irrelevant since they can't trigger a resend without an update to iOS.
They can't create them for old messages, but they could theoretically add them for messages going forward. So it could work like an old-fashioned wiretap, where you get the subpoena, install a bug and start listening -- but can't go back in time and listen.
How? iMessage encrypts and sends a copy of every message to every device registered to a recipient (iPads, iPhones, Macs, etc.), each of which has distinct public keys. It's actually a pretty ingenious aspect of iMessage, that it can support multiple devices without any private key exchange.
But..... those recipient public keys are provided by Apple. So in theory Apple could add itself or law enforcement as another "device" -- let's call it "fbiPad" -- completely bypassing all that security.
However the "good" news is whether Apple is actually doing that in a given instance could theoretically be detectable by analyzing network traffic, since it would result in an additional copy being sent. Even though it's encrypted you could probably tell by the amount of data.
True. But they can replace any program on any iPhone with an NSA/Justice system version, and give the replacement access to any keys stored on the iPhone.
There can never be any security on a closed system where a central party has all the control. That means apple's system is a lost cause for user security.
Apple can silently slipstream applications onto a users iPhone ? That would means dozens of employees would be involved in a conspiracy with the US government. And over all the years none of them has leaked anything ? Sounds far fetched.
Also better not use a phone. Because Android and Windows Phone would have the same problem.
Of course Apple can "silently slipstream applications onto a user's iPhone". Whether they'd risk getting caught doing it (even for non-all-powerful law enforcement agencies) without a court order or for anything less indefensable than a kiddie porn investigation is less clear. (And whether the NSA would even need Apples help to do it themselves is questionable - I suspect whoever owns the baseband has as much access as you'd even need, so now you're relying on AT&T/Comcast/Verizon/TMobile to put protecting your privacy above keeping the corporation on-side with powerful government agencies...)
Apple can remotely delete apps on iPhones. They've used it to delete apps that were removed from the app store. Apple can force your phone to download the latest U2 album. Upgrading your apps silently is probably not outside their control if they wanted to.
My phone certain did not automatically download Songs of Innocence. For those users whose phones DID automatically download it, they must have enabled the "automatically add purchased content to this phone" feature.
According to my research, Apple has NEVER used the "kill switch", unlike Google: 'Google also possesses a remote "kill switch" for Android apps, but unlike Apple, it has made use of the feature before. In 2010 the Android security team deleted two apps created by a security researcher after they "misrepresented their purpose in order to encourage user downloads." Its kill switch is referred to by the company as the "Remote Application Removal Feature.' [1]
The point is they have the capability and because of your government's secret court system the general public very well may never find out whether or not the capability has been taken advantage of.
I can guarantee you that the "automatically add purchased content to this phone" check box does absolutely nothing to protect your phone from downloading and integrating data from Apple silently if they should choose to target you. And you would likely never know if they choose to target you.
iPhones by default are set to automatically download purchased content from the iTunes Store. It's a feature so purchases made on one device automatically appear on others. All Apple did was "buy" the U2 for everyone. Nothing magical about it.
To bring that up in the context of iMessage security shows either ignorance or stupidity.
And remote deleting is quite a bit different to silently upgrading apps for the purpose of spying.
Even if a new public key is added to the keybag, the NSA wouldn't get old messages, only messages from that point forward.
Still troublesome, and I wish there was some way to see what keys are being used and cross verify them with the remote user, so that if a new key is added you would be notified.
But there is no way for Apple to retrieve old messages and send them to the NSA.
Euhm, no, it would have access to any message you can see from the phone, old or new. Plus I don't think there's a per-message key at all. So they could have logged the messages, then install a patched iMessage on your phone to send them the key.
That is assuming Apple's claim is true at all, and they need this in the first place.
which is also a half-truth. They can't read messages encrypted with another phones public key, but they can certainly read messages encrypted with their public key which they might or might not send to your phone in addition to the actual recipient's public key.
Neither me nor he is saying that Apple does in-fact read your messages (they probably don't), but saying that they can't read your messages is not correct. They certainly can by sending your phone an additional public key.
"If the government laid a subpoena to get iMessages, we can’t provide it. It’s encrypted and we don’t have a key."
There's no wiggle room there. He's not saying we don't have the users key, he's saying categorically they can't provide iMessage information. I don't understand why you think that can be read as they can't get the information through mechanism X but that they can through mechanism Y.
That's not to say the NSA can't read them - possibly with Apple's help, possibly without - but he's really not in a position to talk about what the NSA can and can't do.
From a corporate PR perspective, he really doesn't have to say anything about this. He doesn't do many interviews, he could have declined this, or declined to talk about certain topics as part of the conditions around doing the interview. If Apple can indeed read your messages then the easiest thing for him would be to shut up and say nothing so it would seem odd to go public with a lie when he has that option.
What is missing is that they can add another key for intercept. They really need to be able to do so to comply with the law.
It's well established that the police can intercept communications with a warrant. Many HN posters have an issue with that too, but that is just a hard truth with decades if legal precedence.
The issue, IMO, is the warrantless collection part. IMO, iMessages probably protects you against the latter, although 3-letter agencies may record the messages and use other means to decrypt them later.
They could add that but as things stand right now that second key doesn't exist - or at least it did then Cook would be out and out lying here. Obviously anything can change in the future but based on what Cook is saying either he is lying or Apple can't read your iMessages - I see no wiggle room which creates a middle ground or half truth.
In terms of what the police and other agencies can request, they have been able to ask for stuff in the past because it was information you had. If someone produces a court order they have to comply with that but there is no way of making you produce information you don't have.
As a result some companies are now setting stuff up so they don't have the sort of information which might be requested.
I may be wrong about this but I'm not aware of any law that says that a company can't do this. Certainly if there is then there are plenty of businesses aimed squarely at this sort of privacy and security which are going to have major issues given that it's basically their USP.
And if a company has to do it then the same law will apply to any individual producing open source software to do the same - any such law would be highly unlikely to be dependent on the product being created and distributed by an incorporated company.
Where there will be a problem (and this is the point Cook was making) is for companies where gathering that data is fundamental to their business. Apple can happily survive without being able to read or track iMessages. Facebook or Google have fewer options when it comes to not recording or storing stuff.
I disagree. If things go south (meaning they do what they claimed they couldn't, and then get caught) people will surely remember it, and in that case it would be negative PR-points, doubled.
That doesn't mean he's not lying, it just makes it less likely.
>> "It's entirely possible that the NSA has hacked Apple, or that an Apple employee has been subverted by the NSA and inserted a back door into the encryption system."
"Entirely possible" is the understatement of the year. I think you mean "absolutely guaranteed." This is the raison d'etre of signals intelligence agencies. The alphabet agencies would be utterly failing at what they see as their job if they didn't have many, many plants inside Apple/Google/AT&T/large communication organizations.
And Tim Cook isn't stupid; he knows this. His claims might be technically true in a strictly literal sense, in that he doesn't have the key, but the claims are certainly misleading to the nontechnical public. He knows full well that iMessage is uber-compromised, probably in several different ways (legal wiretaps, technical intrusions, HumInt, etc).
Unless that's been fixed (I haven't come across any evidence one way or the other), you're not just worrying about Apple and the NSA: Your iMessages are vulnerable to anyone who can forge a certificate and MITM your connection to Apple's servers. I'd say that's a reasonably high bar except for one thing: I believe it covers the vast majority of corporate iPhones used on company-internal networks.
Certificate pinning usually (ex: Chrome) is implemented with an exception to allow a company administrator to install a new root CA cert on the device and MITM connections. Does iMessage not allow this?
The fact that Apple could in the future modify their system to permit them to read iMessages (e.g. by interposing themselves between sender and receiver using fake public keys) is not really a fair basis for alleging that Tim Cook or anyone else is telling "half-truths" in respect of what Apple is currently doing. He has said they are not reading them and that, at present, they cannot read them. I'm not aware of any basis for impugning his credibility in that respect.
But it remains the case that anyone seriously concerned about security should continue to guard against that possibility in the future.
"as long as there's no control over what public keys we encrypt the message with, the statement that Apple or the NSA can't read the messages is a half-truth at best."
This.
That said, it is reasonable to believe the way iMessage is architected would likely make mass surveillance harder in general, just like widespread use of SSL does, so it is not entirely useless either.
The bigger problem IMO is that they then upload the message database unencrypted (from server's standpoint) to iCloud in the backup process (which is admittedly optional, but effectively on for most users). That, of course, is easily readable, as the celebrity hack shows.
More specifically, it makes it so that Apple is not forced to conduct mass surveillance by giving up everything when they receive a legal wiretap order, in the vein of Lavabit.
If you see someone else running a message system that has no way for the cops to read it, that should be a sign that it's insecure -- not technologically, but architecturally.
I'm unclear as to what you mean by that last sentence. If someone is running a message system that is distributed and keys to encrypt and decrypt are store locally, not on the server, then why wouldn't it be secure? The message system may be anything as simple as an addressing system
Ex: Email, which is run by any number of providers, however if an email client is configured to use PGP and access is via POP/IMAP and not webmail, it's still secure as far as we know. A message system that may not be email, but still doesn't store keys on the server, still provides no way for cops to read it. Except perhaps to see some message was sent, not what the message was.
> If you see someone else running a message system that has no way for the cops to read it, that should be a sign that it's insecure -- not technologically, but architecturally.
What's that supposed to mean? What about OTR or TextSecure or PGP over email?
Your presumption is that iMessage encryption is useless if the NSA can still read the messages. Speaking for myself, I don't care if the NSA can read my messages. My biggest concern is keeping my private data protected from for-profit corporations like Apple and Google.
Crypto it's useless in the sense that the trust model is broken. The point of crypto is to trust math, not people. Apple can read iMessages too, but it's a safe bet that they don't.
I don't really disagree with the reasoning, I just disagree with how Apple only is the recipient of such scrutiny. Same deal with payments stuff. And the reason basically boils down to, they have fancy ads and their products look really nice so they must be lying to us.
Even if you could set your own keys, there's no guarantee their infrastructure doesn't leak them to NSA. And considering Snowden's revelations, it's more likely than not.
Tim Cook can state that they can't decrypt the message all he wants, but as long as there's no control over what public keys we encrypt the message with, the statement that Apple or the NSA can't read the messages is a half-truth at best.
Don't use iMessage for anything you wouldn't be using email for. Assume every message you send over iMessage to be public.
>If the government laid a subpoena to get iMessages, we can’t provide it. It’s encrypted and we don’t have a key. And so it’s sort of — the door is closed.
But the government can (and probably has) force you to have the phones send a copy of every message to some government server encrypted with the government's public key. They don't need to subpoena messages - they already got them all.