An Apple whitepaper on iOS security explains what happens in an iMessage conversation, and why it is more secure than most other chat apps. But are we sure no one is listening in?
Judging by the amount by which Facebook acquired WhatsApp in the past week, there is a big interest in such apps — both as a tool for data gathering and monetization through the social messaging platform. However, given the prevalence of mobile chat apps, these have also become a target for eavesdropping. Messaging platforms have been target of privacy concerns of late. For instance, leaked documents would indicate how government agencies use mobile apps and platforms to spy on their targets.
Apple’s iMessage has been lauded as more secure than the typical app, due to the end-to-end cryptography used by the service. For one, Apple itself claims that it cannot read messages exchanged over the network, much less share information with the authorities. Additionally, the fact that iMessage is limited to among iOS and OS X devices makes the population of potential targets a bit smaller.
Apple recently released a white paper that discusses the security protocols used in Apple devices, and this includes iMessage, among others. What’s interesting to note is how Apple implements layers of security over iMessage, such that even the company cannot open messages without a particular recipient device’s private key.
When a user turns on iMessage, the device generates two pairs of keys for use with the service: an RSA 1280-bit key for encryption and an ECDSA 256-bit key for signing. For each key pair, the private keys are saved in the device’s keychain and the public keys are sent to Apple’s directory service (IDS), where they are associated with the user’s phone number or email address, along with the device’s APNs address.
This is explained in simpler terms with a mailbox analogy. With iMessage, there is a mailbox and two keys: one for placing messages inside the inbox and one for opening the inbox to read messages. As these are not interchangable, only the recipient device can open a message. Each iMessage sent over Apple’s network is encrypted from the source using the public key stored on Apple’s databases.
If a user has several iOS devices, then the message is encrypted for each of these devices, and only the intended device can open the particular message sent to that device. Once the encrypted copy of a message is retrieved, it is then deleted from Apple’s servers.
Apple says that everything is encrpyted, except for metadata. “Metadata, such as the timestamp and APNs routing information, is not encrypted.”
While the threat of eavesdropping is minimized, however, some observers point out that a main-in-the-middle attack can be performed, although it will require Apple’s intervention, or access to Apple’s systems, in order to perpetrate such an attack. Additionally, metadata can be used to extrapolate information, to some extent.
Still, this level of encryption might make iMessage a viable medium of information exchange for users who want to ensure privacy — something akin to privacy-focused apps and devices like Silent Circle, Telegram and Blackphone.
Sources: Apple (PDF)