Earlier
this year, Apple said: "Conversations which take place over iMessage and
FaceTime are protected by end-to-end encryption so no one but the sender and
receiver can see or read them. Apple cannot decrypt that data."
But
Quarkslab, a Paris-based security firm, disputed those claims at a Hack in the
Box conference in Kuala Lumpur on Thursday, according toArs Technica.
Quarkslab
claimed, on its blog:
"Apple can read your iMessages if they choose to, or if they are required
to do so by a government order."
The
researchers explained that there is no evidence iMessages are being decrypted
by Apple or the government, but that it would be possible.
It
wrote: "There is end-to-end encryption as Apple claims, but the weakness
is in the key infrastructure as it is controlled by Apple: they can change a key
anytime they want, thus read the content of our iMessages."
The
messages could not be read by hackers, as they would require physical control
of the device and the installation of malicious software such as fake
certificates.
Apple
employees would not need this as, if they were working under a court order,
could control the infrastructure without tampering with the device.
Apple
made their claims about security encryption in June, following information
leaks by National Security Agency contractor Edward Snowden, who classified
information about the agency's practices.
An
Apple spokesman said: "iMessage is not architected to allow Apple to read
messages. The research discussed theoretical vulnerabilities that would require
Apple to re-engineer the iMessage system to exploit it, and Apple has no plans
or intentions to do so."
Source: Telegraph
previous article
Newer Post
No comments
Post a Comment