Apple accused over 'secure' iMessage encryption
Infosec wallah questions security of fruity chat service
A security researcher has suggested that Apple's claim that its iMessage app is spook-proof and secure does not stand up to scrutiny.
Cyril Cattiaux, who works at the research firm QuarksLab, made his claims during a speech to the Hack in the Box conference, which were quoted by PC World – the tech news site, rather than the British retailer.
In a detailed blog post, Cattiaux said that the public key cryptography used by Apple in its iMessages made them vulnerable to snooping.
He said: "The weakness is in the key infrastructure, as it is controlled by Apple. They can change a key any time they want, thus read the content of our iMessages."
However, there is no suggestion that Apple wilfully misled its customers and it has not been accused of actually reading fanbois' iMessages.
In June, Apple released the following statement which discussed the security of iMessage:
Conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data.
Apple's iMessage is a text-messaging service which allows fanbois to send free messages over Wi-Fi. ®