Is iMessage secure? The good, the bad, and the complicated
Last week, researchers from QuarksLab gave a presentation at HITBSecConf2013 on the security of iMessage. The researchers sought to investigate claims made by Apple that nobody but the sender and receiver could read iMessage data thanks to their use of end-to-end encryption. While the researchers discovered that they were able to intercept and decrypt iMessages, Apple was quick to respond insisting iMessages infrastructure is not set up for that type of interception. So which is it? Is iMessage secure or not?
Details published on the research cover two kinds of scenarios. The first scenarios is one where a malicious attacker is able to intercept, decrypt, and manipulate iMessages between two users. The researchers properly point out, multiple times, that this attack has "strong requirements". An attacker must be able to acquire both parties private keys (in one type of scenario), impersonate two separate Apple servers, redirect the victims' traffic to those servers, and install a certificate for their own CA on the users' devices. Is this possible? Absolutely, and the researchers even published a YouTube video demonstrating the attack. It is probable? No. While the attack is reproducible in an environment where you control and have full access to the devices you're attacking, it becomes tremendously more difficult when you're talking about targeting people in the wild.
The second scenario the researchers discuss, which is slightly more worrisome, though probably not freak-out worthy, is one where Apple could intercept and decrypt iMessage between two users. With Apple, there's no need for an attacker to install their own trusted CA on a victim's device because Apple already has a CA that is trusted by iOS devices. Apple doesn't need to impersonate any servers because they're the ones running the actual servers. This also means Apple doesn't need to redirect the victims' traffic since it's already in the middle of it. Finally, Apple owns the server that assigns the encryption keys. This means that, from a cryptography standpoint, Apple possesses everything necessary to read iMessages between its users.
Apple issued a response to the research, saying that iMessage is not architected in a way that would allow such an attack to take place:
The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.
While theoretically Apple has all the pieces necessary to intercept iMessages, their stance is that technologically their system is not set up in a way that would allow for that. While Apple could be lying about this, the damage that would be caused to their reputation if it was discovered that they were lying doesn't seem like it would be worth the risk. If Apple had a backdoor for reading iMessages, it seems more likely that they simply would have stayed quiet back in June, rather than going on record with a voluntary statement insisting they can't read iMessages. With the number of large tech companies that we now know the NSA taps into data from, Apple would have had nothing to lose by staying quiet about the whole thing, but they have a lot to lose from lying.
Moreover, whether you trust Apple or not, trust them to do what's in their own self-interest. If iMessage is proven to be exploitable in a way Apple has denied, it will harm their business. That's not in Apple's self-interest.
The research raises an interesting point though, which is that, if the NSA wanted to, from a cryptographic standpoint, there is nothing stopping them from requiring Apple go give them access to people's messages. The NSA could coerce Apple into re-engineering the iMessage system to allow for such eavesdropping. With that in mind, it would be nice to see Apple come up with a stronger key infrastructure, or perhaps as a start just sharing more information about their current system.
Another change some people have been proposing is certificate pinning. Ironically, a lack of certificate pinning is what allowed the researchers to analyze iMessage's traffic; the closed protocol which Apple has been scrutinized for not publishing more details on. If Apple had employed certificate pinning, iMessage would not have accepted the researchers' self-signed certificates that they were using on their fake iMessage servers. Certificate pinning would also prevent a malicious attacker from installing their own CA on a victims' devices, in turn preventing them from intercepting iMessage traffic. This would increase security in terms of an outside attacker, which as we already discussed, is a fairly unlikely scenario, but wouldn't change anything about Apple's potential ability to intercept messages. It could be argued that Apple should do this from a security standpoint, but still does not address the bigger concern.
For now, it really comes down to a question of whether or not you should use iMessage. The researchers gave an accurate assessment:
MITM attacks on iMessage are unpractical to the average hacker, and the privacy of iMessage is good enough for the average user.
If the informations being exchanged are sensitive to the point that you don’t want any government agencies to look into them, don’t. It's important to remember that iMessage was introduced as a replacement for SMS, which isn't encrypted at all and can be easily spoofed. The importance of security shouldn't be downplayed, but in the context of text messaging, iMessage continues to be more secure than SMS.
As users, we are left trying to find the right balance of convenience and security. iMessage offers the security of encrypting messaging, but sacrifices some security with the convenience of transparent encryption. Apple could implement a system where a sender and receiver confirm their keys with each other before beginning messaging, but of course this would reduce convenience. If you currently have a need to transmit highly sensitive information that you can't risk the NSA or other three-letter acronyms from seeing, iMessage isn't the best choice and really never was. For the other 99.9% of iOS users, iMessage remains a convenient messaging solution and there's not much need to worry about your communications becoming compromised.