What the DEA really said about iMessages, and what it means to you

What the DEA really said about iMessages, and what it means to you

It was recently reported that iMessage had caused a snag in the Drug Enforcement Administration’s ability to intercept text messages. Citing iMessage’s end-to-end encryption as the cause, the DEA stated that "iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider." On the surface, this seems reassuring to iMessage users that their conversations can’t be intercepted. But is it possible that we’re giving a little too much credit to the DEA when they say iMessages are “impossible to intercept”?

Security researcher Moxie Marlinspike reminded us that the government has had their snooping efforts stymied by less sophisticated systems. The message to be read here is not that iMessage can’t be cracked by the government. The context of the DEA letter seems to be that they were attempting to intercept text messages, noticed some messages missing, and realized it was iMessages that weren’t going through the carrier. Because iMessages go through Apple and are encrypted, the DEA was not equipped to intercept those messages.

Federal agencies have had a longer time to adapt to people’s use of SMS. They’ve had more time to work with mobile carriers on implementing systems for intercepting text messages. iMessage is still a fairly new protocol that has been rising in popularity since its release in 2011. Government agencies looking to intercept conversations will continue to see more and more of them happening on iMessage, and in turn have an increased interest in decrypting them. Rather than working with carriers, who are traditionally responsible for handling SMS, law enforcement will likely need to start working with Apple if they want to intercept iMessage conversations. And while Apple isn’t generally known for unnecessarily disclosing information about the company or its customers, their privacy policy does state that they may need to disclose personal information if required by law.

With the current state of things, communication over iMessage is definitely a safer bet than SMS if you’re hoping for your communications to remain confidential. This doesn’t mean that the government is incapable of decrypting the messages, or that they won’t be able to acquire these messages from Apple with a warrant. iMessage is a wonderful system that greatly enhances messaging on iOS devices and is quite sufficient for the vast majority of users. But at the end of the day, if you’re dealing with extremely sensitive information such that you’re worried about the government intercepting your communications, your best bet will be looking for a system that doesn’t require you to blindly trust a third party with handling all of the encryption.

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at POSSIBLE Mobile. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts

 

-
loading...
-
loading...
-
loading...
-
loading...

← Previously

How to remedy a bad Home button or Power button on iPhone using Assistive Touch

Next up →

T-Mobile USA releases carrier update to bring LTE to unlocked iPhone 5s

Reader comments

What the DEA really said about iMessages, and what it means to you

12 Comments

That's pretty much what I suspected. I never once believed they couldn't get iMessages, but it makes sense how they missed them. That will change very soon.

Well the government will have to keep up with technology. Things are changing swift. So in order to help with their cases they have to be on top of these type of technology.

The government is slow to keep up with itself, much less technology. Sticking with the iPhone and iMessage.

I'm glad the government is slow in keeping up with technology and unable to impede on my private text messages. I hope that Apple tells the government to shove it.

Re: "But is it possible that we’re giving a little too much credit to the DEA when they say iMessages are “impossible to intercept”?"

This is the only possible thing the DEA could say about iMessage.

The DEA can't say "Yes, we've cracked iMessage. We can and will use iMessages as evidence against criminals in court." Because the bad guys would go back to some other non-electronic form of communication that would be harder to intercept. Or they could use code words in their iMessage texts, etc. so all the DEA would see after decrypting the messages would be "The sky is blue" or "Bingo" or other non-sequiturs.

By saying that iMessage is un-crackable, the DEA may be able to trick dumber criminals (the vast majority?) into using it to send each other details about whatever crimes they're doing. The bad guys could get lazy, thinking that their crime-related iMessages are secure.

If iMessage really is secure, the DEA may eventually be able to crack it. Or maybe they could convince Apple to build a backdoor into the iMessage encryption algorithm later. Either way, it benefits the DEA to get criminals to use iMessage.

ipgmail is an excellent way to encrypt both your E-mail and messages on the iPhone. It's cheap and it's easy to use.