(Image: CNET)In June, Apple released a statement with more details on the number of requests it receives from government agencies for customer records (answer: about 1,000 a month). In the statement, Apple said that iMessage - which allows users to send text messages free over Wi-Fi - uses end-to-end encryption and therefore can not be deciphered by Apple:
For example, the conversations that take place on iMessage and FaceTime are protected by end-to-end encryption so no one, but the sender and the receiver can see or read. Apple cannot decrypt that data.
The claim was disproved almost immediately by security researchers, including Matthew Green, a cryptographer and a research professor at Johns Hopkins University, who wrote: "If you use the backup in iCloud service to support your iDevice, there are very good chances that Apple can access to the last days of their history of iMessage."
More recently, researchers at the Hack in the box in Kuala Lumpur Conference showed that it would be possible that someone within Apple, an employee of the rogue or one forced by the NSA to intercept iMessages.
Jailbreak iOS developer explains Cyril Cattiaux (via Macworld) "Apple has total control over this key directory public" trade in ease of use for users of transparency over the keys of the pubis. Traditional public servers (such as the MIT PGP public keyserver) allows the sender details, so when you change a password, you can decide whether or not to trust him.
Cattiaux explains:
The biggest problem here is that you simply cannot control that the public key that is used when you are encrypted the message really is the key of the recipient and not, for example, the public key from a type of Apple.
One solution would be for Apple to store public keys in a database protected in the iOS device which could be compared, according to Cattiaux. A proof of concept called MITM application protect was launched to devices jailbroken that does just that.
Is the sky falling? No, not exactly.
Paul Kocher, President and Chief Scientist of cryptography research, says Macworld "people usually can not assess or manage the risks of cloud services from data is maintained on systems that can not be audited". He will say that "it is not just criticizing Apple too since other services are no better (and most worse)".
It's simple, really. Do not say anything illegal in iMessage or Facetime and assume that the NSA is always watching it.
Aucun commentaire:
Enregistrer un commentaire