End-to-End iMessages and Mud Puddles

Building off of Matthew Green’s discussion of public key cryptography and Apple’s iCloud service in 2012, Julian Sanchez wrote about doubts that Apple’s iMessage service was really as secure as the DEA claimed (or rather complained).

Given Apple’s announcement today about their use of end-to-end encryption throws some of his assumptions into doubt. Matthew Green’s follow-up post on the matter is worth reading, because whether the end-to-end encryption Apple uses for iMessage is really unbreakable depends on how Apple distributes the keys. He reminds us as well that even if the message’s content is encrypted, Apple or similar provider still has access to all the metadata, such as the recipient, date stamp, etc.

If Apple is telling the truth about not having any ability to decrypt the messages, then whenever you login to iCloud from any device (or user account on OS X), your device should be creating a unique set of keys and sending the public one to the iCloud server where other registered iCloud users (or rather their iMessage clients) can find it.

Sanchez initially doubted the system worked that way because of the hypothetical “mud puddle” case Green used in his earlier post. If you destroy your phone (by dropping it in a muddy puddle), can you get the data back by logging into iCloud? If so, then Apple has the master key to all your data. Green’s 2012 post only concerned data stored in the iCloud servers, and it’s indeed true that Apple (assuming it encrypts the data on its servers and not just in transit) holds the “master” decryption key. However, it is not clear iMessages or Facetime calls are recorded or otherwise retained on the servers; and even if they are, they may be encrypted with a private key that only lives on your iOS device or OS X machine.

If you destroy your iPhone or iPad, you cannot retrieve your old iMessages simply by logging into iCloud via the web or a new iOS device. You can’t access iMessage at all through the iCloud website. My friends have lost their phones and consequently all their iMessages/texts. They were only able to get them back by restoring the device from a backup, which may exist in iCloud or your local machine (I prefer to back up my iPhone and iPad locally).

Another good question would be whether iMessages on iOS devices or OS X machines are stored/archived in encrypted or plaintext form? To save processor time (and hence reduce power usage), I imagine they might indeed be stored as plaintext on a user’s personal device.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: