Apple's iMessage encryption trips up feds' surveillance

http://news.cnet.com/8301-13578_3-57577887-38/apples-imessage-encryption-trips-up-feds-surveillance/

 

I really wish this forum allowed some *mild* policy discussion...you can't really talk about this post without it. Tiptoeing: BoooHooo, get a warrant and use other investigative techniques to make your case. If a chat log is all you have, you're in trouble right off the bat. The belief that governments must "know all" is INSANE! It's FUD to infringe on your diety given right to privacy.

PD

 

I will have to find the link again but I was reading else where stating that Apple DOES have access to messages and they are only encrypted with Apples "Global Key". Which would mean apple can decrypt message (similar to BlackBerry without a BES). From what limited documentation I've seen it's something like this:

senders message --> Encrypted with Apples public key ---> Apple ---> Message rencrypted with receipients public key.

I honestly wouldn't supprised with this as Apple brags about "iPhone Data protection" even which is also useless security. As some one that works with mobile forensics everyday I can say iPhones are the easiest phones to pull data off of even with passwords on the lockscreen.

 

Super good point. I've never "Appled" but have always been circumspect at their encryption by just knowing how it's "supposed" to work. Just like Skype - Have you ever had to enter a different pass for every new installation? Nope...and that's a problem Wouldn't be surprised if this was to drive people TOWARD iMessage, LOL. Nah, that would be paranoid

PD

 

I'm sorry, but that's just not true. Apple has gone full force into enterprise sales with a vengeance. Hospitals, Warehouses, Airlines, it goes on and on. They can't do that without top-notch security, and nobody would put up with a "master key." It would ruin the enterprise business completely if they were to get caught on that one.

As for 4-digit pin protection, nobody claims that it is anything beyond casual security. However, surely people are aware now that iOS devices can be protected with enterprise-level, high security AES encryption simply by enabling it in settings - and the 4-digit pin is gone replaced with professional hardware AES encryption and a passcode length of your choice. If the correct passcode is not entered within ten tries (it is configurable), the iOS device will immediately erase all data. Imaging of the device will provide nothing as the encryption keys are handled with a hardware-based processor.

Better yet, read for yourself direct from Apple. Here is the iOS security and encryption measures described in the official iOS Security Guide:
images.apple.com/iphone/business/docs/iOS_Security_Oct12.pdf

Technology Review has a good read as well:
http://www.technologyreview.com/news/428477/the-iphone-has-passed-a-key-security-threshold/

And if someone tells you that all one has to do is jailbreak an iOS device and the encryption is gone, tell them to check their facts. iOS uses AES-256 and it is hardware-based encryption. Jailbreaking does nothing for the encryption - unless, just like a real-world safe, someone already has access.

 

I'm not a big Apple fan, but just because a company offers a security feature doesn't necessarily translate to consumers utilizing it. So would you say the base protection for the default iPhone configuration is adequate? The reason I ask, is that most of the folks I known that are iPhone users are not super users so they use the device as is. I've done some work to harden my parents iPhones, but nothing as extensive as what you've listed. Something I'll look into.

 

Odd bug affecting Apple’s iMessage, deleting last word of users’

http://venturebeat.com/2013/04/26/odd-bug-affecting-apples-imessage-deleting-last-word-of-users/