Apple's iMessage encryption trips up feds' surveillance

Discussion in 'privacy general' started by treehouse786, Apr 5, 2013.

Thread Status:
Not open for further replies.
  1. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
  2. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I really wish this forum allowed some *mild* policy discussion...you can't really talk about this post without it. Tiptoeing: BoooHooo, get a warrant and use other investigative techniques to make your case. If a chat log is all you have, you're in trouble right off the bat. The belief that governments must "know all" is INSANE! It's FUD to infringe on your diety given right to privacy.

    PD
     
  3. x942

    x942 Guest

    I will have to find the link again but I was reading else where stating that Apple DOES have access to messages and they are only encrypted with Apples "Global Key". Which would mean apple can decrypt message (similar to BlackBerry without a BES). From what limited documentation I've seen it's something like this:

    senders message --> Encrypted with Apples public key ---> Apple ---> Message rencrypted with receipients public key.

    I honestly wouldn't supprised with this as Apple brags about "iPhone Data protection" even which is also useless security. As some one that works with mobile forensics everyday I can say iPhones are the easiest phones to pull data off of even with passwords on the lockscreen.
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Super good point. I've never "Appled" but have always been circumspect at their encryption by just knowing how it's "supposed" to work. Just like Skype - Have you ever had to enter a different pass for every new installation? Nope...and that's a problem :D Wouldn't be surprised if this was to drive people TOWARD iMessage, LOL. Nah, that would be paranoid :D

    PD
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I'm sorry, but that's just not true. Apple has gone full force into enterprise sales with a vengeance. Hospitals, Warehouses, Airlines, it goes on and on. They can't do that without top-notch security, and nobody would put up with a "master key." It would ruin the enterprise business completely if they were to get caught on that one.

    As for 4-digit pin protection, nobody claims that it is anything beyond casual security. However, surely people are aware now that iOS devices can be protected with enterprise-level, high security AES encryption simply by enabling it in settings - and the 4-digit pin is gone replaced with professional hardware AES encryption and a passcode length of your choice. If the correct passcode is not entered within ten tries (it is configurable), the iOS device will immediately erase all data. Imaging of the device will provide nothing as the encryption keys are handled with a hardware-based processor.

    Better yet, read for yourself direct from Apple. Here is the iOS security and encryption measures described in the official iOS Security Guide:
    images.apple.com/iphone/business/docs/iOS_Security_Oct12.pdf

    Technology Review has a good read as well:
    http://www.technologyreview.com/news/428477/the-iphone-has-passed-a-key-security-threshold/

    And if someone tells you that all one has to do is jailbreak an iOS device and the encryption is gone, tell them to check their facts. iOS uses AES-256 and it is hardware-based encryption. Jailbreaking does nothing for the encryption - unless, just like a real-world safe, someone already has access.
     
  6. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    I'm not a big Apple fan, but just because a company offers a security feature doesn't necessarily translate to consumers utilizing it. So would you say the base protection for the default iPhone configuration is adequate? The reason I ask, is that most of the folks I known that are iPhone users are not super users so they use the device as is. I've done some work to harden my parents iPhones, but nothing as extensive as what you've listed. Something I'll look into.
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Odd bug affecting Apple’s iMessage, deleting last word of users’
    http://venturebeat.com/2013/04/26/odd-bug-affecting-apples-imessage-deleting-last-word-of-users/
     
Loading...
Thread Status:
Not open for further replies.