or Connect
AppleInsider › Forums › Mobile › iPhone › US DEA upset it can't break Apple's iMessage encryption
New Posts  All Forums:Forum Nav:

US DEA upset it can't break Apple's iMessage encryption - Page 2

post #41 of 62
Quote:
Originally Posted by sessamoid View Post

The way I understand it, even with MIM attacks, iMessages are not decipherable, at least not easily. The FBI/NSA/CIA can put whatever stations they want in-between,but the messages are secure END TO END. The memo noted that they only have some success reading the texts when one of the parties is not on iMessage.

 

That's because when one of the parties isn't using iMessage, it's just going as a regular SMS message.

 

But, the whole point of the MIM attack is to be both "ends" without the target ends knowing it.

post #42 of 62
Quote:
BBM uses it too, but the big difference here it seems is that Apple's iMessage servers don't actually keep any unencrypted data on them.  That's my guess anyways given the fact that, even with a warrant, it's difficult to get ahold of the messages.  Whereas, with BBM, governments have been able to put pressure on RIM/BlackBerry to get ahold of data.

 

Correct. Apple does not hold onto iMessage data and even if it did, it's encrypted. iMessages are encrypted on the device before transmission, with keys stored on the devices, not in the cloud or in any other infrastructure controlled by Apple or the carrier.

post #43 of 62
Revised headline: Attention Potheads - New iPhone Secure Ordering!
post #44 of 62

Yet China has no problem with it.  That's the land of the free for you!

Android proves (as Windows & VHS did before it) that if you want to control people, give us choices and the belief we're capable of making them. We're all 'living' the American dream.
Reply
Android proves (as Windows & VHS did before it) that if you want to control people, give us choices and the belief we're capable of making them. We're all 'living' the American dream.
Reply
post #45 of 62
Quote:
Originally Posted by rickag View Post

Man I have to admit ther are many posters here that wouldn't recognize sarcasm if hit them on their head.

Perhaps the posters can spot a troll, ahead of sarcasm any day of the week?
post #46 of 62
Quote:
Originally Posted by verucabong View Post

Correct. Apple does not hold onto iMessage data and even if it did, it's encrypted. iMessages are encrypted on the device before transmission, with keys stored on the devices, not in the cloud or in any other infrastructure controlled by Apple or the carrier.

according to the source article:

"Apple has disclosed little about how iMessage works, but a partial analysis sheds some light on the protocol. Matthew Green, a cryptographer and research professor at Johns Hopkins University, wrote last summer that because iMessage has "lots of moving parts," there are plenty of places where things could go wrong. Green said that Apple "may be able to substantially undercut the security of the protocol" -- by, perhaps, taking advantage of its position during the creation of the secure channel to copy a duplicate set of messages for law enforcement."
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #47 of 62
Quote:
Originally Posted by Quibell View Post

This is classic government trolling. If the DEA REALLY had a hard time reading messages do you think they would make that publicly known?

Everyone needs to remember context.

Except that this note wasn't intended for the public.
post #48 of 62
LOL ive been hearing about this kind of stuff lately. Like the database centers being built around the United States to store all the data recieved from social networking sites like facebook. I can bet that this 'data' that is being 'encrypted' and shielded from the government will likely be sold, for dollars, to them. And they will pay for it. That will be the beginning to the end of freedom.
post #49 of 62
Quote:
Originally Posted by Quibell View Post

This is classic government trolling. If the DEA REALLY had a hard time reading messages do you think they would make that publicly known?

Everyone needs to remember context.

Yep

Quote:
Originally Posted by ElectroTech View Post

The real message here is: DEA want you bad guys out there to use iPhones because we have the ability to trace your location with your iMessages because we have decrypted both now.

Agreed

Quote:
Originally Posted by MacBook Pro View Post


Except that this note wasn't intended for the public.

Double bluff.

post #50 of 62
Originally Posted by rickag View Post
Woohoo, security by obscurity.

 

2 (was it 5?) billion message sent PER DAY.

 

What fantasy land do you live in that this is "obscure"?

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply

Originally Posted by asdasd

This is Appleinsider. It's all there for you but we can't do it for you.
Reply
post #51 of 62
Quote:
Originally Posted by MacBook Pro View Post

Except that this note wasn't intended for the public.

Quote:
Originally Posted by Evilution View Post

Double bluff.


What?
post #52 of 62

There's 2 sides to this coin: They're referring to a wiretap warrant, which only allows them get in the middle and listen to/capture data as it's being passed along. This is an easy warrant to obtain and no real evidence is needed first, just probable cause and only applies to telecom providers. It's used to get the additional evidence needed so that a search warrant can then be obtained (they want to catch drug dealers with real drugs, not words talking about drugs-message content as evidence for conviction only applies to charges like racketeering or conspiracy). Since the encryption keys are only known by the sending/receiving devices, the data can't be decoded. Apple servers just look at it's header file which identifies what device it's from/to for routing, appleID (unencrypted and easy to capture) and also includes a auth token to verify it as a genuine Apple device which is new enough to run iMessage (this is why the Lion Beta version no longer works). The encryption key handshake is no different in practice than a VPN connection, and DEA would have same "frustrations" since unencrypted data can only exist at the two endpoints, and not in between. However, if the DEA can still get enough evidence to be able to obtain a search warrant for the person in question, iMessage and iPhone is then DEA's best friend. History of every iMessage the user sent and received is saved locally on all their Apple device, even those from before they ever got a wiretap warrant going. iPhone will also have recorded the users geographical location allowing them to also know where they have been and when they were there. So I'm sure they would have no problem with drug dealers iMessaging like crazy at every "business" location or kingpin's honeycomb hideout they may visit. What may or may not be available on Apple's servers doesn't really matter. There'd be no benefit for them to get a warrant to obtain info from Apple direct because it wouldn't qualify as a wiretap warrant and there's probably no drugs inside their servers, so at that point in the investigation they could just get even more/better info by searching the suspects devices instead, at which point even if no drugs are found, they can still use all that info to start working on whoever the dealer's dealer is, and so on. 

post #53 of 62
As I guessed earlier in the thread the DEA note refers to legal issues with accessing iMessages, not an inability to de-crypt them. When the Communications Assistance for Law Enforcement Act (CALEA) was enacted back in 1994 it required carriers and broadband companies to allow law enforcement to access users communications including text messages during an official investigation. As the law was written at the time it didn't anticipate an encrypted iMessage service that would bypass the carriers.

So the DEA isn't saying whether or not it has the ability to read iMessages if they have access to them. They're saying they're not permitted to access them under the law, at least using their standard legally permissible wiretap authority.

The AI writer was confused, misunderstanding (?) what he had read.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #54 of 62
Quote:
Originally Posted by Gatorguy View Post

As I guessed earlier in the thread the DEA note refers to legal issues with accessing iMessages, not an inability to de-crypt them. When the Communications Assistance for Law Enforcement Act (CALEA) was enacted back in 1994 it required carriers and broadband companies to allow law enforcement to access users communications including text messages during an official investigation. As the law was written at the time it didn't anticipate an encrypted iMessage service that would bypass the carriers.

So the DEA isn't saying whether or not it has the ability to read iMessages if they have access to them. They're saying they're not permitted to access them under the law, at least using their standard legally permissible wiretap authority.

The AI writer was confused, misunderstanding (?) what he had read.

Ya I said that waaayy earlier in all this. Apple isn't a telecom company so those rules don't apply to them. Not that I like tooting my own horn but...Toot Toot! 😉
post #55 of 62
Agreed! Fascism is Fascism, plain and simple.
post #56 of 62
Quote:
Originally Posted by Gazoobee View Post

Sounds good to me. F*ck Big Brother, the DEA, the American Government and all those other peepers that infringe upon our freedom.

Fascism is still a bad thing AFAIK.

A high-tech subset (or probably more superset?) of the the Drug Wars: The Government's "War on Privacy."

The basic question at issue is simply (and simply at odds with the whole notion of the Bill of (CITIZENS') Rights IMHO) this:

As what we do becomes more observable/recordable because of techonology, does the GOV'T have RIGHTS that trump our personal, constitutional ones as long as the expectation is they can better fight "crime," "terrorism" or whatever they've taken on "the right to fight"...???

Quote:
Originally Posted by Gazoobee View Post

Indeed.  

The line in the sand that shouldn't have been crossed is when the US Government started intercepting all your emails and phone calls directly at the carriers and recording/searching them.  When no one said anything about this and not one of you freedom loving yanks decided to fight it, it was a given that it would spread.  

That's how fascism works.  You have to fight it when someone takes away your liberty even in a technical sense, because if you don't, then the government just takes away more and more and more ...

If Apple's servers haven't already been compromised, it's only a matter of time until Uncle Sam sets up one of those little "monitoring rooms" they have at each carrier, in every iCloud facility as well because despite all the talk, Americans don't actually seem to care about personal liberty and freedom anymore. 

I mean 911 wasn't even that long ago and already the only section of the US constitution that hasn't been abrogated is the one that says you can buy assault weapons in the parking lot at WalMart.  1rolleyes.gif

Amen.

An iPhone, a Leatherman and thou...  ...life is complete.

Reply

An iPhone, a Leatherman and thou...  ...life is complete.

Reply
post #57 of 62
Quote:
Originally Posted by eep357 View Post
However, if the DEA can still get enough evidence to be able to obtain a search warrant for the person in question, iMessage and iPhone is then DEA's best friend. History of every iMessage the user sent and received is saved locally on all their Apple device, even those from before they ever got a wiretap warrant going. iPhone will also have recorded the users geographical location allowing them to also know where they have been and when they were there.

 

 

Is that not just easily fixed by deleting the conversation after you are done? Just trying to follow the train of thought here. If the conversation can only be observed at the end points (devices) and not between them, wouldn't the only record of the conversations's content be on the devices? If so, if the conversation is deleted or select entries (edit>select>delete) on pith phones, doesn't that remove all data? I ask because I find it interesting that this has been around since '11 and I find it odd that's just coming to light now.

It's only after you've lost everything that you're free to do anything.

Tyler Durden | Fight Club
Reply
It's only after you've lost everything that you're free to do anything.

Tyler Durden | Fight Club
Reply
post #58 of 62
Quote:
Originally Posted by websnap View Post


Is that not just easily fixed by deleting the conversation after you are done? .... If so, if the conversation is deleted or select entries (edit>select>delete) on pith phones, doesn't that remove all data?

From the Apple Support Communities:
Deleted SMS text messages found in search
https://discussions.apple.com/thread/2585708?start=0&tstart=0
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #59 of 62
Seems like more than just iMessage has had the DEA stumped, if they resort to wholesale invasion of citizen privacy and wiretapping of everyone on the planet, only have a few weed dealers to show for it.
post #60 of 62

Question is, will Apple add GPG/PGP/ZRTP encryption to their Mail app in their signature easy-to-use way?  For it to be practical it should be ubiquitous.  Same question for other communication apps.  This is long overdue, IMHO.  

 

Apple should be making functionality like Zfone's standard, it looks like Jitsi is using some of this ZRTP technology already... 

 

See:

http://zfoneproject.com/prod_zfone.html

 

and

https://jitsi.org/index.php/Documentation/ZrtpFAQ

post #61 of 62
Quote:
Originally Posted by verucabong View Post

Correct. Apple does not hold onto iMessage data and even if it did, it's encrypted. iMessages are encrypted on the device before transmission, with keys stored on the devices, not in the cloud or in any other infrastructure controlled by Apple or the carrier.

Contrary to what was read into Apple's public statements it's been determined that Apple does have access to the contents of iMessages and can share them if required to do so by the US Government. I think this is a case of very carefully-worded Apple statements having a meaning applied to them that Apple themselves did not state even tho it may have been implied.

http://arstechnica.com/security/2013/10/contrary-to-public-claims-apple-can-read-your-imessages/
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #62 of 62

It's actually very poorly worded by Ars - Apple CAN have access (obviously, they made it) but that doesn't mean it DOES have access. Changes would have to be made for iMessages to have that capability. Can they? Yes DO they? I highly doubt it. They have too much "skin in the game" to make claims like that without backing it up.

It's only after you've lost everything that you're free to do anything.

Tyler Durden | Fight Club
Reply
It's only after you've lost everything that you're free to do anything.

Tyler Durden | Fight Club
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › US DEA upset it can't break Apple's iMessage encryption