The way I understand it, even with MIM attacks, iMessages are not decipherable, at least not easily. The FBI/NSA/CIA can put whatever stations they want in-between,but the messages are secure END TO END. The memo noted that they only have some success reading the texts when one of the parties is not on iMessage.
That's because when one of the parties isn't using iMessage, it's just going as a regular SMS message.
But, the whole point of the MIM attack is to be both "ends" without the target ends knowing it.
BBM uses it too, but the big difference here it seems is that Apple's iMessage servers don't actually keep any unencrypted data on them. That's my guess anyways given the fact that, even with a warrant, it's difficult to get ahold of the messages. Whereas, with BBM, governments have been able to put pressure on RIM/BlackBerry to get ahold of data.
Correct. Apple does not hold onto iMessage data and even if it did, it's encrypted. iMessages are encrypted on the device before transmission, with keys stored on the devices, not in the cloud or in any other infrastructure controlled by Apple or the carrier.
I tend to stay away from dangerous legal drugs, such as alcohol and prescription drugs, which are real killers, so only illegal stuff for me!
It is funny how we select what is legal and what isn't. However I don't feel like it's a bad thing that we have an agency like the DEA and I have no issue with someone feeling my junk at the airport as long as my plane doesn't explode in the air. The size of our government however has become insane.
Correct. Apple does not hold onto iMessage data and even if it did, it's encrypted. iMessages are encrypted on the device before transmission, with keys stored on the devices, not in the cloud or in any other infrastructure controlled by Apple or the carrier.
according to the source article:
"Apple has disclosed little about how iMessage works, but a partial analysis sheds some light on the protocol. Matthew Green, a cryptographer and research professor at Johns Hopkins University, wrote last summer that because iMessage has "lots of moving parts," there are plenty of places where things could go wrong. Green said that Apple "may be able to substantially undercut the security of the protocol" -- by, perhaps, taking advantage of its position during the creation of the secure channel to copy a duplicate set of messages for law enforcement."
LOL ive been hearing about this kind of stuff lately. Like the database centers being built around the United States to store all the data recieved from social networking sites like facebook. I can bet that this 'data' that is being 'encrypted' and shielded from the government will likely be sold, for dollars, to them. And they will pay for it. That will be the beginning to the end of freedom.
This is classic government trolling. If the DEA REALLY had a hard time reading messages do you think they would make that publicly known?
Everyone needs to remember context.
Yep
Quote:
Originally Posted by ElectroTech
The real message here is: DEA want you bad guys out there to use iPhones because we have the ability to trace your location with your iMessages because we have decrypted both now.
Agreed
Quote:
Originally Posted by MacBook Pro
Except that this note wasn't intended for the public.
There's 2 sides to this coin: They're referring to a wiretap warrant, which only allows them get in the middle and listen to/capture data as it's being passed along. This is an easy warrant to obtain and no real evidence is needed first, just probable cause and only applies to telecom providers. It's used to get the additional evidence needed so that a search warrant can then be obtained (they want to catch drug dealers with real drugs, not words talking about drugs-message content as evidence for conviction only applies to charges like racketeering or conspiracy). Since the encryption keys are only known by the sending/receiving devices, the data can't be decoded. Apple servers just look at it's header file which identifies what device it's from/to for routing, appleID (unencrypted and easy to capture) and also includes a auth token to verify it as a genuine Apple device which is new enough to run iMessage (this is why the Lion Beta version no longer works). The encryption key handshake is no different in practice than a VPN connection, and DEA would have same "frustrations" since unencrypted data can only exist at the two endpoints, and not in between. However, if the DEA can still get enough evidence to be able to obtain a search warrant for the person in question, iMessage and iPhone is then DEA's best friend. History of every iMessage the user sent and received is saved locally on all their Apple device, even those from before they ever got a wiretap warrant going. iPhone will also have recorded the users geographical location allowing them to also know where they have been and when they were there. So I'm sure they would have no problem with drug dealers iMessaging like crazy at every "business" location or kingpin's honeycomb hideout they may visit. What may or may not be available on Apple's servers doesn't really matter. There'd be no benefit for them to get a warrant to obtain info from Apple direct because it wouldn't qualify as a wiretap warrant and there's probably no drugs inside their servers, so at that point in the investigation they could just get even more/better info by searching the suspects devices instead, at which point even if no drugs are found, they can still use all that info to start working on whoever the dealer's dealer is, and so on.
As I guessed earlier in the thread the DEA note refers to legal issues with accessing iMessages, not an inability to de-crypt them. When the Communications Assistance for Law Enforcement Act (CALEA) was enacted back in 1994 it required carriers and broadband companies to allow law enforcement to access users communications including text messages during an official investigation. As the law was written at the time it didn't anticipate an encrypted iMessage service that would bypass the carriers.
So the DEA isn't saying whether or not it has the ability to read iMessages if they have access to them. They're saying they're [B]not permitted[/B] to access them under the law, at least using their standard legally permissible wiretap authority.
The AI writer was confused, misunderstanding (?) what he had read.
As I guessed earlier in the thread the DEA note refers to legal issues with accessing iMessages, not an inability to de-crypt them. When the Communications Assistance for Law Enforcement Act (CALEA) was enacted back in 1994 it required carriers and broadband companies to allow law enforcement to access users communications including text messages during an official investigation. As the law was written at the time it didn't anticipate an encrypted iMessage service that would bypass the carriers.
So the DEA isn't saying whether or not it has the ability to read iMessages if they have access to them. They're saying they're not permitted to access them under the law, at least using their standard legally permissible wiretap authority.
The AI writer was confused, misunderstanding (?) what he had read.
Ya I said that waaayy earlier in all this. Apple isn't a telecom company so those rules don't apply to them. Not that I like tooting my own horn but...Toot Toot! ????
As I guessed earlier in the thread the DEA note refers to legal issues with accessing iMessages, not an inability to de-crypt them. When the Communications Assistance for Law Enforcement Act (CALEA) was enacted back in 1994 it required carriers and broadband companies to allow law enforcement to access users communications including text messages during an official investigation. As the law was written at the time it didn't anticipate an encrypted iMessage service that would bypass the carriers.
So the DEA isn't saying whether or not it has the ability to read iMessages if they have access to them. They're saying they're not permitted to access them under the law, at least using their standard legally permissible wiretap authority.
The AI writer was confused, misunderstanding (?) what he had read.
Ya I said that waaayy earlier in all this. Apple isn't a telecom company so those rules don't apply to them. Not that I like tooting my own horn but...Toot Toot! ????
Sounds good to me. F*ck Big Brother, the DEA, the American Government and all those other peepers that infringe upon our freedom.
Fascism is still a bad thing AFAIK.
A high-tech subset (or probably more superset?) of the the Drug Wars: The Government's "War on Privacy."
The basic question at issue is simply (and simply at odds with the whole notion of the Bill of (CITIZENS') Rights IMHO) this:
As what we do becomes more observable/recordable because of techonology, does the GOV'T have RIGHTS that trump our personal, constitutional ones as long as the expectation is they can better fight "crime," "terrorism" or whatever they've taken on "the right to fight"...???
The line in the sand that shouldn't have been crossed is when the US Government started intercepting all your emails and phone calls directly at the carriers and recording/searching them. When no one said anything about this and not one of you freedom loving yanks decided to fight it, it was a given that it would spread.
That's how fascism works. You have to fight it when someone takes away your liberty even in a technical sense, because if you don't, then the government just takes away more and more and more ...
If Apple's servers haven't already been compromised, it's only a matter of time until Uncle Sam sets up one of those little "monitoring rooms" they have at each carrier, in every iCloud facility as well because despite all the talk, Americans don't actually seem to care about personal liberty and freedom anymore.
I mean 911 wasn't even that long ago and already the only section of the US constitution that hasn't been abrogated is the one that says you can buy assault weapons in the parking lot at WalMart. :rolleyes:
Comments
Quote:
Originally Posted by sessamoid
The way I understand it, even with MIM attacks, iMessages are not decipherable, at least not easily. The FBI/NSA/CIA can put whatever stations they want in-between,but the messages are secure END TO END. The memo noted that they only have some success reading the texts when one of the parties is not on iMessage.
That's because when one of the parties isn't using iMessage, it's just going as a regular SMS message.
But, the whole point of the MIM attack is to be both "ends" without the target ends knowing it.
Quote:
BBM uses it too, but the big difference here it seems is that Apple's iMessage servers don't actually keep any unencrypted data on them. That's my guess anyways given the fact that, even with a warrant, it's difficult to get ahold of the messages. Whereas, with BBM, governments have been able to put pressure on RIM/BlackBerry to get ahold of data.
Correct. Apple does not hold onto iMessage data and even if it did, it's encrypted. iMessages are encrypted on the device before transmission, with keys stored on the devices, not in the cloud or in any other infrastructure controlled by Apple or the carrier.
Yet China has no problem with it. That's the land of the free for you!
Quote:
Originally Posted by Apple ][
I enjoy smoking weed sometimes.
I tend to stay away from dangerous legal drugs, such as alcohol and prescription drugs, which are real killers, so only illegal stuff for me!
It is funny how we select what is legal and what isn't. However I don't feel like it's a bad thing that we have an agency like the DEA and I have no issue with someone feeling my junk at the airport as long as my plane doesn't explode in the air. The size of our government however has become insane.
Perhaps the posters can spot a troll, ahead of sarcasm any day of the week?
according to the source article:
"Apple has disclosed little about how iMessage works, but a partial analysis sheds some light on the protocol. Matthew Green, a cryptographer and research professor at Johns Hopkins University, wrote last summer that because iMessage has "lots of moving parts," there are plenty of places where things could go wrong. Green said that Apple "may be able to substantially undercut the security of the protocol" -- by, perhaps, taking advantage of its position during the creation of the secure channel to copy a duplicate set of messages for law enforcement."
Except that this note wasn't intended for the public.
Quote:
Originally Posted by Quibell
This is classic government trolling. If the DEA REALLY had a hard time reading messages do you think they would make that publicly known?
Everyone needs to remember context.
Yep
Quote:
Originally Posted by ElectroTech
The real message here is: DEA want you bad guys out there to use iPhones because we have the ability to trace your location with your iMessages because we have decrypted both now.
Agreed
Quote:
Originally Posted by MacBook Pro
Except that this note wasn't intended for the public.
Double bluff.
Originally Posted by rickag
Woohoo, security by obscurity.
2 (was it 5?) billion message sent PER DAY.
What fantasy land do you live in that this is "obscure"?
What?
There's 2 sides to this coin: They're referring to a wiretap warrant, which only allows them get in the middle and listen to/capture data as it's being passed along. This is an easy warrant to obtain and no real evidence is needed first, just probable cause and only applies to telecom providers. It's used to get the additional evidence needed so that a search warrant can then be obtained (they want to catch drug dealers with real drugs, not words talking about drugs-message content as evidence for conviction only applies to charges like racketeering or conspiracy). Since the encryption keys are only known by the sending/receiving devices, the data can't be decoded. Apple servers just look at it's header file which identifies what device it's from/to for routing, appleID (unencrypted and easy to capture) and also includes a auth token to verify it as a genuine Apple device which is new enough to run iMessage (this is why the Lion Beta version no longer works). The encryption key handshake is no different in practice than a VPN connection, and DEA would have same "frustrations" since unencrypted data can only exist at the two endpoints, and not in between. However, if the DEA can still get enough evidence to be able to obtain a search warrant for the person in question, iMessage and iPhone is then DEA's best friend. History of every iMessage the user sent and received is saved locally on all their Apple device, even those from before they ever got a wiretap warrant going. iPhone will also have recorded the users geographical location allowing them to also know where they have been and when they were there. So I'm sure they would have no problem with drug dealers iMessaging like crazy at every "business" location or kingpin's honeycomb hideout they may visit. What may or may not be available on Apple's servers doesn't really matter. There'd be no benefit for them to get a warrant to obtain info from Apple direct because it wouldn't qualify as a wiretap warrant and there's probably no drugs inside their servers, so at that point in the investigation they could just get even more/better info by searching the suspects devices instead, at which point even if no drugs are found, they can still use all that info to start working on whoever the dealer's dealer is, and so on.
So the DEA isn't saying whether or not it has the ability to read iMessages if they have access to them. They're saying they're [B]not permitted[/B] to access them under the law, at least using their standard legally permissible wiretap authority.
The AI writer was confused, misunderstanding (?) what he had read.
Ya I said that waaayy earlier in all this. Apple isn't a telecom company so those rules don't apply to them. Not that I like tooting my own horn but...Toot Toot! ????
Ya I said that waaayy earlier in all this. Apple isn't a telecom company so those rules don't apply to them. Not that I like tooting my own horn but...Toot Toot! ????
A high-tech subset (or probably more superset?) of the the Drug Wars: The Government's "War on Privacy."
The basic question at issue is simply (and simply at odds with the whole notion of the Bill of (CITIZENS') Rights IMHO) this:
As what we do becomes more observable/recordable because of techonology, does the GOV'T have RIGHTS that trump our personal, constitutional ones as long as the expectation is they can better fight "crime," "terrorism" or whatever they've taken on "the right to fight"...???
Amen.