US DEA upset it can't break Apple's iMessage encryption

13

Comments

  • Reply 41 of 66
    anonymouseanonymouse Posts: 6,857member

    Quote:

    Originally Posted by sessamoid View Post


    The way I understand it, even with MIM attacks, iMessages are not decipherable, at least not easily. The FBI/NSA/CIA can put whatever stations they want in-between,but the messages are secure END TO END. The memo noted that they only have some success reading the texts when one of the parties is not on iMessage.



     


    That's because when one of the parties isn't using iMessage, it's just going as a regular SMS message.


     


    But, the whole point of the MIM attack is to be both "ends" without the target ends knowing it.

  • Reply 42 of 66

    Quote:


    BBM uses it too, but the big difference here it seems is that Apple's iMessage servers don't actually keep any unencrypted data on them.  That's my guess anyways given the fact that, even with a warrant, it's difficult to get ahold of the messages.  Whereas, with BBM, governments have been able to put pressure on RIM/BlackBerry to get ahold of data.



     


    Correct. Apple does not hold onto iMessage data and even if it did, it's encrypted. iMessages are encrypted on the device before transmission, with keys stored on the devices, not in the cloud or in any other infrastructure controlled by Apple or the carrier.

  • Reply 43 of 66
    Revised headline: Attention Potheads - New iPhone Secure Ordering!
  • Reply 44 of 66
    mcdavemcdave Posts: 1,927member


    Yet China has no problem with it.  That's the land of the free for you!

  • Reply 45 of 66
    extremeskaterextremeskater Posts: 2,248member

    Quote:

    Originally Posted by Apple ][ View Post


     


    I enjoy smoking weed sometimes. 


     


    I tend to stay away from dangerous legal drugs, such as alcohol and prescription drugs, which are real killers, so only illegal stuff for me! image



    It is funny how we select what is legal and what isn't. However I don't feel like it's a bad thing that we have an agency like the DEA and I have no issue with someone feeling my junk at the airport as long as my plane doesn't explode in the air. The size of our government however has become insane.

  • Reply 46 of 66
    kr00kr00 Posts: 99member
    rickag wrote: »
    Man I have to admit ther are many posters here that wouldn't recognize sarcasm if hit them on their head.

    Perhaps the posters can spot a troll, ahead of sarcasm any day of the week?
  • Reply 47 of 66
    gatorguygatorguy Posts: 24,176member
    verucabong wrote: »
    Correct. Apple does not hold onto iMessage data and even if it did, it's encrypted. iMessages are encrypted on the device before transmission, with keys stored on the devices, not in the cloud or in any other infrastructure controlled by Apple or the carrier.

    according to the source article:

    "Apple has disclosed little about how iMessage works, but a partial analysis sheds some light on the protocol. Matthew Green, a cryptographer and research professor at Johns Hopkins University, wrote last summer that because iMessage has "lots of moving parts," there are plenty of places where things could go wrong. Green said that Apple "may be able to substantially undercut the security of the protocol" -- by, perhaps, taking advantage of its position during the creation of the secure channel to copy a duplicate set of messages for law enforcement."
  • Reply 48 of 66
    macbook promacbook pro Posts: 1,605member
    quibell wrote: »
    This is classic government trolling. If the DEA REALLY had a hard time reading messages do you think they would make that publicly known?

    Everyone needs to remember context.

    Except that this note wasn't intended for the public.
  • Reply 49 of 66
    f0rbes1f0rbes1 Posts: 2member
    undefined
  • Reply 50 of 66
    f0rbes1f0rbes1 Posts: 2member
    LOL ive been hearing about this kind of stuff lately. Like the database centers being built around the United States to store all the data recieved from social networking sites like facebook. I can bet that this 'data' that is being 'encrypted' and shielded from the government will likely be sold, for dollars, to them. And they will pay for it. That will be the beginning to the end of freedom.
  • Reply 51 of 66
    evilutionevilution Posts: 1,399member

    Quote:

    Originally Posted by Quibell View Post



    This is classic government trolling. If the DEA REALLY had a hard time reading messages do you think they would make that publicly known?



    Everyone needs to remember context.


    Yep


    Quote:

    Originally Posted by ElectroTech View Post



    The real message here is: DEA want you bad guys out there to use iPhones because we have the ability to trace your location with your iMessages because we have decrypted both now.


    Agreed


    Quote:

    Originally Posted by MacBook Pro View Post





    Except that this note wasn't intended for the public.


    Double bluff.

  • Reply 52 of 66
    tallest skiltallest skil Posts: 43,388member


    Originally Posted by rickag View Post

    Woohoo, security by obscurity.


     


    2 (was it 5?) billion message sent PER DAY.


     


    What fantasy land do you live in that this is "obscure"?

  • Reply 53 of 66
    macbook promacbook pro Posts: 1,605member
    Except that this note wasn't intended for the public.

    evilution wrote: »
    Double bluff.


    What?
  • Reply 54 of 66
    Is this or not the same crap that a third grader in China hacked with a DofS (which three of my lame posts vanished) or not?
  • Reply 55 of 66
    eep357eep357 Posts: 11member


    There's 2 sides to this coin: They're referring to a wiretap warrant, which only allows them get in the middle and listen to/capture data as it's being passed along. This is an easy warrant to obtain and no real evidence is needed first, just probable cause and only applies to telecom providers. It's used to get the additional evidence needed so that a search warrant can then be obtained (they want to catch drug dealers with real drugs, not words talking about drugs-message content as evidence for conviction only applies to charges like racketeering or conspiracy). Since the encryption keys are only known by the sending/receiving devices, the data can't be decoded. Apple servers just look at it's header file which identifies what device it's from/to for routing, appleID (unencrypted and easy to capture) and also includes a auth token to verify it as a genuine Apple device which is new enough to run iMessage (this is why the Lion Beta version no longer works). The encryption key handshake is no different in practice than a VPN connection, and DEA would have same "frustrations" since unencrypted data can only exist at the two endpoints, and not in between. However, if the DEA can still get enough evidence to be able to obtain a search warrant for the person in question, iMessage and iPhone is then DEA's best friend. History of every iMessage the user sent and received is saved locally on all their Apple device, even those from before they ever got a wiretap warrant going. iPhone will also have recorded the users geographical location allowing them to also know where they have been and when they were there. So I'm sure they would have no problem with drug dealers iMessaging like crazy at every "business" location or kingpin's honeycomb hideout they may visit. What may or may not be available on Apple's servers doesn't really matter. There'd be no benefit for them to get a warrant to obtain info from Apple direct because it wouldn't qualify as a wiretap warrant and there's probably no drugs inside their servers, so at that point in the investigation they could just get even more/better info by searching the suspects devices instead, at which point even if no drugs are found, they can still use all that info to start working on whoever the dealer's dealer is, and so on. 

  • Reply 56 of 66
    gatorguygatorguy Posts: 24,176member
    As I guessed earlier in the thread the DEA note refers to legal issues with accessing iMessages, not an inability to de-crypt them. When the Communications Assistance for Law Enforcement Act (CALEA) was enacted back in 1994 it required carriers and broadband companies to allow law enforcement to access users communications including text messages during an official investigation. As the law was written at the time it didn't anticipate an encrypted iMessage service that would bypass the carriers.

    So the DEA isn't saying whether or not it has the ability to read iMessages if they have access to them. They're saying they're [B]not permitted[/B] to access them under the law, at least using their standard legally permissible wiretap authority.

    The AI writer was confused, misunderstanding (?) what he had read.
  • Reply 57 of 66
    gatorguy wrote: »
    As I guessed earlier in the thread the DEA note refers to legal issues with accessing iMessages, not an inability to de-crypt them. When the Communications Assistance for Law Enforcement Act (CALEA) was enacted back in 1994 it required carriers and broadband companies to allow law enforcement to access users communications including text messages during an official investigation. As the law was written at the time it didn't anticipate an encrypted iMessage service that would bypass the carriers.

    So the DEA isn't saying whether or not it has the ability to read iMessages if they have access to them. They're saying they're not permitted to access them under the law, at least using their standard legally permissible wiretap authority.

    The AI writer was confused, misunderstanding (?) what he had read.

    Ya I said that waaayy earlier in all this. Apple isn't a telecom company so those rules don't apply to them. Not that I like tooting my own horn but...Toot Toot! ????
  • Reply 58 of 66
    gatorguy wrote: »
    As I guessed earlier in the thread the DEA note refers to legal issues with accessing iMessages, not an inability to de-crypt them. When the Communications Assistance for Law Enforcement Act (CALEA) was enacted back in 1994 it required carriers and broadband companies to allow law enforcement to access users communications including text messages during an official investigation. As the law was written at the time it didn't anticipate an encrypted iMessage service that would bypass the carriers.

    So the DEA isn't saying whether or not it has the ability to read iMessages if they have access to them. They're saying they're not permitted to access them under the law, at least using their standard legally permissible wiretap authority.

    The AI writer was confused, misunderstanding (?) what he had read.

    Ya I said that waaayy earlier in all this. Apple isn't a telecom company so those rules don't apply to them. Not that I like tooting my own horn but...Toot Toot! ????
  • Reply 59 of 66
    Agreed! Fascism is Fascism, plain and simple.
  • Reply 60 of 66
    bigpicsbigpics Posts: 1,397member
    gazoobee wrote: »
    Sounds good to me. F*ck Big Brother, the DEA, the American Government and all those other peepers that infringe upon our freedom.

    Fascism is still a bad thing AFAIK.

    A high-tech subset (or probably more superset?) of the the Drug Wars: The Government's "War on Privacy."

    The basic question at issue is simply (and simply at odds with the whole notion of the Bill of (CITIZENS') Rights IMHO) this:

    As what we do becomes more observable/recordable because of techonology, does the GOV'T have RIGHTS that trump our personal, constitutional ones as long as the expectation is they can better fight "crime," "terrorism" or whatever they've taken on "the right to fight"...???

    gazoobee wrote: »
    Indeed.  

    The line in the sand that shouldn't have been crossed is when the US Government started intercepting all your emails and phone calls directly at the carriers and recording/searching them.  When no one said anything about this and not one of you freedom loving yanks decided to fight it, it was a given that it would spread.  

    That's how fascism works.  You have to fight it when someone takes away your liberty even in a technical sense, because if you don't, then the government just takes away more and more and more ...

    If Apple's servers haven't already been compromised, it's only a matter of time until Uncle Sam sets up one of those little "monitoring rooms" they have at each carrier, in every iCloud facility as well because despite all the talk, Americans don't actually seem to care about personal liberty and freedom anymore. 

    I mean 911 wasn't even that long ago and already the only section of the US constitution that hasn't been abrogated is the one that says you can buy assault weapons in the parking lot at WalMart.  :rolleyes:

    Amen.
Sign In or Register to comment.