Apple can access your encrypted iMessages

Apple is not able to read messages sent between devices through iMessages but it is still able to access data in the backups.

Let’s do a summary of previous events, following the Snowden‘ revelation of the global surveillance programs operated by the NSA the IT giants reacted defending their business and announcing the defense of the privacy of their customers.

IT giants started implementing end-to-end encryption for their solution in an attempt to protect their clients, on the other side the US Government and law enforcement admitted the impossibility to overwhelm the new solutions implemented by the firms and asked them to change the route.

Hillary Clinton Hillary Clinton calls tech companies to work on a new Manhattan Project for Encryption, hoping in a voluntary collaboration offered by the firms in providing back doors to their systems, but IT giants have already expressed their opposition.

The FBI Director James Comey called for tech companies currently providing users with end-to-end encryption to review “their business model” and stop implementing it.

Now the media are focusing their attention on the Apple’s iMessage service, the IT giants always highlighted that it can’t read messages sent between its devices due to the implementation of end-to-end encryption.

“If the government laid a subpoena to get iMessages, we can’t provide it,” Apple CEO Tim Cook told Charlie Rose back in 2014. “It is encrypted, and we do not have a key.”

But beware, there is a trick to gain access to the data of the unaware users whose data are stored on the servers of the company in plain text.

Users that have enabled iCloud Backup have to know that the copies of all their messages, photos and other sensitive data on their device, are encrypted on iCloud using a key managed by Apple.

Users can disable the backup feature in any moment but are cannot encrypt iCloud backups to prevent unauthorized access.

As explained by the colleagues at THEHACKER NEWS, encrypted locally backup is allowed by using iTunes.

“Yes, it is possible to do encrypted non-cloud backups locally through iTunes, though it isn’t always a so obvious choice to average users.” reported THN.

Under this condition, it is still possible for law enforcement to access user data by asking Apple access to the backup.

“Your iMessages and FaceTime calls are your business, not ours. Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode. Apple has no way to decrypt iMessage and FaceTime data when it’s in transit between devices. So unlike other companies’ messaging services, Apple doesn’t scan your communications, and we wouldn’t be able to comply with a wiretap order even if we wanted to. While we do back up iMessage and SMS messages for your convenience using iCloud Backup, you can turn it off whenever you want. And we don’t store FaceTime calls on any servers.” reads the Apple’s Privacy page

If you want to protect your data from prying eyes:

Backup your personal data locally through Apple’s iTunes.
Turn off iCloud Backup. Go to Settings → iCloud → Storage & Backup → iCloud Backup.

Pierluigi Paganini

(Security Affairs – iMessage, end-to-end-encryption)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.