Yesterday you may or may not have heard of a report by Quarkslab that essentially claimed that Apple had the ability to intercept iMessages and decrypt them anytime they wanted. Considering everyone is up in arms right now about the NSA right now, Apple was quick to throw this report to ground essentially disputing the claim entirely and stating that its end-to-end encryption was so secure that even Apple itself can’t decrypt it.
Quarkslab of course disagrees and said “Apple can read your iMessages if they choose to, or if they are required to do so by a government order.”
The reason being is because Apple controls the keys used to encrypt iMessages between the sender and recipient. As such it could very easily use a “man-in-the-middle attack” on the two making the sender believe they are chatting with the recipient securely while in reality text can be changed and the conversation can be reviewed.
According to Apple, however, doing so would require them to re-engineer the iMessage system.
In a statement obtained by AllThingsD this is what Apple had to say about Quarkslab’s findings:
iMessage is not architected to allow Apple to read messages. The research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.
It would be naive to think that Apple wasn’t at least approached by the government at some point, so is Apple monitoring your iMessages?
That comes down to whether you trust Apple or not. The bottom line is Quarkslab made it clear it isn’t saying Apple reads your iMessages.
What they are saying is Apple can read your iMessages if they choose to, or if they are required to do so by a government order.
Update #1: Now there is a video demo of Quarkslab intercepting, reading and changing the content of iMessages between two iPhones.