What’s the deal with iMessage? Apple can hack iMessage’s end-to-end encryption to gain access to user content. It is obvious that messages can be encrypted at the end or not. Is this not the whole point?
Despite the messages being encrypted at the end, Apple can still access iMessage content. Forbes reported that Apple can decrypt and give iMessages to law enforcement if required.
Many argue that it is justified to break end-to-end encryption in order to assist law enforcement. However, any spare key or backdoor can be a security vulnerability. Either the content is encrypted at all ends or it’s not. It’s that easy. This is the current debate between tech and governments about the future of encryption.
ESET’s Jake Moore warns that iMessage users might mistakenly believe their communications are private. However, access can be granted from only with a backup. This could lead to the platform losing its effectiveness in protecting privacy. Privacy is a key feature of messaging platforms, but access to backdoors can be granted from only a few span>
Signal, unlike iMessage can’t provide user content. However, it can be requested forcibly by governments and agencies. WhatsApp’s encryption cannot be broken, but backups of WhatsApp chats are available in the cloud.
Immersive Labs’ Sean Wright questions, “Who controls those with access to the backdoor?” “How can we make sure it’s not misused?” How transparent is the process?
Apple is a complex situation. You can make Apple’s access to your iMessages impossible by changing a single setting on your phone. This greatly improves the security of your private information.
Cloud backups are the problem. WhatsApp users have the ability to enable or disallow a cloud backup in order to recover their chat history if their phone is lost or stolen. These backups do not violate the platform’s encryption. This may be fixed in a future release. For now, the only solution is to disable backups.
Apple confirmed that it retains the encryption keys for [iCloud] in its U.S. data centres. If there is probable cause or customer consent span>, the search warrant may allow for access to customer’s iCloud content.
This doesn’t occur if there isn’t an iMessage encryption key stored in the data centre.
iMessage is more complicated than WhatsApp. Apple users can use ” Messages within iCloud,” which allows seamless, synchronized messaging among all of their devices. This works by using iCloud for syncing. It allows g devices to be added to or reconnected to catch up.
There are other messengers that allow multiple device access, but none of them are as well-designed as iMessage. Telegram, Facebook Messenger, and Android Messages all do this without encryption. Signal doesn’t sync between devices – a linked device can only receive messages while it is linked. It can’t sync chat history from the past.
iMessage not only gives users the same view wherever you use iMessage, but also provides full encryption to your messaging to protect your messages even if iCloud is being used.
There’s a problem. Apple will save a copy of the iMessage encryption key in your backup if you enable generic iCloud Backup. It’s similar to locking your front door and leaving the key visible on a hook inside. Pointless.
Apple will give you a new iMessage encryption key. It will be generated on your device and will protect future messages. Just like Signal, if someone calls for your content it will not be available.
What’s the generic iCloud backup? If you use iCloud to sync your photos and media purchases, the backup consists mainly of data from apps that don’t have cloud syncing options. It also includes your device settings, home screen layouts, and other information.
This general backup was required to transfer to a new iPhone in the past. However, a direct does the job perfectly. It is not necessary to “restore from iCloud Backup”.
This is a feature that only iMessage provides–essentially a backup protected by the platform’s end-to–end encryption, allowing seamless access to multiple devices.
Disabling the generic iCloud backup is only possible if your phone is lost. That’s the security tradeoff you will need to make.
However, it is binary from a security perspective when it comes to end-to-end encrypted messages. It is either private between the parties or it isn’t. I will always recommend that you use a messenger that doesn’t compromise your privacy. You can switch to Signal or WhatsApp if you don’t wish to disable the iCloud backup.
Wright warns that if you implement backdoors, criminals will just come up with new services, without these backdoors. This could put the privacy of law-abiding citizens at risk.
Moore states that law enforcement relies on physical access to devices to retrieve evidence in most crimes these days. However, Moore claims that everyone has access to encrypted messaging and end-to-end encryption. It is clear that anyone with your phone number and passcode can access any message on the device regardless of platform.
You run the risk of having your data compromised if someone gets hold of it. This is different from “over-the-air” interception, or backdoor access via cloud backups. You will not know you were compromised.
You can disable iCloud backups, or consider iMessage less secure than device-server/device secure messaging apps. Instead, opt for Signal. WhatsApp with no cloud backups is still more secure than iMessage with iCloud enabled.
Cyjax CISO Ian Thornton Trump warns that it is foolish to ask people for more security when it comes to sensitive data protection. “This cognitive dissonance in data security undermines the government’s ability to protect people.”
Binary encryption is end-to-end encryption. Either it is, or it’s not. All three of the services that encrypt traffic between servers and devices, including Telegram, Facebook Messenger, and Google’s RCS are encrypted by Telegram and Facebook Messenger. We recommend other options, however, as this isn’t end to end. It doesn’t matter if Apple has a copy your iMessage encryption keys.