How’s this for mobile security? Arstechnica posted an article yesterday on the fact that Apple’s iMessage encryption is proving to be a huge challenge for the FBI. Here’s a quick except from the article:
The CNET report cited an internal government document discussing a criminal investigation in February. It warned that because of the encryption, “it is impossible to intercept iMessages between two Apple devices” even when agents have obtained a court order. The Drug Enforcement Agency “Intelligence Note” said iMessage stymied the ability to perform real-time electronic surveillance under federal wiretap statutes. Text messages already obtained from Verizon Wireless were incomplete because the investigation target used the Apple service. “It became apparent that not all text messages were being captured.”
CNET originally covered the issue and included a link to Johns Hopkins research professor Matt Green’s blog post. Green, a cryptographer, contends that iMessage is very widely used, very complicated and “that the full protocol has never been published by Apple or vetted by security experts.”
Why are those three items important?
According to Green, complication means “lots of places for things to go wrong.” The fact that the protocol has not been vetted by experts means nobody outside of Apple really understands the potential threats, flaws or whether or not Apple themselves can access the information. The fact that iMessage is so widely used (millions of users) simply compounds the urgency and cost of the potential security flaws.