Companies like Microsoft and Apple are becoming a bit more stern when it comes to government requests for data from consumers devices. However, a new report is showing that Apple may have a flaw in the way their entire iMessage encryption system is set up, which could allow for easy wiretapping.
“This centralized approach to key management isn’t necessarily a problem, and is the same process that other encrypted messaging services use,” according to Wired.
“Signal, developed by Open Whisper Systems, also makes a user’s device connect to a central server of keys, Nicholas Weaver a senior researcher from the International Computer Science Institute, told WIRED in an email. However, as pointed out by Weaver in a recent post on the Lawfare Blog, it is impossible for an iMessage user to make sure that the Apple server has provided them with the right set of encryption keys.”
Weaver believes that iMessage is still “backdoor enabled” by design which could mean that Apple servers could send an additional encryption key to the FBI and it’s not the first time this “flaw” has been revealed.
“Indeed,this was highlighted by researchers as far back as 2013, and Matthew Green, assistant professor at Johns Hopkins University also previously laid out a similar case,” according to the report.
Wired‘s Joseph Cox says that the solution to the “flaw” is to let the users verify their encryption keys. Cox says with Signal, “users can hit a ‘Verify Identity’ button and the app will display their key fingerprint.” It’s becoming pretty hard to keep your personal information properly encrypted but this could be a simple fix to Apple’s minor security flaw.
Read the full story.