The inner workings of iMessage security?

This is incomplete. But hopefully of some use. https://wiki.imfreedom.org/wiki/IMessage and https://github.com/meeee/pushproxy (especially the docs section) have done some reverse engineering of apple's proprietary protocol.

Seems that every apple device has a SSL/TLS client-side cert for authentication that setup to be known to apple's push server. This is used to authenticate you as well encrypt the connection between your apple device and apple's push server. I do not see anything about retrieving public keys of users you are sending messages to; hence your message is completely readable/editable by someone at apple's servers.

To specifically answer the three questions:

  • What security technologies and protocols are used?

Standard SSL/TLS certificates. Apple's self-signed certificate uses RSA 2048-bit public key.

  • How are the messages encrypted?

SSL/TLS to encrypt the connection between the apple push server and your device.

  • Is it truly end-to-end secure? Can Apple or anyone else circumvent the encryption?

Yes. To the best of my knowledge messages are in plaintext on apple's servers.

EDIT: Aug 26th, 2013: I agree this doesn't agree with the official statement made by Apple several months after this answer was written, which stated:

For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.

We will continue to work hard to strike the right balance between fulfilling our legal responsibilities and protecting our customers’ privacy as they expect and deserve.

Personally, I don't place much trust in this statement where they got permission to report from the US government. This has nothing to do with my opinions of Apple, but mostly stems from me personally placing little trust in a closed-source proprietary protocol whose inner workings and technical details are kept secret.

Maybe the statement was entirely true, but it seems strange in terms of why are Apple iMessages allowed to be encrypted but LavaBit apparently had to shut down under gag order or secretly disclose email of people like Snowden. Would I expect Apple to suddenly stop allowing iMessages on principle under a court order they do not want to comply with?

Or it could be technically true, but fails to mention backdoors installed per gov't orders that allow them to remotely retrieve private keys from Apple devices (possibly only in the presence of a court order/gov't request). Several observers have mentioned when you get a new iOS device, once you setup your account (either by knowing your password or doing a password reset with a few low-entropy security questions) your device automatically retrieves all your past iMessages from the cloud. That implies Apple definitely has your messages and your private key stored at their end in the cloud -- granted the messages could be encrypted and your private key could be password protected (stored twice -- once with password, once with answers to security questions). Granted anyone at Apple's end frequently verifies your password (e.g., any time you log in to an Apple Store), most passwords are weak, and it wouldn't be for Apple to either log or brute-force a password.

Or it could be a completely false press release that Apple was told to release per order of the US gov't so criminals would feel safe using iMessage for illegal activities. Many observers questioned the veracity of the leaked DEA memo (as well as why would a DEA agent would leak it when it seems to tell drug dealers how to safely message without gov't intrusion).


The recent HITB conference revealed a lot of new information about iMessage. See the official blog post by the speakers.

To summarize,

  • All communications with Apple's server is done over SSL/TLS.
  • No certificate pinning is used. This means that the device can be compromised by a evil root CA certificate installed in the keychain.
  • A 256-bit ECDSA key is used for signing the message. A 1280-bit RSA key is used for encryption.
  • Key exchange is done through Apple's ESS server.

Conclusions

iMessage is surprisingly secure against conventional attackers. The amount of resources needed to subvert the encryption is large. Apple has the technical capabilities of breaking the end-to-end encryption properties of iMessage as they control the key infrastructure. Exchange the keys yourself and use GPG if you are paranoid. Nothing is very surprising.

Self plugging link, my blog where I talk more about the matter. http://www.infosecstudent.com/2013/10/apple-imessage-hitb/

Tags:

Protocols

Instant Messaging

Recent Posts