The iMessage system, like much of what Apple does, is mostly a black box. The company doesn’t talk much about how the system works, and although some security researchers found a couple years ago that Apple could read users’ encrypted messages if they so choose, law enforcement has had no luck in getting Apple to open iMessage up to eavesdropping or to decrypt messages.
But it’s not for a lack of trying. The New York Times reported recently that the Department of Justice served Apple with a court order demanding the company give law enforcement agents access to a target user’s iMessages in real time. Apple officials said that wasn’t possible because iMessages are encrypted end-to-end and the company doesn’t hold decryption keys. Each user’s device holds a private key used for decryption, and those keys stay on the devices. Public keys, however, are distributed by Apple through its proprietary key server.
The way the iMessage system is set up could give Apple the opportunity to provide access to decrypted messages if it wanted to, experts say.
“Your iPhone requests keys from Apple using a connection that’s TLS-encrypted, and employs some fancy cryptographic tokens. But fundamentally, it relies on the assumption that Apple is good, and is really going to give you you the right keys for the person you want to talk to,” cryptographer and Johns Hopkins University professor Matthew Green wrote in a blog post analyzing the system.
“But this honesty is just an assumption. Since the key lookup is completely invisible to the user, there’s nothing that forces Apple to be honest. They could, if inspired, give you a public key of their choosing, one that they hold the decryption key for. They could give you the FBI’s key.”
Apple has enabled users to receive iMessages on multiple iOS devices, so there’s also the possibility that an attacker–or law enforcement agency–could add a device to a user’s account, perhaps by stealing or guessing the user’s email password. However, any time a new device is added, the user receives a push notification to her existing devices informing her of the addition. That is a difficult hurdle to overcome for an attacker.
Another avenue for law enforcement could be key substitution, in which an agency gets a warrant for access to a user’s iMessages and substitutes its own key for a legitimate one. This doesn’t allow mass, passive surveillance on the system, but targeted eavesdropping on a particular user. But it’s not clear whether that’s a viable method, Green said.
“While it seems pretty obvious that Apple could in theory substitute keys and thus enable eavesdropping, in practice it may require substantial changes to Apple’s code. And while there are a few well-known cases in which the government has forced companies to turn over keys, changing the operation of a working system is a whole different ball of wax,” he wrote.
Apple officials have said consistently that the company cannot and will not decrypt iMessages.
“Our view is, when we design a new service, we try not to collect data. So we’re not reading your email. We’re not reading your iMessage. If the government laid a subpoena to get iMessages, we can’t provide it. It’s encrypted and we don’t have a key. And so it’s sort of, the door is closed,” Apple CEO Tim Cook told Charlie Rose in an interview last year.