Despite Apples strong stance on privacy, weve always known the company has to walk a pretty fine line when it comes to locking things down too tightly, especially where dealing with law enforcement agencies is concerned.
Apple has always made a point that everything stored on your iPhone is quite securely encrypted, to the point that its basically impossible to get at it without knowing your passcode.
Except for targeted malware attacks, the only way to get into an iPhone is to brute-force the password, which basically means hooking it up to a specialized device that tries every possible combination of numbers and possibly letters until it finds the correct one. However, using longer alphanumeric passwords makes this effectively impossible to do in somebodys normal lifespan.
In fact, the iPhone is so secure that its put Apple at the centre of a pretty big controversy on whether big tech companies should be required to create a back door for government and law enforcement agencies.
U.S. lawmakers, in particular, have been taking steps to make end-to-end encryption illegal, raising the spectre of child exploitation as a bogeyman to justify their position the Apple should provide a master key for law enforcement to bypass encryption and easily perform a warranted search of any iPhone that comes under investigation. Its no wonder Apple has been trying to get ahead of the curve and appease lawmakers by finding a middle ground.
After all, if Apple doesnt tread carefully, it risks having all the privacy and security protections that its carefully built into iOS legislated out of existence by lawmakers under the guise of protecting kids.
This is undoubtedly also the thinking behind Apples new Communication Safety feature thats coming in iOS 15.2, particularly since the entire iMessage platform is already tightly end-to-end encrypted, not just on each users iPhone, but also as it travels through Apples cloud servers.
In other words, barring any industrial-strength spyware on your device, when you send an iMessage to somebody, theres no way for anybody to intercept or read that message apart from the intended recipient(s).
Unfortunately, as great as that sounds, there are a few other weak links in how the Messages app stores its data that could result in others getting access to your messages, and this is especially true for law enforcement agencies.
Apple has never made any secret that it will comply with any valid law enforcement request to provide whatever data it can, which generally includes everything in your iCloud Backup.
In fact, during a senate hearing two years ago, Apples head of user privacy, Erik Neuenschwander, shared that the company received 127,000 requests from law enforcement from 2012 to 2019, and in most cases, it responded to these within 20 minutes, usually by handing over all the pertinent data thats stored on its servers.
To be clear, Apple still cant open an iPhone. When senators accused Apple of blatantly refusing court orders to open an iPhone, Neuenschwander pointed out that no matter how much it may want to, Apple cant do what is essentially impossible, which includes breaking the strong encryption its created for the iPhone.
Many lawmakers and politicians refuse to buy into this particular point, however, maintaining that Apple should be required to re-engineer its devices so that this becomes possible.
Fortunately for user privacy, those wishes have yet to become enshrined in law, so for now, agencies such as the FBI will need to be content with whatever Apple can provide.
An internal FBI document recently obtained and shared by Property of the People (via AppleInsider) outlines how iMessage stacks up against other secure messaging systems from the perspective of the FBIs ability to legally access content and metadata from them. The document is unclassified but labeled as For Official Use Only (FOUO) and Law Enforcement Sensitive (LES).
While the document spells out what we already know, its an interesting inside look at where iMessage fits in alongside others such as Signal, Telegram, and WhatsApp.
In the case of iMessage, the key vulnerability is one that you should already be aware of, and it ultimately comes down to any data youve stored in your iCloud Backups.
Specifically, the document notes that the FBI can obtain Limited message content from iMessage. A subpoena can render basic subscriber information, and 25 days of iMessage lookups to and from a target number although a footnote explains that Apple includes a disclaimer that a log entry between parties does not indicate a conversation took place, and that these query logs have also contained errors.
On the other hand, a search warrant can render backups of a target device, and if target uses iCloud backup, the encryption keys should also be provided with content return that is, as part of the backup along with iMessages if target has enabled Messages in iCloud.
In laymans terms, this means that if youre using iCloud Backups, any Messages data from your iPhone is vulnerable to a search warrant or any hacker who gets access to your iCloud account. This can occur in two different ways:
In other words, if youre not using Messages in iCloud, then your messages are stored in your iCloud Backup in readable form.
If you are using Messages in iCloud, the key to decrypt them is stored in your iCloud Backup.
Either way, if youre using iCloud Backups, your iMessage history is vulnerable.
Fortunately, you can disable iCloud Backups and backup your iPhone or iPad directly to your computer instead. In this case, your Messages data is safe, since even if youre using Messages in iCloud, this data will be stored using end-to-end encryption, with the key nowhere to be found on Apples servers.
Of course, if youre not using Message in the Cloud, your messaging history wont be on Apples servers at all it will only be stored locally on your device and in your computer backups.
Note that even in this case, your actual iMessage conversations travel through Apples servers, and SMS conversations travel through your carriers network. While Apple cant provide the content of your messages, it may still be able to provide a log of who youve been communicating with.
Note that SMS text messages arent even that secure, and theres a good chance that your carrier can intercept everything going on through those channels.
Just keep in mind that all bets are off if youre using a company-provided iPhone, as there are numerous management tools that a corporate IT department can install to monitor your activity. In many jurisdictions, however, all communications that occur on company-owned hardware belong to the company, so you shouldnt have an expectation of privacy in those cases anyway.
The FBI document also provided details on what can be obtained from several other popular messaging systems, and many of these came out ahead of Apples iMessage.
For example, Signal, Telegram, Threema, Viber, WeChat, and Wickr were all listed as providing No Message Content. Line and WhatsApp provided Limited content, but only in specific cases.
WhatsApps users are vulnerable to the same loophole as iMessage users, with the FBI noting that If target is using an iPhone and iCloud Backups enabled, iCloud returns may contain WhatsApp data, to include message content.
Line, on the other hand, can maintain seven days worth of specified users text chats in the face of an effective warrant, but this is only possible when the user has not enabled end-to-end encryption.
Among the listed messaging apps, Signal was unsurprisingly the most private of the bunch, with the ability to provide only the date and time that a user registered for the service, and the last time they connected to it.
Telegram came in a close second, with a note that it may disclose IP addresses and phone numbers to relevant authorities for confirmed terrorist investigations, but it does so solely at its own discretion.
Lastly, WeChat may be a special case. While the FBI notes that it cant get any message content out of theChina-based chat service, thats probably not the case for Chinese authorities. In fact, the FBI notes that WeChat cannot provide records for accounts created in China, but will provide basic information such as name, phone number, email, and IP address for non-China accounts.
The same could be said for other messaging platforms owned by foreign companies, which might not be compelled to respond to U.S. law enforcement agencies, but could be required to do so for court orders from their own governments.
In most cases, these other messaging platforms maintain their security by avoiding iCloud Backups entirely. Developers can choose what data is stored in an iCloud Backup, and apps like Signal deliberately refuse to store anything at all, which is why you basically have to set it up from scratch when switching to a new iPhone.
After all, the best way to keep your data from falling into the wrong hands is to avoid keeping it in the first place.
Read this article:
How Secure Is iMessage? | Leaked FBI Document Reveals the Truth - iDrop News
- Blackline Safety : What is the cloud and why should businesses care about cloud-connected safety? - marketscreener.com - January 22nd, 2022
- DataHEALTH, Inc. Begins Notification of Cybersecurity Incident - PRNewswire - January 22nd, 2022
- Data Centers Must Rethink Interconnection in Order to Evolve - Data Center Frontier - January 22nd, 2022
- Onlive Server Launched Canada VPS Hosting with Upto 48 CPU CORE and Cloud VPS Control Panel - Digital Journal - January 22nd, 2022
- Gartner: IT spending forecast points to skills rebalance - ComputerWeekly.com - January 22nd, 2022
- IBM is selling off its Watson Health assets - Boston News, Weather, Sports | WHDH 7News - January 22nd, 2022
- Global Cloud Hosting Service Market Focusing on Trends and Innovations during the Period 2021 to 2027 Discovery Sports Media - Discovery Sports Media - January 22nd, 2022
- Why COVIDtests.gov worked where HealthCare.gov stumbled - FedScoop - January 22nd, 2022
- VTEX : 5 benefits of SaaS and a cloud commerce ecosystem - marketscreener.com - January 22nd, 2022
- Ford and ADT team up to prevent theft from vehicles - TechCrunch - January 22nd, 2022
- Patent Awarded to Nanoprecise Sci Corp for its Automated Predictive Maintenance Solution - PR Newswire India - January 22nd, 2022
- Recent Analysis on Cloud Hosting Service Market 2022-2028 Top Trends, Business Opportunity, and Growth Strategy LSMedia - LSMedia - January 22nd, 2022
- Google Project Iris AR Headset in the Works, May Feature In-House Processor: Report - Gadgets 360 - January 22nd, 2022
- Cyber Security in 2022: What Should You Know? - GISuser.com - January 22nd, 2022
- Cellular connectivity: the final piece of the IoT puzzle - ITProPortal - January 22nd, 2022
- The opportunities and challenges of data center industry in 2022 - Analytics India Magazine - January 16th, 2022
- The rising threat of cyber criminals targeting cloud infrastructure in 2022 - Help Net Security - January 16th, 2022
- Strata Identity Hosts Complimentary Webinar Featuring ESG Analyst on Identity and Policy Management for Multi-Cloud in 2022 - Business Wire - January 16th, 2022
- ISG to Conduct Study on Private and Hybrid Cloud Providers - StreetInsider.com - January 16th, 2022
- Strengthening the availability chain - ITProPortal - January 16th, 2022
- NordVPN launches open source VPN speed testing tool - IT PRO - January 16th, 2022
- Emby vs Plex: Which media server is right for you? - nation.lk - The Nation Newspaper - January 16th, 2022
- Nutanix Rajiv Ramaswami On His First Year As CEO - Forbes - January 16th, 2022
- ThycoticCentrify adds new security controls and automation to Secret Server - SecurityBrief Asia - January 16th, 2022
- PCIe 6.0 is here with double the bandwidth at 128Gbps - comments - GSMArena.com - January 16th, 2022
- 'Our servers are secure' -- NIMC responds as hacker claims he gained access to NIN database - TheCable - January 16th, 2022
- How this Mumbai startup is carving a niche for itself in the crowded ecommerce delivery space - YourStory - January 16th, 2022
- What begins with a 'B' and is having problems at tsoHost? Hopefully not your website - The Register - January 12th, 2022
- Sensory Extends Voice and Visual AI Platform to the Cloud - Voicebot.ai - January 12th, 2022
- How these 3 Companies Leverage the Hybrid Cloud - TechGenix - January 12th, 2022
- Multi-cloud security doesn't have to be complicated, just consistent - IT-Online - January 12th, 2022
- Podcast: why the future of data management sits in the cloud - Central Banking - January 12th, 2022
- Streaming Analytics Market worth $50.1 billion by 2026 - Exclusive Report by MarketsandMarkets - Yahoo Finance - January 12th, 2022
- Growing Technical Advancements in DevOps Technologies and Their Rising Demand for Optimizing Business Operations to Drive the Global DevOps Market by... - January 12th, 2022
- Data Center Market to Grow by USD 519.34 Bn | Adoption of Multi-cloud and Network Upgrades to Support 5G will Drive Growth | Technavio - PRNewswire - January 12th, 2022
- From 1920s to 2020s: Get ready for a new Roaring Twenties - Big Think - January 12th, 2022
- Post Pandemic: Cloud Adoption Needs to Be Accelerated - APN News - January 12th, 2022
- 2 Growth Stocks That Could Double Your Money in 5 Years - Motley Fool - January 12th, 2022
- Dispelling the top five myths of modern infrastructure - ComputerWeekly.com - January 12th, 2022
- The Future of Records & Compliance With Optimere CEO ICYMI - Government Technology - January 12th, 2022
- Why Banks Are Slow to Embrace Cloud Computing - The New York Times - January 4th, 2022
- How I fell into the self-hosting rabbit hole in 2021 - Windows Central - January 4th, 2022
- The future of web hosting: 5 things to look out for in 2022 - TechRadar - January 4th, 2022
- New Connectivity Is Bringing Roads Up to Speed - Wired.co.uk - January 4th, 2022
- Healthcare for the new normal world reimagined with digital analytics at the core - ETHealthworld.com - January 4th, 2022
- Opinion: White Renegade of the Year 2021 Gregory Hood - Prescott eNews - January 4th, 2022
- Best of 2021 Why Kubernetes is the King of Containerized Tools - Container Journal - December 27th, 2021
- Cloud and Edge Computing Will Be Key for Government Agencies in 2022 - StateTech Magazine - December 27th, 2021
- Cloud Security Market 2021: Industry Size, Regions, Emerging Trends, Growth Insights, Opportunities, and Forecast By 2027 mainlander.nz -... - December 27th, 2021
- iOS 15.2 Makes it Easier to Replace the Screen on the iPhone 13 - iDrop News - December 27th, 2021
- 4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories - The Hacker News - December 27th, 2021
- Top 5 Best Free Linux Cloud Servers  - December 22nd, 2021
- phoenixNAP and MemVerge to Enable Memory Virtualization in Bare Metal Cloud - HPCwire - December 22nd, 2021
- AWS outages and cloud computing, explained - Popular Science - December 22nd, 2021
- How the Cloud Helps With Medical Research and Remote Medicine - Business Insider - December 22nd, 2021
- Contributed | The role of the Cloud in digital transformation - DIGIT.FYI - December 22nd, 2021
- Cloud Security Market 2021 is Expected to be on Course to Achieve Considerable Growth to 2027 mainlander.nz - mainlander.nz - December 22nd, 2021
- How Tripwire Can Be a Partner on Your Zero Trust Journey - tripwire.com - December 22nd, 2021
- Top Cloud Computing Trends Shaping Our IT Landscape in 2022 - CRN - India - CRN.in - December 22nd, 2021
- Medelln Campus writes the future of worldwide industrial automation - Intelligent CIO ME - December 22nd, 2021
- How Kubernetes lowers costs and automates IT department work - The Register - December 22nd, 2021
- 3 Top Trends to Invest in for 2022 (and Beyond) - Motley Fool - December 22nd, 2021
- What Agencies Need to Do to Combat Shadow IT Driven by Cloud Sprawl - Nextgov - December 12th, 2021
- Nvidia CEO Huang jointly files patent for software tech in the metaverse - The Register - December 12th, 2021
- Truly thrifty cloud hosting - Hetzner Online GmbH - December 5th, 2021
- These researchers wanted to test cloud security. They were shocked by what they found - ZDNet - December 5th, 2021
- What Is The Cloud And Where Is It Used? - Fossbytes - December 5th, 2021
- JetBrains starts adding remote dev functionality on IDEs and introduces Fleet - ZDNet - December 5th, 2021
- Your iPhones best trick is tucked away inside Photos app do you know it?... - The Sun - December 5th, 2021
- Tech Investment Alert: Check Out Top Five Tech Stocks Today - Analytics Insight - December 5th, 2021
- Tencent Cloud and AMD Join Forces to Launch StarLake Servers in Southeast Asia - HPCwire - December 3rd, 2021
- A Climate Dystopia Displayed at the UMOCA with 'the weight of a cloud' - Daily Utah Chronicle - December 3rd, 2021
- AWS Announced General Availability of Elastic Disaster Recovery - InfoQ.com - December 3rd, 2021
- The Benefits of Using a Share File Server in Education - eLearningInside News - eLearningInside News - December 3rd, 2021
- 5 questions for Mark Mills on the cloud revolution - Washington Examiner - December 3rd, 2021
- Inspur Information Impresses in AI Performance with 7 Titles in MLPerf Training v1.1 - Business Wire - December 3rd, 2021
- Netweb Technologies Bags Award from MeitY in Contribution to the Manufacturing Sector - News Nation - December 3rd, 2021
- FTC is Suing NVIDIA to Stop Its $40B Acquisition of Arm Amidst Concerns of Potential Reliance from Rival Firms Should Deal Push Through - Tech Times - December 3rd, 2021
- Securing the edge server infrastructure from the ground up - The Register - December 3rd, 2021
- VPS Hosting | Free SSD VPS Server Trial | Windows VPS ... - November 22nd, 2021