undefined | Better HN

0 pointsThePowerOfFuet5y ago0 comments

No, Apple cannot decrypt iMessage or FaceTime traffic because they don't have the keys.

Apple could silently add an extra recipient for whom they do have the keys, but that is out of scope for E2E (in other words, key distribution is out of scope).

0 comments

lern_too_spel5y ago

> No, Apple cannot decrypt iMessage or FaceTime traffic because they don't have the keys.

They can very easily decrypt iMessage traffic using the method outlined in the article. They simply provide the sender with an erroneous key.

> key distribution is out of scope

Not according to GGP's definition, which didn't require merely that messages stay encrypted between endpoints but that middlemen have no way of decrypting the data.

saagarjha5y ago

Middlemen don't have a way of decrypting the data, because they don't have the keys to decrypt it. If they're malicious they can try to send you new keys to use, and only if you accept them will they then have the keys to decrypt your messages.

lern_too_spel5y ago

> and only if you accept them

Does iMessage give the user any way to reject them? Show me. Apple's own "Apple Platform Security Spring 2020" document does not claim any such thing. It says the device requests keys from IDS at the start of a conversation and just uses them.

The article I linked to above said that Apple fixed several other bugs the researchers pointed out but not that one, which other researchers had also described to Apple years before.

j / k navigate · click thread line to collapse

0 comments

lern_too_spel5y ago

> No, Apple cannot decrypt iMessage or FaceTime traffic because they don't have the keys.

They can very easily decrypt iMessage traffic using the method outlined in the article. They simply provide the sender with an erroneous key.

> key distribution is out of scope

Not according to GGP's definition, which didn't require merely that messages stay encrypted between endpoints but that middlemen have no way of decrypting the data.

saagarjha5y ago

lern_too_spel5y ago

> and only if you accept them

The article I linked to above said that Apple fixed several other bugs the researchers pointed out but not that one, which other researchers had also described to Apple years before.

j / k navigate · click thread line to collapse