
Let's talk about iMessage again - wglb
http://blog.cryptographyengineering.com/2015/09/lets-talk-about-imessage-again.html
======
matt-attack
From the comments:

> Apple controls iPhones. They have root access, you don't. It's the future
> that Richard Stallman predicted in The Right To Read, except he thought it
> would be Microsoft. In this kind of situation, why would you even mention
> key substitution attacks? It's like speculating about the owners of an
> Internet café implementing a TLS MITM attack in their own network's router
> in order to spy on HTTPS connections originating from their own machines.
> Why bother when you're root?

~~~
mtgx
Google, too, actually and it has even acted on it in the past to remove some
apps/malware. Same for Microsoft remotely uninstalling Tor from Windows
machines.

~~~
tptacek
Microsoft does not give a shit about Tor. There are, however, botnets that
install Tor, and anti-malware software that will try to remove those botnets.

------
Programmatic
> _Another perspective on iMessage -- one I 've heard from some attorney
> friends -- is that key server tampering sounds like a pretty good compromise
> solution to the problem of creating a 'secure golden key' (AKA giving
> governments access to plaintext).... I see two problems with this view.
> First, tampering with the key server fundamentally betrays user trust, and
> undermines most of the guarantees offered by iMessage._

That horse has left the barn already. Services like OnStar have been
repeatedly used and abused by law enforcement; once the service is created,
the government gets a warrant (sometimes?) and undermines the service without
any regard for the trust in company providing the service. We are not likely
to be able to change that reality without a serious overhaul/oversight of the
government's warrant scope and process.

------
huslage
There is ALWAYS a weak link. It’s a part of the problem. It’s built in. you
make choices about trust and you either stick with them or you don’t. If you
change, you change and it's no skin off of anyone's back.

Apple has spent ages building the trust of their users. It is not in Apple's
_business interest_ to lie, cheat and steal their users' data.

There are some problems that can't magically be optimized away by computers
right now...humans are humans after all. If it comes out that something
untoward has occurred, then we deal with that bridge when we cross it. Until
then, just keep them honest and roll on messaging as you feel comfortable...or
don't, it's your decision.

------
dantiberian
My understanding is that the notification on phones when a new key is added is
built into the OS and can't be easily bypassed. That notification shows up
when the key is added. If the key isn't added on the device then messages
won't be signed for it.

Also, I thought the consensus was that Apple was 'backdooring' iMessage by
giving LE access to iCloud backups which include iMessage, not compromising
iMessage directly?

~~~
9fb29947
> Also, I thought the consensus was that Apple was 'backdooring' iMessage by
> giving LE access to iCloud backups which include iMessage, not compromising
> iMessage directly?

Can you please expand on this? How would access to iCloud backup _not_
compromise iMessage?

~~~
delinka
The backups store messages as plaintext within the [encrypted?] backup. This
compromises the messages themselves, but not the iMessage protocol nor
systems.

