Hacker News new | past | comments | ask | show | jobs | submit login

iCloud Backup, on by default, backs up the complete plaintext iMessage history to Apple via the network, automatically, using Apple keys.

It also backs up the device's iMessage keys, to Apple via the network, automatically, using Apple keys. That's called key escrow.

The plaintext message content backup bypasses the end-to-end encryption entirely, providing the service-in-the-middle with complete plaintext.

Apple is the only "man in the middle" for iMessage - all encrypted iMessages transit their servers (using TLS, separate from the iMessage message encryption). Apple, via software changes, has gained possession of the user's iMessage key, and the message is no longer opaque to them when relaying it, and it is not end-to-end encrypted. The party in the middle (Apple) can read all of the messages, just as if it were two different TLS sessions to each user with no encrypted payload (the way most non-e2e messaging is implemented).

Alternately, if Apple, via software changes, has caused the plaintext message content to be relayed back to Apple post-decryption, it is no longer end-to-end encrypted, as the service in the middle is no longer zero-knowledge, and has come into possession of the plaintext.

If that's not a backdoor, I don't know what is.

EDIT: (responding to comment below, throttled)

From https://support.apple.com/en-us/HT202303

> Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.

So if you have "Messages in iCloud" enabled, it backs up your iMessage encryption key (Apple already has the ciphertext from the iMessage service). If you have "Messages in iCloud" disabled, it backs up the plaintext of the messages themselves from your device.

In both cases, Apple can read all of your iMessages, either because their software on your device gave them the key (iCloud Backup=on, Messages in iCloud=on), or because their software on your device gave them the plaintext (iCloud Backup=on, Messages in iCloud=off).






Can you substantiate that the keys are backed up?

Is messages in iCloud on by default? I remember being asked.


Your keys would be backed up in the cloud to ensure you can decrypt your restored imessage backup to a new device.

No - only the session keys for those messages need to be backed up for that.

Just turn off iCloud backup. It’s what I do.

And everyone you iMessage with? Both parties to the conversation have the plaintext and a key that will decrypt the whole conversation.

Unless you are 100% certain that everyone you iMessage with has also done this, your conversations are still not reliably private.

Even then, Apple can silently inject additional escrowed wiretap keys into the keylist for one or both participants, although this is an active attack and can be detected by monitoring changes to the keylist for a given phone number or Apple ID provided by Apple's iMessage APIs.


iMessage is not a security or privacy-first messaging app. It is a fun and usable messaging app with decent efforts towards privacy and no user tracking. The only messaging app that goes all the way with privacy is Signal, which I use for most of my communication. But Apple is focused on the user experience, and there are some fundamental trade offs with user experience that are not necessary for most users. Most users are never going to be subpoenaed by the police.

Look, iCloud Backup is the weak link here. I don't actually know if your messages will still be in other peoples' backups even if you turn off iCloud Backup, but I also don't know enough about the security model one way or another to be able to say, and I haven't seen evidence provided. I'm willing to believe that they are, just for the sake of argument.

What I was trying to say is that Apple is trying to make it as easy as possible for people to recover their messages, because this covers most peoples' threat models, which do not include protecting data from subpoena. Signal is great technology but the fact is it doesn't sync messages between devices because they haven't figured out how to do that in a way that's fully secure. This is a feature that tons of iPhone users want and are not willing to sacrifice for higher security. What am I missing?


> Just turn off iCloud backup. It’s what I do.

But is this problem a problem just at the personal level? The big problem lies at a societal level. And does it then help that a few computer hackers are informed enough to make an important (and crippling) technical decision?


The problem at the societal level is that people prefer convenience to security. The number of people that would forget their password, lose their entire message history, and blame Apple for it is huge. If you have everything end-to-end encrypted, that's the support burden you're looking at, and it's absolutely nontrivial.

“Alternately, if Apple, via software changes, has caused the plaintext message content to be relayed back to Apple post-decryption, it is no longer end-to-end encrypted, as the service in the middle is no longer zero-knowledge, and has come into possession of the plaintext.”

Is just conjecture about something they could do, or is there some evidence that they have done this?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: