Apple can read iMessages beyond Encryption

October 24, 2013 | By Editor 

Encrypted messages are a common factor for most messaging services and the same has been promised by Blackberry for their own service as well on all platforms. Apple on the other hand introduced iMessages and promised that there won’t be any spying on the ones sent by their users.

“But, a new research reveals that with an exploit on SSL certificate and some custom modifications,made by the developer themselves. Apple can actually read the messages and intercept them when required for security purposes. “

Even though, there is no solid proof to claim that the technology giant reads those messages, the security firm which was involved in this research process confirms that there are certificate vulnerabilities using which either the company or any third party in the middle can try to intercept to know the content. This isn’t good news for Apple users who are fond of the brand and always trust them to be the best around the world.

SSL Encryption

All these flaws stated revealed where discovered to be familiar to Apple because the company was using a server named ESS which manages the public keys. It cannot be publicly inspected but a trained hacker can actually disrupt the message and read whatever the user is sending. Such a security vulnerability is not what the company wants because iMessages was touted to be a great alternate to SMS services.

For a long time, BBM or Blackberry Messenger used to be the only one in this race that offered dedicated messaging service for its users exclusive to their products. Once again, Apple’s service was considered to be a safe bet and will not be used by surveillance agencies to snoop on users. Using SSL certificates is a reliable and secure way to encrypt messages or any type of data. The same is being introduced to the mobile world as well in recent times.

Experts suggest that companies should never oversell their security capabilities because there is always one or more vulnerabilities lurking in the corner.

If it gets exposed, they are bound to face more loss than what actually is because of the promise they made in the past. The use of SSL certificates exists prevalent with websites and similar tools exist for smartphones as well. Apple can consider making their protocols transparent and prove that no one can read the messages sent through their service to be on the safer side. Certificate pinning was not used which allowed to fake certificate authority to add to the user key chain.

ssl certificate

<< Mobile Pwn2Own: Nexus 4, S4 and iPhone HackedWhy SSL Certificates Are Inevitable For Merchants? >>

Posted in Technology

Be Sociable, Share!

Leave a Comment


* fields are mandatory