[xtian]

Apple does not have access to FaceTime keys or iMessage keys for that matter. They are truly end-to-end encrypted, and I don’t think there is any need to cheapen or muddy the term for the sake of marketers.

[ec109685]

They can still write software to insert themselves into the key exchange flow and eavesdrop on a conversation. E.g. I don’t believe there is anything stopping Apple from pretending a participant bought a new device.

[thebean11]

That's a much less scary attack vector though, since they would also need to somehow impersonate the participants voice or image right?

[upofadown]

Think of it as aiming a phone at another phone. Apple would decrypt everything and then reencrypt it.

[xtian]

How would they spoof the 2FA from an existing device?

[upofadown]

Perhaps as that was based on random internet comments. FaceTime still ends up at level 2 with Zoom and the rest because Apple can MITM the traffic without much trouble. There is no provision for the user to prevent/detect a MITM attack in FaceTime or iMessage.

[xtian]

So you’re saying there should be a three-level consumer standard where the third level excludes any possible consumer product? Please don’t pretend that Apple and Zoom’s approaches are equivalent here. There is a substantial difference that deserves to be acknowledged. Anyone whose threat model includes Apple subverting their own security architecture shouldn’t be using any communication platforms.

[upofadown]

There is nothing wrong with allowing a consumer to verify that they are talking to who they think they are talking to. Is Signal a consumer product?

Zoom specifically states that they do not have access to session keys. Apple doesn't even make such a statement.

[xtian]

What prevents Signal from MITMing their app?

[upofadown]

The way everyone else does it. The user can verify the key fingerprint. Signal calls it the safety number.

[xtian]

Why couldn’t they just change the client code to exfiltrate the user’s data?