[abalone]

There's another technical surveillance method here that I feel more people should be talking about: monitoring iMessage communication.

iMessage is extremely secure[1], except for the fact that Apple controls the device list for iCloud accounts. The method would simply be for Apple to silently add another device to a target's account which is under law enforcement's control. I say "silently" in that they would need to hide it from the target's iCloud management UI to stay clandestine, but that's it, just a minor UI change. iMessage clients will then graciously encrypt and send a copy of every message to/from the target to the monitoring device.

This would still work even with impossible-to-crack encryption. It wouldn't allow access to old messages, just stuff after the monitoring was enabled. It's the modern wiretap.

It mirrors wiretapping in that sufficiently sophisticated people could discover the "bug" by looking at how many devices iMessage is sending copies to when messaging the target (just inspecting the size of outgoing data with a network monitoring tool would probably suffice), but it would go a long way and probably be effective for a high percentage of cases.

The main thrust of the article is that encryption is not new, just the extent of it, particularly iMessage. Here's a way around that.

[1] http://images.apple.com/iphone/business/docs/iOS_Security_Fe...

[girvo]

> by looking at how many devices iMessage is sending copies to when messaging the target

Is iMessage centralised? I'm pretty certain it is, and if that is the case then you couldn't find out if you were tapped or not; one message gets sent to the server (perhaps with a list of the devices you want to send it to) and the server under Apple/LEO control sends a copy to their "device".

[hwatson]

Each message is encrypted individually for each device that will be receiving the message. As a result, unless Apple slip a public key they have control over into the keys reported for the receiver, they cannot read your messages. (This is why abalone mentions that Apple do not have access to your old messages.)

http://blog.quarkslab.com/imessage-privacy.html goes into detail as to how the key exchange process works.

[dantiberian]

Whenever you add a device to your pool of iMessage devices, all of the other devices get a popup message telling them. This is the step where each of the other devices get the decryption key for that device.

My hunch is that Apple doesn't have a way to prevent the popup messages so if they were forced to add a law enforcement iPhone to an iMessage pool then the target would notice an extra device was added.

[jshevek]

Maybe I don't understand the problem, but it seems to me that it would be very simple for apple to prevent the popup messages at their discretion, since they write and control the software that causes the popup to happen in the first place.

[eridius]

They would have to update the OS on the device first. And that's definitely not something that can be done silently.

I'm assuming here that the OS already doesn't have the ability to suppress the popup, and I think that's a safe assumption because Apple doesn't want to have this ability.

[pilif]

>They would have to update the OS on the device first. And that's definitely not something that can be done silently.

how do we know that the iMessage protocol doesn't already have support for a "silent" flag, which, if set, will not cause the message to appear?

[eridius]

I already answered that in the second sentence of my comment.

[ObviousScience]

> And that's definitely not something that can be done silently.

Can you link me to a technical analysis about this?

It would be one of the few phones where the baseband/SIM couldn't make changes to the system.

[eridius]

iMessage has nothing at all to do with the baseband or SIM. And carriers definitely can't push updates to the OS. Only Apple has the technical capability to produce updates to the OS, if for no other reason than the fact that all OS code must be codesigned with Apple's certificate, and only Apple has the keys. But since the baseband can't update the OS anyway, that's a moot point.

I don't have a link for a technical analysis of this, but I shouldn't need one. It should be self-evident that updating the OS is a process that is very obvious to the user. It's also something that Apple has never done without explicit action by the user to perform such an update. It would in fact be incredibly dangerous to update the OS without explicit action, if for no other reason than the fact that this would not give the user the chance to back up their phone in case something goes wrong.

[ObviousScience]

"It's obvious that neither of the other two processors in your phone with DMA could update your OS" is a statement that needs more justification than "it's obvious". Quite a number of backdoors from the baseband to the actual processor of the phone have been discovered over the last few years, including commands that seem to indicate that it could possibly write arbitrary memory under the right conditions.

Similarly, the conjectured scenario is that the government is trying to get in to your phone secretly: it's hardly unreasonable to think they could compel both Apple and your carrier to assist them, in the form of Apple generating a custom wiretap update and your carrier silently pushing it.

> It would in fact be incredibly dangerous to update the OS without explicit action, if for no other reason than the fact that this would not give the user the chance to back up their phone in case something goes wrong.

Again, we're talking about responding to a sealed court order to aid in tapping a telephone, and not about what makes good business sense under normal conditions.

[spike021]

Couldn't the change simply be included in one of the regular .x updates? They don't need to mention it in the changelog. It's not something significant enough that people would really notice.

I don't think Apple would want that capability either, but just for argument's sake.

[eridius]

They could, but that's not something that law enforcement can just ask them to do on the fly.

[shawnz]

> that's definitely not something that can be done silently.

I hate to sound so paranoid, but what reason do you have to believe this?

[eridius]

That the OS can't be silently updated? Many years of experience working with Apple platforms, and iOS in particular.

[abalone]

That is probably a fair hunch. However I was thinking.. there may be a way to do this with stock iOS without tipping off the target device in any way.

Whenever an iMessage client wants to message the target, it gets a list of target device public encryption keys from Apple. It then sends a separately-encrypted copy of each message to each of those recipients.

What Apple could do is to "bug" the lists that are sent to the devices wanting to sending something to the target, without modifying the list that the target device sees. So all incoming messages to the target would get cc'd to law enforcement. This could probably be done completely server-side.

As for outgoing messages, Apple could do the same thing in reverse: whenever the target device asks for the list of recipient devices, just add the monitoring device to it. Again, all by simply modifying the device directory server, no client changes.

The bigger point here is that Apple claims their hands are tied due to the design of the encryption. But as long as the directory service is still under their central control, there is still a technical means for complying with law enforcement requests to monitor iMessage communication.

Perhaps law enforcement just needs to get more specific with their demand. Don't demand "decryption" anymore.. demand a wiretap.

[bni]

That would only catch messages sent to the target, not messages that the target sent itself. For example if I send a iMessage to a friend on my Mac, I won't see my sent message on my iPhone later.

[hrktb]

iMessage syncs the sent messages across the devices as well. The might be some conditions on the sync (e.g. messages sent before the device was added to the account, or message older than x months during which the device was offline, etc..) but I'm looking at my mac app and I definitely my iPhone messages.

[xcrunner529]

well also mentioned in the security document is that if you do an iCloud backup the iMessage security is sort of negated...the archive is "clear text" in that it's encrypted by Apple's keys and such instead of the device key. Hence why you can restore it to other devices.