[dantiberian]

Whenever you add a device to your pool of iMessage devices, all of the other devices get a popup message telling them. This is the step where each of the other devices get the decryption key for that device.

My hunch is that Apple doesn't have a way to prevent the popup messages so if they were forced to add a law enforcement iPhone to an iMessage pool then the target would notice an extra device was added.

[jshevek]

Maybe I don't understand the problem, but it seems to me that it would be very simple for apple to prevent the popup messages at their discretion, since they write and control the software that causes the popup to happen in the first place.

[eridius]

They would have to update the OS on the device first. And that's definitely not something that can be done silently.

I'm assuming here that the OS already doesn't have the ability to suppress the popup, and I think that's a safe assumption because Apple doesn't want to have this ability.

[pilif]

>They would have to update the OS on the device first. And that's definitely not something that can be done silently.

how do we know that the iMessage protocol doesn't already have support for a "silent" flag, which, if set, will not cause the message to appear?

[eridius]

I already answered that in the second sentence of my comment.

[ObviousScience]

> And that's definitely not something that can be done silently.

Can you link me to a technical analysis about this?

It would be one of the few phones where the baseband/SIM couldn't make changes to the system.

[eridius]

iMessage has nothing at all to do with the baseband or SIM. And carriers definitely can't push updates to the OS. Only Apple has the technical capability to produce updates to the OS, if for no other reason than the fact that all OS code must be codesigned with Apple's certificate, and only Apple has the keys. But since the baseband can't update the OS anyway, that's a moot point.

I don't have a link for a technical analysis of this, but I shouldn't need one. It should be self-evident that updating the OS is a process that is very obvious to the user. It's also something that Apple has never done without explicit action by the user to perform such an update. It would in fact be incredibly dangerous to update the OS without explicit action, if for no other reason than the fact that this would not give the user the chance to back up their phone in case something goes wrong.

[ObviousScience]

"It's obvious that neither of the other two processors in your phone with DMA could update your OS" is a statement that needs more justification than "it's obvious". Quite a number of backdoors from the baseband to the actual processor of the phone have been discovered over the last few years, including commands that seem to indicate that it could possibly write arbitrary memory under the right conditions.

Similarly, the conjectured scenario is that the government is trying to get in to your phone secretly: it's hardly unreasonable to think they could compel both Apple and your carrier to assist them, in the form of Apple generating a custom wiretap update and your carrier silently pushing it.

> It would in fact be incredibly dangerous to update the OS without explicit action, if for no other reason than the fact that this would not give the user the chance to back up their phone in case something goes wrong.

Again, we're talking about responding to a sealed court order to aid in tapping a telephone, and not about what makes good business sense under normal conditions.

[eridius]

> Quite a number of backdoors from the baseband to the actual processor of the phone have been discovered over the last few years

Every single one is a security vulnerability, not an intentional blessed mechanism by which the OS can be updated. And every single one is patched as soon as Apple learns of it.

> it's hardly unreasonable to think they could compel both Apple and your carrier to assist them, in the form of Apple generating a custom wiretap update and your carrier silently pushing it.

Except a) any known mechanisms by which this could be done would have already been patched, and b) I find it highly implausible that the government could compel Apple into deliberately breaking the fundamental security architecture of their product. If Apple already had the keys to decrypt the message, they could be compelled to hand them over, but that's very different than compelling them to actually modify their end-user software.

If the government did have the power to compel Apple to do something to aid wiretapping, it would be to compel them to add the ability to suppress the popup into a future OS update. It would certainly not be to compel them into creating and installing an OS update on the fly to a specific phone. Security implications aside, installing custom OS updates to specific phones would also have tremendous consequences on a lot of other stuff, including future OS updates (installing an OS update certainly can't brick the phone even if it's running an unknown custom OS), customer support (what if the target brings their phone in to an apple store?), even their internal build process.

That said, I don't believe the government can compel Apple to deliberately violate the advertised security guarantees of their product. Especially when such tampering is potentially visible to the target (which this would be; people have reverse-engineered the iMessage protocol, which means it's possible to intercept and analyze the traffic, which means it would be possible to write a tool to dump out the keys that your message is going to, which can be used to detect when new keys are added even if the OS doesn't alert you).

> Again, we're talking about responding to a sealed court order to aid in tapping a telephone

No we're not. iMessage isn't a telephone. The fact that the device you're using iMessage on almost certainly also has phone capabilities is irrelevant (and of course you can use iMessage without a telephone, by using a Mac or an iPod Touch).

[spike021]

Couldn't the change simply be included in one of the regular .x updates? They don't need to mention it in the changelog. It's not something significant enough that people would really notice.

I don't think Apple would want that capability either, but just for argument's sake.

[eridius]

They could, but that's not something that law enforcement can just ask them to do on the fly.

[shawnz]

> that's definitely not something that can be done silently.

I hate to sound so paranoid, but what reason do you have to believe this?

[eridius]

That the OS can't be silently updated? Many years of experience working with Apple platforms, and iOS in particular.

[abalone]

That is probably a fair hunch. However I was thinking.. there may be a way to do this with stock iOS without tipping off the target device in any way.

Whenever an iMessage client wants to message the target, it gets a list of target device public encryption keys from Apple. It then sends a separately-encrypted copy of each message to each of those recipients.

What Apple could do is to "bug" the lists that are sent to the devices wanting to sending something to the target, without modifying the list that the target device sees. So all incoming messages to the target would get cc'd to law enforcement. This could probably be done completely server-side.

As for outgoing messages, Apple could do the same thing in reverse: whenever the target device asks for the list of recipient devices, just add the monitoring device to it. Again, all by simply modifying the device directory server, no client changes.

The bigger point here is that Apple claims their hands are tied due to the design of the encryption. But as long as the directory service is still under their central control, there is still a technical means for complying with law enforcement requests to monitor iMessage communication.

Perhaps law enforcement just needs to get more specific with their demand. Don't demand "decryption" anymore.. demand a wiretap.