[eridius]

iMessage has nothing at all to do with the baseband or SIM. And carriers definitely can't push updates to the OS. Only Apple has the technical capability to produce updates to the OS, if for no other reason than the fact that all OS code must be codesigned with Apple's certificate, and only Apple has the keys. But since the baseband can't update the OS anyway, that's a moot point.

I don't have a link for a technical analysis of this, but I shouldn't need one. It should be self-evident that updating the OS is a process that is very obvious to the user. It's also something that Apple has never done without explicit action by the user to perform such an update. It would in fact be incredibly dangerous to update the OS without explicit action, if for no other reason than the fact that this would not give the user the chance to back up their phone in case something goes wrong.

[ObviousScience]

"It's obvious that neither of the other two processors in your phone with DMA could update your OS" is a statement that needs more justification than "it's obvious". Quite a number of backdoors from the baseband to the actual processor of the phone have been discovered over the last few years, including commands that seem to indicate that it could possibly write arbitrary memory under the right conditions.

Similarly, the conjectured scenario is that the government is trying to get in to your phone secretly: it's hardly unreasonable to think they could compel both Apple and your carrier to assist them, in the form of Apple generating a custom wiretap update and your carrier silently pushing it.

> It would in fact be incredibly dangerous to update the OS without explicit action, if for no other reason than the fact that this would not give the user the chance to back up their phone in case something goes wrong.

Again, we're talking about responding to a sealed court order to aid in tapping a telephone, and not about what makes good business sense under normal conditions.

[eridius]

> Quite a number of backdoors from the baseband to the actual processor of the phone have been discovered over the last few years

Every single one is a security vulnerability, not an intentional blessed mechanism by which the OS can be updated. And every single one is patched as soon as Apple learns of it.

> it's hardly unreasonable to think they could compel both Apple and your carrier to assist them, in the form of Apple generating a custom wiretap update and your carrier silently pushing it.

Except a) any known mechanisms by which this could be done would have already been patched, and b) I find it highly implausible that the government could compel Apple into deliberately breaking the fundamental security architecture of their product. If Apple already had the keys to decrypt the message, they could be compelled to hand them over, but that's very different than compelling them to actually modify their end-user software.

If the government did have the power to compel Apple to do something to aid wiretapping, it would be to compel them to add the ability to suppress the popup into a future OS update. It would certainly not be to compel them into creating and installing an OS update on the fly to a specific phone. Security implications aside, installing custom OS updates to specific phones would also have tremendous consequences on a lot of other stuff, including future OS updates (installing an OS update certainly can't brick the phone even if it's running an unknown custom OS), customer support (what if the target brings their phone in to an apple store?), even their internal build process.

That said, I don't believe the government can compel Apple to deliberately violate the advertised security guarantees of their product. Especially when such tampering is potentially visible to the target (which this would be; people have reverse-engineered the iMessage protocol, which means it's possible to intercept and analyze the traffic, which means it would be possible to write a tool to dump out the keys that your message is going to, which can be used to detect when new keys are added even if the OS doesn't alert you).

> Again, we're talking about responding to a sealed court order to aid in tapping a telephone

No we're not. iMessage isn't a telephone. The fact that the device you're using iMessage on almost certainly also has phone capabilities is irrelevant (and of course you can use iMessage without a telephone, by using a Mac or an iPod Touch).

[tripzilch]

> I find it highly implausible that the government could compel Apple into deliberately breaking the fundamental security architecture of their product.

Well I don't know what news you've been reading the past year, but personally I've been given the impression that your NSA will try and compel whoever to do whatever they please, be it through court order, economic/political pressure and/or psy-ops.

> If Apple already had the keys to decrypt the message, they could be compelled to hand them over, but that's very different than compelling them to actually modify their end-user software.

It's also very different from the NSA actively hacking into, breaking security infrastructure of their ALLIES. Which is what they've done repeatedly.

It's also been shown that the NSA doesn't (can't or won't) really make a very fine distinction between who/what exactly are enemy, allied or US-targets. In particular if they really really want certain information that can be considered of high tactical value in their pursuit of foreign targets. Such as, say, private encryption keys for OS updates or whatnot.

While this is not proof that this happened or is happening, I'm arguing that there is very little stopping the NSA if they wanted to.

[eridius]

It's one thing to say "you have a communications product, give us access to the server". It's a rather different thing to say "you have a communications product where your server can't decrypt the messages; go radically break your security architecture in a software update".