Is iMessage Encryption 2 tough for FBI?

Chat about just about anything else

Is iMessage Encryption 2 tough for FBI?

Postby ASmith on Fri Apr 05, 2013 1:58 am

Multiple Apple and Apple related websites certainly appear to claim the FBI and the DEA are stymied by iMessages sent between two Apple devices and point out regular Short Message Services (SMS) between a Apple device and a non-Apple device is able to be intercepted (obviously).[1][2]

To back up such a obvious agency planted 'report' one site even includes a purported 'unclassified' Intelligent Report describing how the DEA were unable to obtain decrypted messages between iMessage users dated Feb. 21, 2013. What makes that very suspicious to me is that with the Bush and now Obama White House, declassifying Intelligence Briefs takes many years, sometimes decades pass after a solution or mitigation has been applied.[2][7]

The readers should be mature enough to understand that in today's times a major provider indicating a serious DEA-FBI security lapse is a open invitation for that article,news brief or website-webpage to be immediately deleted in real time and results in a rapid disappearance if it were publicly published.

It didn't take long for me to determine the special sauce in the iMessage encryption was simply standard SSL/TLS using RSA 2048 public keys. If a browser still supports weak and broken encryption modes for its SSL operations (nearly all do unless YOU manually remove them) it is possible the weakest encryption mode which is likely broken (RC4 for example) is going to be deployed in your SSL session. A really useful primer on fine tuning the Firefox browser's SSL strength complete with the necessary steps you could apply to other browsers is found here. [3]

Apple just as Microsoft's former IM server STORES ALL USERS MESSAGES IN PLAIN TEXT on their server. 2048 bit RSA public keys are not in my opinion going to be strong enough to protect business secrets and many have/are moving to 4096 RSA public keys as a result. All major providers appear to have been pressed into full warrentless 'cooperation' in my opinion who would not present any obstruction to Apple users 'plain text' stored on the Apple iMessage Server per a DEA or FBI,NSA,CIA request.

In My Opinion and Conclusion:

The articles appear to be a deliberate effort to steer individuals into a false sense of security to use iMessage IM. While it does appear iMessage uses end-end encryption, as pointed out the SSL mode can be weak and the public key size isn't considered strong now and the users IM messages along with their Apple account information is recorded in plain text allegedly on the Apple iMessage IM servers. Apple's privacy policy clearly states that the iPhone maker may give information about its customers to law enforcement when "reasonably necessary or appropriate" or to "comply with legal process."

However, iMessage still should not be used to send sensitive information. All data so far indicates that the messages are stored in plaintext in Apple’s servers. This presents several vulnerabilities. Apple or anyone able to compromise Apple’s servers would be able to read your messages – for as long as their cached.[6]

Treat iMessage as you would emails or SMS communications. It is safe enough for daily usage, but highly sensitive information should not be sent through it.


References:

[1] Apple’s iMessage Encryption Too Tough for FBI http://www.macobserver.com/tmo/article/apples-imessage-encryption-too-tough-for-fbi
[2] Apple's iMessage encryption trips up feds' surveillance http://news.cnet.com/8301-13578_3-57577887-38/apples-imessage-encryption-trips-up-feds-surveillance/
[3] Calomel SSL Validation https://calomel.org/firefox_ssl_validation.html
[4] Just How Secure is Apple's iMessage? Even the DEA Can't Crack It http://www.maclife.com/article/news/just_how_secure_apples_imessage_even_dea_cant_crack_it
[5] IMessage https://imfreedom.org/wiki/IMessage
[6] QOTW #34 – iMessage – what security features are present? http://security.blogoverflow.com/2012/09/qotw-34-imessage-what-security-features-are-present/
[7] DEA Intelligence Declassified Note http://i.i.com.com/cnwk.1d/i/tim/2013/04/04/deaintelligencenote_610x479.png
User avatar
ASmith
Level 3
Level 3
 
Posts: 151
Joined: Tue Nov 08, 2011 1:47 am

Linux Mint is funded by ads and donations.
 

Re: Is iMessage Encryption 2 tough for FBI?

Postby ASmith on Wed Jun 12, 2013 1:03 am

My suspicions were confirmed with the first wave of former CIA technical agent and NSA contractor Edward Snowden's exposure of the global encompassing operation code named PRISM. NSA agents shown in the leaked NSA slides explaining PRISM to top secret lawmakers and insiders had obtained Apple server taps in 2012 which effectively broke the iMessage Encryption reducing it to simple plain text at the server level which was then split, cloned to the NSA database for storage and analyst.[1][2][3]

Then NSA,CIA,FBI via USA taxpayer funding along with Apple officials begin a PR campaign extolling how strong and 'safe' the Apple iMessage encryption is. Some disgruntled Linux Mint forum, community members are probably thinking this is a Apple Computers, NSA,CIA,FBI,USA problem. No, its a computer users and Internet Entrapment problem. I care about computer users being suckered into some police state trap or being smeared, blackmailed or arrested over a off-color remark they made when sober or intoxicated via iMessage thinking it was 'secure'.[4][5][6]

The huge exposure of the code named PRISM operation also was revealed by the USA NSA to have targeted Germany the most of all other European nations, taking all of the German nations Internet data, storing that and sifting thru it with banks of software and analysts. Linux Mint has a footprint based in Germany doesn't it? Suddenly such a USA NSA operation does certainly have great ramifications for those globally who have been stating/pretending such has no impact on their nation nor its foreign citizens. UK's investigative reporter Greenwald promises multiple large if not larger exposures on additional USA NSA spying operations which Edward Snowden released documents and information to him. Be safe and secure online via https: connections to your most used websites and use of Serpent 256bit CBC, Twofish 256bit CBC, Blowfish enhanced 448bit CBC encryption modes on files, notes and secure messages.

Consider Apples iMessage to be seriously broken and Apples users messages sent using iMessage as flagged for NSA,CIA,FBI analysis and determination on intent and further actions regardless if you are in a Internet Cafe in Croatia, or in a warm home in ChristTown, New Zealand.

References:

1) PRISM Collection Details Slide http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/images/prism-slide-4.jpg
2) Dates When PRISM Collection Began For Each Provider (Apple Oct.2012) http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/images/prism-slide-5.jpg
3) Second NSA PRISM Spy Leak Shows Govt, Tech Companies Are Lying to You http://southweb.org/lifewise/second-nsa-prism-spy-leak-shows-govt-tech-companies-are-lying-to-you/
[4] Apple’s iMessage Encryption Too Tough for FBI http://www.macobserver.com/tmo/article/apples-imessage-encryption-too-tough-for-fbi WARNING PsyOP (To get you to falsely think iMessage is a Secure Encryption)
[5] Apple's iMessage encryption trips up feds' surveillance http://news.cnet.com/8301-13578_3-57577887-38/apples-imessage-encryption-trips-up-feds-surveillance/ WARNING PsyOP
[6] Just How Secure is Apple's iMessage? Even the DEA Can't Crack It http://www.maclife.com/article/news/just_how_secure_apples_imessage_even_dea_cant_crack_it WARNING PsyOP
User avatar
ASmith
Level 3
Level 3
 
Posts: 151
Joined: Tue Nov 08, 2011 1:47 am

Re: Is iMessage Encryption 2 tough for FBI?

Postby samriggs on Wed Jun 12, 2013 2:39 am

For any Canadians out there wanting to know how all this effects us here's some info.
Prism and Canadians

a lot of folks are up in arms about this latest leak.
Who said were living in a free society. hmm.
Looks like sooner or later all our freedoms will be gone in the name of security and for good reasons (their reasons).
I try not to worry about this stuff because I always knew it would eventually come and all they need is for some excuse to set it all in motion.
It's all over the news up here in the great white north, a lot folks are ticked off to the tees about it and it has reached our government which is in the spotlight now about this issue.
The part that got me was
What’s more is that the NSA is defending this leak by stating PRISM is only used to target non-US Citizens; a fact that should make PRISM even more concerning for Canadians. As Edward Snowden revealed to the Washington Post, the NSA only need to be 51% sure, “the lowest conceivable standard,” that the suspicious individual they are targeting lives outside of the US. So basically, from what we know, there is a very shaky system of checks and balances to determine what country a target of PRISM is currently living in. This should make it quite clear that this new, online surveillance monster has in fact jeopardized the privacy of Canadians.


and our government grrrr
So even though it appears that the strength of PRISM affects Canadian telecommunications, the Canadian government is doing their part to increase digital surveillance as well. The Globe and Mail published raw documents on Monday that detail a plan by the Harper government to extend the capabilities for intercepted private communications online. Plus, given that Stephen Harper was in Peru last month to chat with the United States and a coalition of other countries (none from Europe) to discuss a new plan to control the internet—it’s clear that Canada intends to follow the leader when it comes to a clamping down on internet freedom.


pretty soon the only privacy that will be left are those who completely go off the grid.
"Windows: the worst system for the most money, Linux: the best system for free"
Registered Linux User #545430
SolydK
User avatar
samriggs
Level 5
Level 5
 
Posts: 843
Joined: Sun Apr 24, 2011 6:09 pm
Location: Canada

Re: Is iMessage Encryption 2 tough for FBI?

Postby Gary7 on Wed Jun 12, 2013 1:05 pm

I have nothing to hide, they can waste their time looking at my stuff.
User avatar
Gary7
Level 1
Level 1
 
Posts: 19
Joined: Mon Apr 08, 2013 10:31 am

Re: Is iMessage Encryption 2 tough for FBI?

Postby samriggs on Wed Jun 12, 2013 2:10 pm

Gary7 wrote:I have nothing to hide, they can waste their time looking at my stuff.


Pretty much how I feel, I knew it would happen sooner or later, I had quite a few folks around my area asking about it, which is what got me looking it up.
My response was, it was just a matter of time if ya got nothing to hide don't worry about it, it's when it becomes like a dictatorship ruling then worry.
which can be debatable if that's the case now or not to some degree.
"Windows: the worst system for the most money, Linux: the best system for free"
Registered Linux User #545430
SolydK
User avatar
samriggs
Level 5
Level 5
 
Posts: 843
Joined: Sun Apr 24, 2011 6:09 pm
Location: Canada

Re: Is iMessage Encryption 2 tough for FBI?

Postby monkeyboy on Wed Jun 12, 2013 2:20 pm

Consider the source. Enjoy
If you don't like it, make something better
If you can't make something better, adapt
If you can't do either ball your panties up and cry.

Complaining is like masticating most anyone can do it.
However doing it in public is really hardcore.
User avatar
monkeyboy
Level 5
Level 5
 
Posts: 773
Joined: Mon Oct 13, 2008 11:30 am

Re: Is iMessage Encryption 2 tough for FBI?

Postby ASmith on Thu Jun 13, 2013 2:13 am

Gary7 wrote:I have nothing to hide, they can waste their time looking at my stuff.


samriggs wrote:Pretty much how I feel, I knew it would happen sooner or later, I had quite a few folks around my area asking about it, which is what got me looking it up. My response was, it was just a matter of time if ya got nothing to hide don't worry about it, it's when it becomes like a dictatorship ruling then worry. Which can be debatable if that's the case now or not to some degree.


America and many other nations including the 'Queens Lands' (Canada,Australia,New Zealand) each have 'catch-all' laws meaning they would catch 100% of the citizens charged with them.

In America, not having every single digital ownership receipt on a copywrite movie, audio track or digital software piles up a 5-10yr federal prison potential charge multiplied by how many you cannot physically prove beyond any doubt that you are the legal owner of. This is simply one of many examples where a nations federal thugs come, you think you are innocent and unwittingly invite them to dig thru everything you have until they leave with you in handcuffs and your bank accounts seized barring you from mounting any reasonable defense much less hiring a top flight legal team.

What various agencys have already done is gone thru 11yrs of Edward Snowden's digital lifespan using the files stored on him dating back to 2002. Snowden was the NSA contractor, ex-CIA technician Whistleblower that appears to have exposed multiple Obama-Biden Whitehouse criminal actions. The USA Gov. has responded trying to dig up any dirt from his friends, neighbours who all told him he was a 'good kid'.

Lacking 'dirt' and actual evidence of wrongdoing, governments have at times allegedly planted, created or falsified its own evidence to bury someone in a government prison system. Pretending or telling others this doesn't happen nor that it couldn't happen to you is at best juvenile and immature in the real world which can be a hard splash of reality to those fooled into thinking that couldn't happen to them.

The Obama-Biden Whitehouse has made wide use of the old WW1 1917 Espionage Law. In a stunning exposure the global dragnet including all lawful USA citizens was ordered by the Obama-Biden Whitehouse who found a judge to sign a General Warrant on all citizens which had not happened in America in the last 270 years. Such enormous erosions of Freedoms, Libertys and Privacy's bode very badly for not only America but global citizens whose lives could certainly be impacted and adversely effected by such privacy crushing dragnets.

I recall several familys whose children ended up on one of dozens of Western Agencys terrorist watch lists. Their familys tried and tired to no avail to have them removed. Those children as adults will never be able to hold any sensitive or major paying employment in any Western nation. Even many blue collar manufacturing firms now run full background checks secretly on all present and future employees and would turn those people down. Those children did nothing wrong, have nothing to hide yet will make millions less in their employment lifespan than those with a cleaner digital crime database background report. Those familys would have likely never knew unless they attempted to travel overseas then they were told they couldn't.

First the FBI then DEA and CIA followed closely by APPLE officials all suddenly began spewing how uncrackable and 'safe' the iMessage Apple Encryption was. Not only was it everyday medium strength encryption, with NSA taps on the Apple Servers it was totally broken because it wasn't end-end heavy encryption, placing the plaintext of the messages on the Apple Servers. Those telling 'its safe', 'nothing to hide' sound very much like the advise by federal goons and corrupt CEO's who urged their userbase to become entrapped by the broken iMessage operation.

I have no doubt the FBI,DEA,CIA,Mossad and other Western agencys did catch and imprison citizens who made some rash comments via iMessage falsely thinking it was secure and private.

Activists in Egypt, Turkey, Yemen, Bahrain, Saudi Arabia and other nations have been incarcerated for simple posts, tweets or digital comments which were later merely deemed by their host government agencys as criticism. Perhaps those poor people now languishing in a hot desert prison thought initially they had nothing to hide and had done no harm, after a rude wakeup they were proven wrong.

I still haven't heard from 4+ USA citizens whose doors were kicked in and arrested, all of their digital devices seized including laptops for merely participating in a Seattle and Portland Occupy Wall Street protest. The warrants were sealed so the victims don't know what if any charges against them are. They seemed to have 'nothing to hide' and the USA Constitution right to speak and assemble seemed to fully legally apply, I guess they were wrong on that also.
User avatar
ASmith
Level 3
Level 3
 
Posts: 151
Joined: Tue Nov 08, 2011 1:47 am

Re: Is iMessage Encryption 2 tough for FBI?

Postby Gotsu Totsu Kotsu II on Thu Sep 12, 2013 12:16 am

the iPhone can be hacked so I don't know why iMessages can't be read.
Gotsu Totsu Kotsu II
Level 1
Level 1
 
Posts: 5
Joined: Sun Sep 08, 2013 9:39 pm

Linux Mint is funded by ads and donations.
 

Return to Open chat

Who is online

Users browsing this forum: No registered users and 5 guests