Control of keys gives Apple ability to read iMessages, despite end-to-end encryption.
Contrary to public claims, Apple employees can read communications sent with its iMessage service, according to researchers who have reverse engineered it.
The finding, delivered Thursday at a Hack in the Box presentation titled How Apple Can Read Your iMessages and How You Can Prevent It, largely echoes the conclusion Ars reached in June. It contrasts sharply with assurances that Apple gave following revelations of an expansive surveillance program by the National Security Agency. iMessage conversations, Apple said at the time, "are protected by end-to-end encryption so no one but the sender and receiver can see or read them." It added: "Apple cannot decrypt that data."
Researchers from QuarksLab who delivered Thursday's talk, begged to differ.
"Apple's claim that they can't read end-to-end encrypted iMessage[s] is definitely not true," researchers from QuarksLab wrote in a white paper summarizing their findings. "As everyone suspected: yes they can!"
Full story available at the following link,