But then he goes on to say: "In the meantime, Green recommends that users update to iOS 9.3 and the latest version of OS X, which implement fixes that mitigate some, though not all, of the vulnerability.”.
Curious if this vulnerability is still around on iOS 10.2 as the article was written a year ago when 9.3 or whatever was out. > On Feb 25, 2017, at 12:46 PM, Josh Reynolds <j...@kyneticwifi.com> wrote: > > "Green complimented iMessage for using “end-to-end encryption” dating back to > 2011, but unfortunately it appears as though Apple uses the term quite > loosely. True end-to-end encryption would keep messaging conversations > between only those participating internally. Apple’s protection of iMessage > does not extend to the server, leaving a gap in its defenses." > > Read more: > http://www.digitaltrends.com/computing/despite-apples-push-for-encryption-imessage-remains-insecure/#ixzz4ZjCRwCfI > > <http://www.digitaltrends.com/computing/despite-apples-push-for-encryption-imessage-remains-insecure/#ixzz4ZjCRwCfI> > Follow us: @digitaltrends on Twitter > <http://ec.tynt.com/b/rw?id=a4WNn6KVyr4yHaacwqm_6r&u=digitaltrends> | > DigitalTrends on Facebook > <http://ec.tynt.com/b/rf?id=a4WNn6KVyr4yHaacwqm_6r&u=DigitalTrends> > > On Feb 25, 2017 1:43 PM, "Cassidy B. Larson" <c...@infowest.com > <mailto:c...@infowest.com>> wrote: > I see nothing in that article that says iMessages are stored unencrypted on > Apples servers, which is what you initial stated. > > I do see it state: "If a hacker were to take hold of the key server, they > would in turn be able to intercept messages as they are being typed — those > that have not already undergone the encryption process.” > > However, the same with anything using a key encryption. If someone has your > device key, wouldn’t they be able to decrypt your messages? > > > >> On Feb 25, 2017, at 12:37 PM, Josh Reynolds <j...@kyneticwifi.com >> <mailto:j...@kyneticwifi.com>> wrote: >> >> http://www.digitaltrends.com/computing/despite-apples-push-for-encryption-imessage-remains-insecure/ >> >> <http://www.digitaltrends.com/computing/despite-apples-push-for-encryption-imessage-remains-insecure/> >> >> On Feb 25, 2017 1:35 PM, "Cassidy B. Larson" <c...@infowest.com >> <mailto:c...@infowest.com>> wrote: >> I’m not sure I agree with that. Just reading up on this article from August >> of last year: >> >> http://www.tomshardware.com/news/imessage-weak-encryption-matthew-green,32466.html >> >> <http://www.tomshardware.com/news/imessage-weak-encryption-matthew-green,32466.html> >> >> Couple of points from the article: >> >> - Undelivered messages ARE stored encrypted on Apples servers for up to 30 >> days. Sure someone with the appropriate key can decrypt them. That’s >> nothing new. >> - Cloud backups store your messages, they’re encrypted.. and supposedly >> Apple can decrypt them? Or not? If you’re a terrorist and/or extra >> paranoid, turn them off or use WhatsApp.. Oh wait, don’t they have a >> backdoor? :) >> - They say iMessage is “Not any better than normal TLS”.. well, it’s >> encrypted. Better than not! >> - From this it also appears Apple implemented most of their short-term >> vulnerability patches for old clients. >> >> I assume if both sides of the conversation are running the latest iOS >> version, then they’re much more “secure” than running older un-patched ones. >> Just be sure to patch both sides of your iOS devices before your >> terrorist-ing messages are sent! LOL >> >> -c >> >> >>> On Feb 25, 2017, at 12:05 PM, Josh Reynolds <j...@kyneticwifi.com >>> <mailto:j...@kyneticwifi.com>> wrote: >>> >>> That's bullshit. iMessage is not encrypted on Apple servers, which the >>> messages pass through. This is why iMessage isn't considered true "end to >>> end" crypto. There have been several papers written on this. >>> >>> On Feb 25, 2017 1:00 PM, "Travis Johnson" <t...@ida.net >>> <mailto:t...@ida.net>> wrote: >>> Nope... iMessage is encrypted and not even Apple can read the messages. >>> >>> Travis >>> >>> On 2/25/2017 11:47 AM, Bill Prince wrote: >>> Just like iMessage and Siri. >>> >>> >>> bp >>> <part15sbs{at}gmail{dot}com> >>> >>> On 2/25/2017 8:12 AM, Travis Johnson wrote: >>> Now Google will be reading all of your text messages as well... if you use >>> an Android phone that is... LOL >>> >>> https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/ >>> >>> <https://www.cnet.com/news/google-takes-on-apple-imessage-with-enhanced-sms-for-android-rcs/> >>> >>> Travis >>> >>> >>> >>> >> >
