iMessage impersonation depicting how Man-in-the-Middle attack works Credit: QuarksLab
Apple recently refuted renowned iOS hacker pod2g's claims, saying that iMessage contents cannot be read even if Apple wanted to. The claim was then challenged by pod2g aka Cyril Cattiaux, the key member of the evad3rs Dream Team, who owns the popular security firm QuarksLab.
Earlier, the firm had claimed that anyone (such as Apple employee) with access to public key distribution system for iMessages could intercept, read and change the messages being sent to the receiver. According to the report, Apple could perform a man-in-the-middle (MITM) attack to intercept any message using its power over the public key directory.
Pod2g's latest video demonstration shows how someone could easily intercept or alter any iMessage by exploiting the way certificates are handled. Both iOS devices and Macs are said to be affected by this glitch in security.
The same video which was first shown at the conference in Kuala Lumpur, Malaysia, further strengthens the claims made by QuarksLab. According to ZDNet citing the video presentation, the researchers explained that to break iMessage encryption (AES, RSA, and ECDSA algorithms) in the manner shown would require the attacker to get physical control of the device - once.
"Then, the attacker would install fraudulent certificates on it, and run spoofed servers tricked out to mimic Apple servers. The flaw's essence, as QuarksLab described it, lies in the protocol's lack of certificate pinning," ZDNet explains.
According to pod2g and his team, Apple has access to public keys and the iMessages end-to-end infrastructure which allows them to alter certificates and keys at will. This uninhibited access gives the company complete control over iMessages service to decrypt or encrypt information when needed.
iMessage's security protocol is reportedly safe for normal conversations, as third-party access to break end-to-end encryption is impossible without Apple's assistance. Nevertheless, the iMessage app is not a viable option for communicating sensitive information as it can be decrypted using fraudulent certificates and spoofed servers to mimic Apple servers.
Check out the demo video depicting the interception and decryption of iMessages, courtesy of QuarksLab: