Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The article refers to icloud encryption keys, not imessage keys.

If imessages are backed up to icloud, then the govt will have keys to see them. But if a user doesn't back up, I was under the impression not even apple could decrypt iMessages.



Correct, for data that isn't backed up, you would need to have root access to the user's device.


i do believe rubber-hose decryption works wonders in china.


Not even root access would suffice. You'd need the user passcode.


iMessage (public) keys are "backed up" to IDS directory services. This is how Apple devices do key-exchange with one another. If there is no man-in-the-middle mitigation for IDS, then all the Chinese government needs to do is return spoofed keys for anyone you're communicating with. Remember, when you send messages to other people, you encrypt with THEIR key, not yours (on device). Your key is used for signatures and decrypting messages sent to you by them. THEIR Key comes from the cloud, and thus subject to attack if key exchange wasn't secure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: