Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

>When someone sends me an iMessage, their client sends as many copies as I have devices?

Generally how this works is that the sender encrypts the message with a symmetric encryption algorithm (like AES) and then encrypts the randomly-generated AES key with RSA with each of the receivers' private keys. So you only send out a single message, but it can be decrypted by any of the intended recipients.



If I understand this correctly, you're saying that they actually encrypt the message with a single key. Then they encrypt the messages key with the public key of all recipients and send it with the message, so each user can decrypt the message key with the private physically attached to the device and use it to decrypt the message?


That makes a lot of sense. In that case, it seems the easiest way to wiretap an iMessage account would be to compromise one of the devices. Not surprising that the DEA doesn't have that kind of expertise/authority, though.


Nope - all they have to do is get Apple to add another surveillance key to the list of device keys associated with your Apple ID. Then all future iMessages get encrypted to that one, too.


Whenever any iDevice downloads a new keybag with an extra key, it gives the user like 15 notifications that a new device has been added to the iMessage account. I don't think there's a way to suppress this (without releasing a new OS).


I think you are assuming too much about the coupling of the UI. Do people iMessaging me get an alert every time I buy a new iPad?

WINDMILLS DO NOT WORK THAT WAY.


No, but the person being snooped gets a notification.


Why do you assume that?


And apple would only have to make sure, that you get no warning, that another device was added to your keybag.


They manufacture the hardware, design and produce the software, and are the intermediary between all device communication with all other devices.

I have a feeling they could manage.


I didn't mean to imply, that they could not, written it missed my ironic voice-modulation ;-)

I really had thought, that this would have happened long ago, for everybody, and so on. Would not have thought, that this was a problem for law enforcement, as it was with i.e. skype.


The user could detect that, though, so it's a no-go.


Not without jailbreaking or proxying the push connection...


No, by default your device notifies the shit out of you whenever your keybag is modified.


You are confusing the iMessage device activation UI with the underlying crypto operations.

Nobody iMessaging me gets any indication when I get a new iPad and add it to my account, despite all their messages to me now encrypting (on their device) to n+1 of my devices now.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: