Feds are chasing Apple unicorns



Earlier this week officials at the Justice Department announced that they are considering suing Apple in order to force the company to provide a way for them to hack iMessages.

While Apple does keep any- and everything that is saved to the iCloud (and will dutifully turn over any records they might have if they are served with a valid search warrant) they can’t actually turn over iMessages sent from one person to another if they have encryption turned on and auto-save to iCloud turned off.

Problem is, according to Apple, when someone wants to engage in a private chat with someone else the encryption keys are generated on the fly and Apple doesn’t store those keys. So, essentially, Apple can’t comply with any requests to ‘wire-tap’ iMessage conversations even if they wanted to.

It should be noted that a security company recently pointed out there is a flaw in the iMessage system that could be exploited to intercept the key generation process and gain access to iMessage conversations. When you initiate a secure session a request goes to Apple’s servers and they send the newly generated keys to each participant. If someone could intercept that exchange they could insert their own keys or create a version of man-in-the-middle attack where messages are intercepted, stored and then passed on to the real recipient. So technically Apple does have a finger in the entire key exchange process even if they don’t actually save the keys or the content of the iMessage conversations.

But Apple, like other companies offering secure, encrypted communications, could put the key generation algorithms on the devices themselves and not require any unencrypted interaction with Apple’s servers at all (of course that would require each individual to find another way to exchange keys before they initiate any secure communications).

It’s a bit like selling a lock with a user-changeable combination. Straight out of the factory the company could tell you what the default combination is but once the user changes it there is no way for the company to know what the new combination is.

There is a wonderful quote on the RokaCom website (they sell encryption solutions for voice, messages and just about everything) and they too have a key system that is generated on the fly. In their FAQ section under ‘what if RokaCom receives a subpoena for my account?’ it says they will turn over billing information and other account data but when it comes to the actual encrypted content exchanged between their users they say, "We can be subpoenaed for a unicorn, but if we don't have a unicorn we cannot deliver it."



Guy Wright

Guy Wright has been covering the technology space since the days when computers had cranks and networks were steam powered. He has been a writer and editor for more years then he cares to admit.


More

IoT, its future and its impact on our lives

A radical change in our lives brought about by the Internet of Things – An overview

How to get your business through stormy weather

Having your own business is very rewarding in many ways, but it comes with a price. When you run your own business, no matter how big or small, you are responsible for yourself and the people that you employ, there is no monthly paycheck unless you provide for it. That is why having a solid financial base is crucial to keep your business alive if or when the going gets rough. There are lots of reasons your income or turnover could slack, not the right season, the economy is slow, there is a new and better product on the market or even new competition. In most cases, if you play your cards...

Natural remedies for Hiatal Hernia that you should follow

Exercise and a proper diet might help you avoid surgery