Forgot your password?
typodupeerror
Encryption Communications Crime Government Your Rights Online Apple

Is the DEA Lying About iMessage Security? 195

Posted by timothy
from the please-see-previous-department-line dept.
First time accepted submitter snobody writes "Recently, an article was posted on Slashdot about the claim that law enforcement made about being frustrated by their inability to decrypt messages using Apple's iMessage. However, this article on Techdirt suggests that the DEA may be spewing out disinformation. As the Techdirt article says, if you switch to a new iDevice, you still are able to access your old iMessages, suggesting that Apple has the key somewhere in the cloud. Thus, if law enforcement goes directly to Apple, they should be able to get the key."
This discussion has been archived. No new comments can be posted.

Is the DEA Lying About iMessage Security?

Comments Filter:
  • Are you kidding? (Score:5, Insightful)

    by IonOtter (629215) on Sunday April 07, 2013 @04:40PM (#43385839) Homepage

    The mere fact that you even have to ASK such a question means the answer is "Yes."

    • by BlkRb0t (1610449)
      Betteridge says NO though.
      • by russotto (537200) on Sunday April 07, 2013 @05:00PM (#43385981) Journal

        Betteridge is probably right. The messages are likely technically interceptable but not through the means the DEA tried; they didn't ask the right people the right questions.

        • by blackraven14250 (902843) on Sunday April 07, 2013 @05:04PM (#43386011)
          Getting the key from Apple isn't really "technically interceptible" anyway. The problem, from their end, is likely that they need to subpoena the information from Apple (both past messages and the key for future use), rather than intercept it easily.
          • by Gr8Apes (679165) on Sunday April 07, 2013 @05:55PM (#43386321)

            This is probably the crux of their complaint - they can't intercept the messages without going through proper procedures, getting a warrant, and leaving a paper trail. This is precisely how things should work.

          • by sjames (1099) on Sunday April 07, 2013 @07:48PM (#43387043) Homepage

            Exactly. The problem (as far as the DEA is concerned) is that they might be forced to actually obey the law themselves for a change. They much prefer tapping what they want with no oversight.

          • Re:Are you kidding? (Score:5, Informative)

            by mysidia (191772) on Sunday April 07, 2013 @08:30PM (#43387249)

            Getting the key from Apple isn't really "technically interceptible" anyway. The problem, from their end, is likely that they need to subpoena the information from Apple (both past messages and the key for future use),

            This assumes a certain architecture. If the cryptosystem is strong, there is probably a frequent key rotation schedule, in which, the same key that encrypted past messages will potentially be replaced in the future by the time any new messages are exchanged.

            It would be ideal, if some portion of this key were secured by the password, e.g. a SCRPT, BCRYPT or PBKDF2 hash of the password, is part of the secret material required to decrypt the key on the client, and any change of the user's password results in key rotation.

            It is conceivable that Apple could design a system, in which, the keys would be available on multiple of your devices (because you knew an additional secret), but not available to Apple, to extract or find out what the key is (because Apple denies themselves access to the secret)

            Do I think it's designed that way? No... it would not happen by coincidence, for sure.

            Could they have designed it that way? Yes

            • by b4upoo (166390)

              Bcrypt is a wonderful tool but it is not strong encryption. PGP now yields to decoding. It could be really interesting to search old transmissions and decode them. Statutes of Limitation may not hold as the evidence of crimes was hidden until now. So the guy that put up a lot of kiddie porn years ago or downloaded such material could be in for a real shock. Politicians and lawyers and the like might also need to squirm a bit. If I got it right PGP can now be decoded in real time. Yesterdays m

              • by ceoyoyo (59147) on Monday April 08, 2013 @12:49AM (#43388263)

                I'm pretty sure you're wrong. PGP uses RSA and IDEA. If RSA was breakable, particularly in realtime, there would be a lot more screaming. Some older versions of PGP had some bugs that were theoretically exploitable, but I don't think any of them have actually been exploited, never mind reliably or in real time. There have been several incidents over the years suggesting that authorities cannot decrypt PGP encrypted data.

                It's possible that some early RSA encrypted messages using very short keys are technically decryptable, but you'd have to be a highly motivated government agency to do so, and you still wouldn't be doing it in anything close to realtime.

                Yesterday's munitions are... pretty much unchanged today, except that you can be extra paranoid and use longer keys now.

                • by mysidia (191772)

                  There have been several incidents over the years suggesting that authorities cannot decrypt PGP encrypted data.

                  I think it's that authorities can't always decrypt PGP encrypted data.

                  In some earlier versions of PGP, or on some certain OS versions, the entropy producing functions of the OS (secure random number generator), were broken, in such a way, that one or more of the asymmetric keys protecting an encrypted document would be a weak keypair, OR one of the symmetric keys protecting an encrypted

                  • by ceoyoyo (59147)

                    The authorities are more likely to break the recipient (or the sender). Which is the approach they've been taking: in one of those incidents I mentioned somebody went to jail for nine months for not decrypting the message for the court.

                    As someone else pointed out, if the NSA or whoever could break RSA it would only make the drug dealers' messages more secure. They wouldn't want foreign governments and international baddies to stop using it because Joe Random got convicted for dealing after his computer wa

              • by mysidia (191772)

                Bcrypt is a wonderful tool but it is not strong encryption. PGP now yields to decoding.

                That's not true... BCrypt for a specified number of rounds (adaptation of the blowfish cipher) is stronger than PBKDF2; that is, more resistant against dictionary/brute force attacks using GPUs and other embedded hardware.

                Furthermore, these have nothing to do with PGP.

                All 3 are key derivation functions, which are used to generate an encryption key from a password, and may be salted; such that the key generated is

        • by Fuzzums (250400)

          What question? Oh! I see what you're doing here.
          That question that is followed by the "or else..."

      • by Daniel Dvorkin (106857) on Sunday April 07, 2013 @05:18PM (#43386109) Homepage Journal

        Contrary to Betteridge, the answer to almost any question of the form "is the DEA lying" is yes. They're a worse propaganda machine than every other alphabet-soup agency put together, which is saying something.

    • by pantaril (1624521)

      The mere fact that you even have to ASK such a question means the answer is "Yes."

      IMO the very fact that slashdot suggested totaly closed and 3rd party controlled device to be used for safe communication [slashdot.org] speaks that this website has fallen. There is no news for nerds anymore, no knowledgable operators/moderators. Trully nerdy/inovative/liberating technologies (like bitcoin) are shuned and rejected here based on FUD. The majority of good users have moved elsewhere (reddit for example). Clueless apple fanboys and similar are the only ones left.

  • by thetoadwarrior (1268702) on Sunday April 07, 2013 @04:47PM (#43385893) Homepage
    If you're using software created in the US by a commercial company you can bet the government has access to it. Who would believe any different?
    • Lots of people believe different because some US companies supply software based on stuff like openssh and truecrypt.

      Here's the fundamental problem with this sort of theory - if the US can decode something, chances are other people can too.

    • Who would believe any different?

      If the source is open, it's actually possible to check if the data safety is sane.

      Exemple: Mozilla's Sync.
      It *does* store web passwords on the server.

      Data sent and received from the server is always encrypted. (the server never has access to the clear text, only to the encrypted form)
      Without the password that the user keeps for him/herself, all the rest is useless.

      Three-letter agencies could subpoena all that they want, there simply isn't a technical way to extract the data. All that they can get is only a

  • Yes and no (Score:5, Informative)

    by Anonymous Coward on Sunday April 07, 2013 @04:49PM (#43385899)

    I think one of the main problems law enforcement has with iMessages is that it is ridiculously easy to get a pen register from a telco for a phone number. This is a list of the calls made to/from that number and a list of SMS/MMS to/from that number. iMessage bypasses SMS/MMS if both the origin and destination device are iMessage capable, so those interactions do not show in a pen register. The same could be said for many other text/chat services, but iMessage is the default texting client for a large number of people and does not require the user to do anything special to message others without the telco knowing, unlike many other services.

    iMessage isn't that special, the memo could just as easily been talking about FaceBook messages, which also won't appear in a pen register.

    • by girlinatrainingbra (2738457) on Sunday April 07, 2013 @06:04PM (#43386371)
      And getting a pen register dataset can mean enough linkages can be shown to a "known drug dealer" or a "known felon" that they will then have probable cause to get a warrant, even if the number of linkages is so high that you're not the "friend of a drug dealer" or even the "friend of a friend of a drug dealer" but even "(friend of a)^5 of a drug dealer".
      .
      When you get links that are that long, you can ensnare everyone in the world, whether or not they are truly guilty of anything, just from guilt by association. See the comment [slashdot.org] about 6-degrees-of-Kevin-Bacon or the one about [slashdot.org] Bacon numbers and Erd''os Numbers.
  • by kc9jud (1863822) on Sunday April 07, 2013 @04:51PM (#43385913)
    Just because your messages are accessible on a new device, it does not necessarily mean that your messages are readable or key is accessible by Apple. For instance, if the decryption key for iMessage were encrypted with your Apple ID password, then your key could be transferred around between devices, but Apple or the DEA would still have to brute-force/social engineer/whatever to get your password and decrypt the key. Whether or not it's actually set up that way...
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Yes, that COULD be. In reality there are password reset methods and no company will ever tell a customer that they have just lost all their messages, photos, etc. because they forgot their password. Wake the fuck up.

      • BlackBerry phones are encrypted as OP suggests, so when a user forgets a password, then there is nothing BlackBerry can do to help the user.
      • Yes, that COULD be. In reality there are password reset methods and no company will ever tell a customer that they have just lost all their messages, photos, etc. because they forgot their password. Wake the fuck up.

        Actually, if you turn on two factor authentication then that is exactly what Apple will do. For authentication, there are three items that can be used: Your password, a 16 digit key that you should stash away in a secret place, and a device (iOS or Mac) that you registered with Apple. Any two of these, and you can do anything. With only one thing, there is nothing you can do, and nothing that Apple can do to help you.

        • That means means Apple won't help you. They could, but they would compromise the added benefit of the two factor service. It's not a technical limitation.
          Apple have your registered device ID's. Apple have that 16 digit key they gave you that you stash away. The only thing they may not have is your password. But they might, you don't know that.

          • That means means Apple won't help you. They could, but they would compromise the added benefit of the two factor service. It's not a technical limitation. Apple have your registered device ID's. Apple have that 16 digit key they gave you that you stash away. The only thing they may not have is your password. But they might, you don't know that.

            Apple wouldn't need the 16 digit key. Obviously they _might_ have it since they sent it to you in the first place. Apple has enough info to send things to your registered devices, but that doesn't necessarily mean they actually have the code that your registered device is going to display. Again, they _might_ have it.

            The website about two factor authentication says that Apple _cannot_ help you when you lose two of your three items. Not "won't", but "cannot". If they "won't" help you, then they would prob

            • Your definition of cannot is wrong.
              They cannot help you because they have not built a system for their support staff to help you in that situation.
              The term should in no way imply the architecture of the system. It defines only the services they will provide you as a customer.

      • Actually, that's exactly what Apple does. The password he's talking about would only be being used to encrypt the user's backup of their device. As such, even if the user resets their password, the iDevice would still have a local copy of the data that it could encrypt with the new password and then backup like normal. Whether the user has the same password or not doesn't particularly matter, since the old backup is going to get replaced either way. It just means that if you got a new iDevice, you'd have to

    • That would be saner than just storing the key; but I suspect that virtually everybody's password is substantially less entropic than all but the most horrible and obsolete cryptographic keys...

    • Even if were set up that way, we already know Apple wipes [malicious] apps without user intervention/approval. It's not much of a stretch to assume they could [already have the capability to] surreptitiously download and run an app that snoops your private keys, since these keys must be in the clear on the user's iWhatever for iMessage to work in the first place.

    • Except apple stores passwords for iTunes in plaintext.

      I received an email from apple reminding me that i had $10 in iTunes funds availalble.

      Only problem is where my username should have been was my password in plaintext.
    • by bloodhawk (813939)
      As a user does not lose access to all their old stuff after a password reset then I think it is safe to say that while they "could" do that, they definitely DO NOT.
    • Your messages are readable and accessible by Apple.
      They're probably also stored in plain-text too.
      How do you think they deliver the message in a readable, plain-text format to the recipient?
      How do you think they store in while the recipient is off-line?

      The message is sent over an encrypted channel though. That's the only thing the DEA are complaining about, they can't easily intercept the message without the knowledge/co-operation of another party (you, Apple or the recipient in this case).

    • by Fuzzums (250400)

      If it's done, it could be something like this:
      Encrypt message with key.
      Encrypt key with password.
      Encrypt key with FBI password.
      Store both encrypted keys and the encrypted message.

      Guess who has access to your message. No brute force required.

    • Spot-on. Though I should point out that iMessages are definitely not encrypted using the password at the time that they're sent, though they are later on in the process you described.

      I'm too lazy to look up links right now, but there was an issue a few months (years?) back, where stolen iPhones had iMessages going to them still, even though the victims had received new phones and changed their passwords. If the password alone was the key, that wouldn't have been happening. That said, the backups that are st

  • by fuzzyfuzzyfungus (1223518) on Sunday April 07, 2013 @04:58PM (#43385965) Journal

    Unless the DEA is actively 'leaking' in order to attempt to move people into a vulnerable channel with a false sense of security(not impossible; but I'm inclined to suspect that the higher level drug runners take their paranoia seriously, or they wouldn't have lasted long enough to level up, and the lower level ones are probably more often foiled by the fact that they need to solicit customers, any one of which could be a plant), I'd be inclined to a more prosaic explanation.

    With SMS, architectural security during transmission is somewhere between pitiful and nonexistent and the entity that handles the messages during their voyage is the phone company, which has substantial legal incentives to, and a long history of, supine cooperation with the authorities.

    With iMessage, it looks pretty much like SMS on the handset; but it's all just data to the telco, and Apple presumably included some SSL/TLS or similar implementation that isn't totally broken, meaning that going through the telco is totally useless(this would also be why the leaked memo specifically mentioned that iMessages sent to non-Apple devices, which would be crunched into SMS at some stage, were still often recoverable).

    The fact that Apple can, apparently, retrieve your iMessage history for you suggests that, indeed, a subpoena of Apple would leave you in the open; but I imagine that the DEA is much more familiar with, and pleased by, the 'service-oriented' attitudes of the phone companies, who are extremely forthcoming with customer information, with very low bars to clear, and minimal pesky judicial process.

    Certainly not a good idea to trust anything that the service operator can 'recover' or 'restore' for you to be secure(since it can't possibly be); but the DEA jackboots probably do encounter significantly greater hassle with a message that is never available to the notoriously friendly telcos. You are still up shit creek if they are building a case against you specifically(or if Apple caves and starts providing bulk access at some future time); but casual fishing is likely to be more difficult.

    • by amiga3D (567632)

      Right. They're lazy and want to have it delivered on a platter. With this method they have to get off their asses and do work.

      • Laziness is the optimistic option... The pessimistic possibility is that they are currently doing a nontrivial amount of surveillance that meets the (somewhere between low and nonexistent, depending on how you ask) standard of evidence for pen registers and similar; but would not meet the standards that would apply if they had to ask a judge to let them demand the goods from Apple.

  • I've been wondering the same thing about older news stories, on how the FBI was unable to crack PGP encryption. That too might be disinformacija.

    • Re:PGP (Score:5, Interesting)

      by Arancaytar (966377) <arancaytar.ilyaran@gmail.com> on Sunday April 07, 2013 @05:53PM (#43386299) Homepage

      If they were the only ones who said so, I'd be inclined to distrust it too. However, RSA has been around for 36 years now with no serious challenges, so either there is a world-wide conspiracy that controls every single mathematician (or several that between them control all the mathematicians), or it's unbroken.

      It's also possible that there are a few mathematicians decades ahead of current research that all work for various governments, but considering how much of mathematical work is derivative now, it seems far too unlikely that some unaffiliated researcher wouldn't have stumbled across the discovery independently.

      (Well, or the NSA has a working quantum computer that can do work on a useful scale, which goes back to "decades ahead of current research".)

    • Re:PGP (Score:5, Insightful)

      by femtobyte (710429) on Monday April 08, 2013 @12:08AM (#43388029)

      Suppose the darkest inner circles of government intelligence agencies actually can crack widely-used and trusted encryption like PGP. If you're merely an international drug dealer and child slave trader (or peaceful anti-war protestor, whichever the FBI loathes more), the tiny cabal of people within the FBI who have the clearance to know about the PGP crack aren't going to do anything that remotely risks leaking such information. Your secrets are perfectly safe with them, because they've got more important targets (like all the Top-Secret-equivalent info from foreign governments and corporations) that they'd lose covert access to if even a vaguely credible hint of a PGP crack leaked to lower levels of government law enforcement (and from there to other countries' intelligence operatives). A PGP crack would simply be too important an asset for covert intelligence to risk exposing on whatever mildly nefarious plots your encrypted emails are hiding.

  • by Trailer Trash (60756) on Sunday April 07, 2013 @05:10PM (#43386045) Homepage

    But they've never lied about the effects of drug usage, right?

    Right?

    Um, right?

  • by mbone (558574) on Sunday April 07, 2013 @05:10PM (#43386057)

    Every government statistic or statement on the drug war is not to be believed. There might be some truth in some of it, but after 80+ years of lies, it's not the way to bet.

  • by Shavano (2541114) on Sunday April 07, 2013 @05:11PM (#43386065)
    They're quite knowledgeable about DRUG TRAFFICKING. Expertise in other areas relevant to law enforcement should not be assumed. Apple either has a copy of your key or can crack their own encryption when they need to. The NSA could probably crack it too, but why would the DEA go to the NSA and why should the NSA concern itself with helping the DEA crack cases? That's not their job.
  • DEA can't TAP it (Score:5, Insightful)

    by mabhatter654 (561290) on Sunday April 07, 2013 @05:12PM (#43386071)

    The issue is not that the DEA cannot lawfully acquire the messages... It's that THEY HAVE TO ASK , EVERY TIME.

    Most taps are just "wide open" until the warrant expires and the telco turns the tap off... There is very little oversight. Many online services give law enforcement more of an "open ticket" to keep coming back for email or Facebook as often as they need. While the line isn't "tapped" LEOs can refresh every twenty minutes if they want.

    They are attepting to bully Apple into allowing a MITM or wide open ticket to people's accounts. The first post on this very carefully NEGLECTED to mention that Apple COMPLIES with lawful requests. Which they most certainly would. The issue is that Apple won't open a giant backdoors and look the other way while LEOs look up their ex-girlfriends, or people with fancy cars to pick on. Apple is probably making them request transcripts with dates and times... And then APPLE SENDS it to them.

    • Well, according to Apple's own (scanty) information on iMessage and on third party analysis, it looks like it is some sort of end to end encryption with Apple serving as the cert authority. it may well be that Apple cannot intercept the messages as the system is currently designed and can only reissue a certificate by killing the old one (and thus alerting the user because their iMessage stops working). That is by no means certain, but if it is not the case then Apple might have a false advertising lawsuit

    • The issue is that Apple won't open a giant backdoors and look the other way...

      Why not? I mean, aside from the possibility of getting caught...

      • Like getting caught stopped AT&T?? Didn't they make what the NSA asked for legal after-the-fact AT&T got caught?

        There is a technical issue that Apple doesn't support redirecting messages...although they could allow the DEA to have an additional iMessage device. Apple probably "could" do it.

        The REAL issue is that there is NO LEGAL MANDATE for Apple to do so. Aple running a chat program is legally no different than YOU running a chat program. Apple is not a telecommunications provider or an ISP, nor d

        • The REAL issue is that there is NO LEGAL MANDATE for Apple to do so.

          Actually we don't know that. Secret laws and all. There could be a gag order to keep them from mentioning it, like a national security letter. With all this secrecy, we don't have a clue of who knows what, leaving us to assume the worse, which is the recommended way of dealing with any of this.

  • Because who could have possibly seen THAT coming. Seriously, this is my shocked face.

  • 'looking like a "Lawnmower for Sale" but with message
    encrypted into tel.# & eMail address

    Better, encrypted into photos for an apartment / house
    ad (on a free-ad web site)

    Dump your eDevice(s)

    QED

    • Your messages would be just as easily for them to read once they know how you embedded them. Encrypt them with a decent algorithm implemented properly. Then use a channel that they might not discover, at least for a while. Don't use the same channel too long and use encrypted messages to inform the recipient of a change in channel. Use PKI, so you don't have to change keys when someone can no longer be trusted. Use PKI, so others can't pretend to be your without stealing your private key. Using steganograph
  • Do it yourself (Score:4, Informative)

    by chowdahhead (1618447) on Sunday April 07, 2013 @05:33PM (#43386209)
    It may not be the most elegant solution, but hosting your own Mumble server works pretty well for secure private IM and voice chat. There's a really slick Android client called Plumble, and I believe iOS has a basic one as well. The built-in authentication and encryption is sufficient, and the newer builds support the OPUS codec.
  • If they go to Apple _WITH_ a warrant, Apple can surely provide them with the information (well, I'd be shocked if they couldn't comply with a warrant).

    That's not what the DEA wants, however - they want to be able to read the messages _WITHOUT_ a warrant. I imagine that is where they are having difficulties intercepting and reading iMessages.

  • by shking (125052) <babulicm@@@cuug...ab...ca> on Sunday April 07, 2013 @05:47PM (#43386273) Homepage
    Remember the fuss just a year ago when India and other gov'ts complained about Blackberry? How is this different?
  • It is of course quite possible as some people mentioned that it is harder, but not impossible, for the police to get access to iMessage messages than they like, and they interpret this as "we can't read iMessage" (whenever we like). It is also quite possible that they are just lying and want all the drug dealers to use iMessage because they have complete access.

    It is also possible that Apple has absolutely no way to read your iMessages. I would think that making iMessage safe against hacker attacks would
  • They can probably not decrypt iMessage traffic without some other information or hooks; but they almost certainly have that.

  • by smash (1351)
    Back to SMS with Android huh?
  • I keep hitting the "off the record" option on Google Talk chats. However, I log in from e.g. an Android device and voila - the chat is back there with the chat log.

    So much about off the record.

    These companies lie to us.

  • and that is the real problem. I think a better broader question to be asking is should a "free and democratic society with government by the people and for the people" have agencies spreading disinformation to the people?

    I ask this because there is already large portion of the population that has a very cynical mistrustful view of government (myself included). When officials are known to provide inaccurate information to the public it harms societies ability to trust any other information from government.

  • If the encryption key is derived from the users' password, and it's hashed differently than whatever algorithm Apple uses for login (one example might be PBKDF2 for encryption and crypt() for login) - it's very easy to store encrypted "blobs" of data that can only be accessed by the user (with their password). I believe this is how Blackberry operates - their servers store encrypted data, but BB is never in possession of the key.

    That said, if you read the DEA's memo more carefully, all it pretty much says

  • FTA "An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, "it is impossible to intercept iMessages between two Apple devices" even with a court order approved by a federal judge. ...the key word is INTERCEPT.

    I'm not a security or network expert, but isn't "intercept" different than "decrypt messages stored on a server"?

    couldn't it be difficult to intercept (whereas reading messages stored somewhere

I use technology in order to hate it more properly. -- Nam June Paik

Working...