iMessage encryption stumps US federal agents
Posted on 05 April 2013.
A recent investigation conducted by US Drug Enforcement Administration agents has been temporarily derailed after they failed to decrypt messages the targets exchanged via Apple's iMessage system.

According to an internal DEA note that was leaked to Cnet, the encryption used for the messaging system makes it "impossible to intercept iMessages between two Apple devices," regardless of the cell phone service providers.

Another problem for law enforcement is these iMessages "are not captured by pen register, trap and trace devices, or Title III interceptions," which could end up with investigators missing crucial exchanges.

iMessages between an Apple device and a non-Apple device are transmitted as SMS messages and can sometimes be intercepted, and more easily if the intercept is placed on the non-Apple device, adds the memo.

As Dallas De Atley, manager of the platform security team at Apple, shared last year at Black Hat, the iMessage encryption is based on unique identifiers embedded in the hardware, uses a hardware encryption engine, and supports full AES and SHA encryption.

Law enforcement isn't exactly helpless in cases such as these, as they can get a court order and demand Apple to help them intercept and decrypt the messages.

Still, there is a big push by federal authorities to set legislation that will make all similar communications accessible to them when legally requested.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th