FBI highlights iMessage encryption issues

iMessage is so well encrypted that US law enforcers can't intercept it, while the DoD has detected weaknesses in the army's mobile strategy

We all know that iMessage is encrypted, but US law enforcers have only just realised they can't intercept it. And in other news, the Department of Defense has detected weaknesses in the US army's mobile strategy.

The FBI's Intelligence Note, uncovered by Cnet, suggests that: "While it is impossible to intercept iMessages between two Apple devices, iMessages between an Apple device and anon-Apple device are transmitted as Short Message Service (SMS) messages and can sometimes be intercepted, depending on where the intercept is placed."

The FBI's best advice for law enforcers is to "put an intercept on a non-Apple device."

Apparently the DEA San Jose Resident Office didn't realise that iMessages were not captured by pen register, trap and trace devices until 21 February 2013.

The Intelligence Note explains that: "Investigators may erroneously believe they have a complete record of text transmissions if they are unaware that iMessage communication between smartphones are not captured or provided by the cell phone service providers."

This indicates that the FBI would require Apple to provide a backdoor to iMessage that can be utilised by law enforcers. Cnet notes that Apple's privacy policy would authorise the company to divulge information about customers to law enforcement when "reasonably necessary or appropriate" or to "comply with legal process."

iMessage not government proof

Cnet's report includes details that suggest that Apple's iMessage is not actually "government proof", it also suggest that encryption on messages is the least of the FBI's worries. Christopher Soghoian told Cnet: "It's much much more difficult to intercept than a telephone call or a text message. The government would need to perform an active man-in-the-middle attack... The real issue is why the phone companies in 2013 are still delivering an unencrypted audio and text service to users. It's disgraceful."

However, it is exactly this level of privacy that we concluded had the Chinese government's attention when we wrote about why the Chinese government had kicked off an anti-Apple campaign on the government owned TV service recently.

It also reminds us of the way that those who took place in the UK riots back in 2011 used Blackberry messaging to organise themselves -- precisely because it was a closed system.

Apple announced iMessage in 2011 and made it clear then that it would offer "secure end-to-end encryption" and that the messages would be sent for free via the internet, rather than eating into a monthly SMS limit. Last autumn Apple CEO Tim Cook claimed that 300 billion messages had been sent so far. Infact, in January we reported that two billion iMessages are sent from Apple's 500 million iOS devices every day.

And the Department of defence don't know where its mobiles are...

Along with the FBI's sudden realisation that iMessages are encrypted comes news that the Department of Defense (DoD) has conducted an audit to evaluate security issues in relation to mobile devices that are used by its staff, especially with the trend to BYOD (bring your own device).

According to a Technewsdaily report, "The DoD discovered weaknesses in the Army's mobile strategy right away." Specifically, the Army's chief information officer, Lt. Gen. Susan S. Lawrence did not: "Require secure storage for data on mobiles, insist on keeping devices free of malware, monitor mobiles while hooked up to computers or even employ training or user agreements to keep military secrets under wrap."

The audit found almost 15,000 unauthorized devices in use, and the army doesn't even know where all its mobiles are, according to the report.

Follow Karen Haslam on Twitter / Follow MacworldUK on Twitter

Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies