Hello Apple world, here you are a new video shows the well known iPhone hacker pod2g, shows that the company can indeed read your iMessages, follow us after the break!
As the man himself shows in the video, it’s theoretically possible for someone to alter any message at the receiving end thanks to a flaw in the way certificates are handled. This affects both iOS devices and Macs, and QuarksLab will be releasing a Mac app and a jailbroken iOS device tweak that will plug the hole once the conference is over.
The researchers explained that to break iMessage encryption (AES, RSA, and ECDSA algorithms) in the manner shown would require the attacker to get physical control of the device — once.
Then, the attacker would install fraudulent certificates on it, and run spoofed servers tricked out to mimic Apple servers. The flaw’s essence, as QuarksLab described it, lies in the protocol’s lack of certificate pinning.
As Pod2g and his team points out, the issue comes in the fact that Apple owns the infrastructure from end-to-end, meaning that it could change the certificates and associated keys at will, effectively giving it control over our iMessages. Whether it would want to though is obviously up for debate. [Via]