Back in June, Apple said that iMessage is so secure that the company itself isn't even capable of decrypting communications sent on the service. But now, security research firm Quarklabs has released data saying that is not necessarily the case.
Apple said in the summer that "conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data." But based on the firm's recently published research, Quarklabs insists that Apple is indeed capable of decrypting communications sent over iMessage.
According to Quarklabs, the vulnerability is due to Apple having full control over the encryption keys used to secure messages between the sender and receiver. The firm points out that, theoretically this makes it possible for Apple to review messages without the intended users ever knowing its happening. This also means that Apple is capable of decrypting private messages if it were forced to do so by government agencies.
According to various reports, the data is being generally accepted by the security research sector as valid and independent cryptography experts are noted to have accepted the concepts the research is based on.
QuarkLabs prefaced its findings by saying that it has no evidence that Apple is or has already exploited this vulnerability.
In a recent statement regarding the current situation, Apple doesn't outright deny Quarklabs' findings but still maintains its position from back in June, saying that the "research discussed theoretical vulnerabilities that would require Apple to re-engineer the iMessage system to exploit it, and Apple has no plans or intentions to do so.”
