Though Apple claims iMessage has end-to-end encryption, But researchers claimed at a security conference that Apple's iMessage system is not protected and the company can easily access it.
Cyril Cattiaux - better known as pod2g, who has developed iOS jailbreak software, said that the company's claim about iMessage protection by unbreakable encryption is just a lie, because the weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
Trust and public keys always have a problem, but the researchers noted that there's no evidence that Apple or the NSA is actually reading iMessages, but say that it's possible. "Apple has no reason to do so. But what of intelligence agencies?" he said.
The researchers were able to create a bogus certificate authority and then add it to an iPhone Keychain to proxify SSL encrypted communications to and from the device, and in the process discovered that their AppleID and password was being transmitted in clear text.
He says that since Apple controls the public key directory that gives you the public key for every user, it could perform a man-in-the-middle (MITM) attack to intercept your messages if asked to by a government agency.
A solution for Apple would be to store public keys locally in a protected database within iOS, as then the keys could be compared.