• BearOfaTime@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    I tried it yesterday, it still has some growing pains (had some trouble getting it to connect).

    Going to keep watching though, for a new app it looks pretty good, fluid, well designed from a UI standpoint.

    Given the dev was able. To reverse-engineer Apple’s ANP (equivalent to Google’s GCM), build an app, backend, etc, it should be fun to watch.

    It’s also generating a conversation around the misperception of iMessage being perfectly secure, and how SMS downgrades iMessage to not secure at all.

    Hacker News story about the lack of Forward Secrecy and other concerns: https://news.ycombinator.com/item?id=38537444

    A summary of what I think is the primary issue with iMessage security that most people can easily understand (I’ve quoted this from another commenter, this is in he article):

    1. iMessage uses RSA instead of Diffie-Hellman. This means there is no forward secrecy. If the endpoint is compromised at any point, it allows the adversary who has

    a) been collecting messages in transit from the backbone,

    or

    b) in cases where clients talk to server over forward secret connection, who has been collecting messages from the IM server

    to retroactively decrypt all messages encrypted with the corresponding RSA private key. With iMessage the RSA key lasts practically forever, so one key can decrypt years worth of communication.

    I’ve often heard people say “you’re wrong, iMessage uses unique per-message key and AES which is unbreakable!” Both of these are true, but the unique AES-key is delivered right next to the message, encrypted with the public RSA-key. It’s like transport of safe where the key to that safe sits in a glass box that’s strapped against the safe.

    **BearOfATime Comment: **This lack of Forward Secrecy alone is enough to say iMessage is nowhere as secure as we’ve been lead to believe. The delivery of the AES key with the AES-encrypted message but the package encrypted with RSA that virtually never changes is so blindingly flawed. This setup makes the AES encryption pointless, if you’re going to package the key with it. Because once the RSA is broken/acquired, they have the AES key for the message (and ALL messages)!

    The concern over the RSA key length is a bit premature, I’d say it’s more of a future concern that Apple is probably working on.

    The other issues (unchanging identifiers, for example) are a valid concern. Something I’ve seen other apps take into consideration (Signal, Briar, SimpleX Chat).