Tuesday, 26 January 2016

Apple can Still Read Your End-to-End Encrypted iMessages

Apple has positioned itself as a strong guardian of its user privacy by denying the federal authorities encryption backdoors into its products. The company claims that when it comes to Apple’s iMessage service, it cannot read messages sent between its devices because they use end-to-end encryption, which actually means that only you and the intended recipient can read it.
Additionally, in case, if the federal authorities ask Apple to hand over messages linked to any of its users, there is nothing with Apple to offer them.
Back in 2014, CEO Tim Cook had told Charlie Rose that “If the government laid a subpoena to get iMessages, we can’t provide it. It’s encrypted and we don’t have a key.”
However, it turns out that Apple forgets to offer its so-called privacy benefits to users whose iCloud Backup is enabled.
If the iCloud Backup is enabled on your Apple devices, all your messages, photos and every important data stored on your phone are encrypted on iCloud using a key controlled by Apple, and not by you. This allows Apple, and anyone who breaks into your account, to see your personal and confidential data.
Apple’s Privacy page makes a minor acknowledgement of this, saying “we do back up iMessage and SMS messages for your convenience using iCloud Backup,” but reassuring that “you can turn it off whenever you want.”
However, it does not provide a way to locally encrypt iCloud backups (using a combination of your Apple login and device passcode, for example) that would allow the company to store your personal data, including iMessage and SMS messages, on its servers but not access it. But it is possible to do encrypted non-cloud backups locally through iTunes, though it isn’t always an obvious choice to average users. Right now it’s all or nothing. (The one exception is your password keychain, which is protected by a master password that Apple does not possess)
Even though Apple provides end-to-end encryption for your messages that even the company cannot access or read, but only if you avoid the backup feature that it encourages its customers to use every time.
As soon as you activate a new iPhone or iPad, Apple asks you to set up an iCloud account. However, otherwise ‘unreadable’ iMessages and other personal data become very much readable to the company and anyone else, whether it’s law enforcement agents with a court order or hackers searching for nude selfies.
Even though it’s difficult to say how many Apple users are affected, the most recent estimation from software consulting firm Asymco indicates there were around 500 Million iCloud users in March of 2014. That number was 300 million when last reported by Apple a year earlier, and it’s safe to assume that it has been increasing ever since.
There is no clarity as to how many of those people actually use iCloud Backups. When Motherboard tried to reach out to the company, Apple did not tell the estimated percentage of people using iCloud backup, nor did it provide a reason for not giving users the option to store cloud backups that are encrypted locally. The Hacker News gave the reason that Apple doesn’t want that its users who forget the passcode to not be able to decrypt their data by allowing such backups.
Apple’s encryption offerings are still more than enough for many users. However, if you do not want Apple to be able to access your data, the only solution is to backup your personal data locally through Apple’s iTunes.
Go to Settings→iCloud→Storage & Backup→iCloud Backup and turn off iCloud Backup. Now, tap the ‘OK’ button to confirm that your iPhone will no longer be able to backup your data to your iCloud storage automatically.

0 comments:

Post a Comment