At a time when there is a lot of talk about instant messaging app security, Apple has updated the Platform Security conversation to give a better perspective on how data on your iPhone, iPad, Mac, Apple Watch, Apple TV, HomePod and of course iMessage, FaceTime, iCloud and Car Keys, to name a few apps and services. The iMessage and FaceTime security protocols that are in place are perhaps the most relevant to many users, given that messaging is the focus. Currently, Apple iMessage messaging service is available on various Apple devices including iPhone, iPad, Apple Watch, and Mac computing devices. FaceTime video and voice calling service is also available on these devices. In a nutshell, and let’s just say a spoiler alert ahead of time, this may just be a forwarding case for WhatsApp, Zoom, and a lot of other apps and services that offer both of these use cases.
Let’s see how iMessage is secure. Apple says up front that they don’t save message content or attachments, and all are protected with end-to-end encryption. Only the sender and the recipient can access these messages. Apple cannot decipher this data, which has often put the tech giant at odds with law enforcement, especially in the United States. To set up iMessage, a phone number is verified by the carrier network and SIM card, which often requires sending an SMS to complete the verification chain. Email addresses can also be used with iMessage, and iCloud IDs would also be verified by a confirmation link.
Apple says that when a user activates iMessage on a device, the device generates encryption and signing key pairs for use with the service. For encryption, there is a RSA 1280 bit encryption key as well as a 256 bit EC encryption key on the NIST P-256 curve. For the signatures, 256-bit Elliptical Curve Digital Signature Algorithm (ECDSA) signature keys are used.
Whenever you want to send an iMessage to a new contact or start a new conversation, your iPhone or iPad or Mac, for example, connects to Apple Identity Service (IDS) to access public keys and addresses for all devices. associated with the ID or contact you are sending the message to. This allows seamless streaming of iMessage chats to all devices signed in with the same iCloud ID. Any outgoing message is individually encrypted for each of the recipient’s devices. These are 128-bit keys, a combination of a randomly generated 88-bit value and an HMAC-SHA256 key to construct a 40-bit value, Apple explains.
FaceTime voice and video calls are also set up the same, with SIM authentication if required. All calls as well as audio and video content are end-to-end encrypted. The FaceTime connection is established through an Apple server infrastructure that relays data packets between registered devices attempting a FaceTime call. The encryption is AES256 and HMAC-SHA1. Group FaceTime can have up to 33 simultaneous participants and all group calls are end-to-end encrypted.
The Apple Platform Security Update advances Apple’s focus on data security and privacy as the very foundation of the apps and services it builds for the iPhone and iPhone. other devices. The instructions that are part of the update cover iOS 14.3, iPadOS 14.3, macOS 11.1, tvOS 14.3, and watchOS 7.2 operating systems. “Apple believes that privacy is a fundamental human right and has many built-in controls and options that allow users to decide how and when applications use their information, as well as what information is used,” they explain in the documentation.
–