The messages are encrypted end-to-end. What you do with them once they've arrived (e.g. backing them up to iCloud) has nothing to do with the transport.

A co-worker and I send encrypted e-mails back and forth occasionally. If he decrypts my attachments and saves them to his hard drive to work with, that doesn't mean that e-mailing them in an encrypted form was worthless.

They might well be encrypted end-to-end, but who manages the keys? If Apple manages the keys on the server side, then that end-to-end encryption does not prevent Apple from accessing the messages.

If you read the article, you'll note that the author was successful with an attack that demonstrates that Apple can access the plain text of at least recently-delivered messages (and possibly all of the backed up messages).

Apple manages public keys, not private. They'd have to lie to you and give you their own public key, and then man in the middle your conversation to get it.

Right. A security system that relies on someone not lying to you is not so hot.

Sure, but this is all transparent to the user. Apple heavily pushed iCloud backups and doesn't mention that it throws any data security out of the water. You hear iMessages are secure and then you accept the "use iCloud backup" question that appears right after you get your device. Except now your messages aren't secure.

Apple did a great thing by making iMessage secure by default. They should do a similarly great thing by making iCloud backups secure or by making it very obvious to the user that they are not secure (and what that means for your other "secure" data).

Isn't it possible that iCloud backups are encrypted in storage? Apple could be holding the key in encrypted form and sending that to the device with a backup. If the user's password is used as the passphrase to the key, then only the user can use the key to decrypt it. Apple could hold a second key, with passphrases set to secret answers for reset scenarios - that would let them regenerate the normal password-encrypted key for the chosen changed password.

This seems likely given they offer to store your key for FileVault[1] under some secret answers. I think this delivers the same level of "secure" in the sense that, provided they don't store the passwords you submit (possible law enforcement request), then they shouldn't be able to decrypt your iCloud backups either.

1: http://support.apple.com/kb/ht4790

iCloud Backups are encrypted: https://www.apple.com/ipad/business/docs/iOS_Security_Oct12....

Apple can still get at them because they can reset your password on you. Certain files in the backup will not be accessible to them if they were encrypted with a key that wraps the Device UID. iMessages don't seem to be one of these files, but Mail backups are clearly inaccessible.

Yes. Not only possible but likely.

agreed.

i think the most important takeaway here is that the reactionary press release "Apple’s Commitment to Customer Privacy" was very carefully worded to give the customer a sense of security. it's definitely not telling the full story, but it serves its purpose of reassuring a concerned user base.

You aren't required to use iCloud Backup to use iMessage. They're completely separate services.

I'd like to see a more comprehensive test to prove that the messages are part of the backup. Since you have to sign in to iMessage, it's possible that these are being retrieved from the iMessage server in an encrypted form - "I restored an iPhone and saw old messages" is not proof that they are stored in plaintext.

Also.. it's important to note that the iMessage client only retains about a day's worth of messages on the device. Earlier messages can be obtained via a "load earlier messages" button. This means that Apple does store the message history on the iMessage servers, and there is a way for the client to retrieve them in batches while the contents are not accessible to Apple.

It seems extremely likely that this 'iCloud Backup' vulnerability is a red herring. The messages are not stored in the regular backup but are fetched encrypted by the client when you sign in.

That's not what's happening with the "load earlier messages" button at all. The long term iMessages history is stored in an unencrypted sqlite database on the phone (which is included, unencrypted, in local iTunes backups).

Local backups can be encrypted (mine are). Also it's not necessary to use cloud backups (I don't).

Therefore, my iMessage history is secure (I fully understand that my message recipients may expose my individual messages, but my copy is safe).

The fact that it is possible to perform encryption on the entire backup file does not change the fact that many people are (wrongly) speculating about things which are easily verifiable.

They're not loaded from the server but the sms.db (sqlite) database on your phone.

Tools exist to read the database from the phone directly, from backups, etc. Which is great when you accidentally delete them... I wouldn't know that though. :)

But what's the difference? Whether the messages are stored in plaintext, or whether they are stored as part of the iCloud backup, the author proved that Apple can get to them in order to restore your newly purchased phone.

It matters because in one scenario Apple itself can't get to them - it can only restore them to your phone where they are decrypted using your password.