FBI highlights iMessage encryption issues, Department of Defense isn't sure where its mobiles are

iMessage is so well encrypted that US law enforcers can't intercept it, while the DoD has detected weaknesses in the army's mobile strategy

We all know that iMessage is encrypted, but US law enforcers have only just realised they can't intercept it. And in other news, the Department of Defense has detected weaknesses in the US army's mobile strategy.

The FBI's Intelligence Note, uncovered by Cnet, suggests that: "While it is impossible to intercept iMessages between two Apple devices, iMessages between an Apple device and anon-Apple device are transmitted as Short Message Service (SMS) messages and can sometimes be intercepted, depending on where the intercept is placed."

The FBI's best advice for law enforcers is to "put an intercept on a non-Apple device."

Apparently the DEA San Jose Resident Office didn't realise that iMessages were not captured by pen register, trap and trace devices until 21 February 2013.

The Intelligence Note explains that: "Investigators may erroneously believe they have a complete record of text transmissions if they are unaware that iMessage communication between smartphones are not captured or provided by the cell phone service providers."

This indicates that the FBI would require Apple to provide a backdoor to iMessage that can be utilised by law enforcers. Cnet notes that Apple's privacy policy would authorise the company to divulge information about customers to law enforcement when "reasonably necessary or appropriate" or to "comply with legal process."

iMessage not government proof

Cnet's report includes details that suggest that Apple's iMessage is not actually "government proof", it also suggest that encryption on messages is the least of the FBI's worries. Christopher Soghoian told Cnet: "It's much much more difficult to intercept than a telephone call or a text message. The government would need to perform an active man-in-the-middle attack... The real issue is why the phone companies in 2013 are still delivering an unencrypted audio and text service to users. It's disgraceful."

However, it is exactly this level of privacy that we concluded had the Chinese government's attention when we wrote about why the Chinese government had kicked off an anti-Apple campaign on the government owned TV service recently.

It also reminds us of the way that those who took place in the UK riots back in 2011 used Blackberry messaging to organise themselves -- precisely because it was a closed system.

Apple announced iMessage in 2011 and made it clear then that it would offer "secure end-to-end encryption" and that the messages would be sent for free via the internet, rather than eating into a monthly SMS limit. Last autumn Apple CEO Tim Cook claimed that 300 billion messages had been sent so far. Infact, in January we reported that two billion iMessages are sent from Apple's 500 million iOS devices every day.

And the Department of defence don't know where its mobiles are...

Along with the FBI's sudden realisation that iMessages are encrypted comes news that the Department of Defense (DoD) has conducted an audit to evaluate security issues in relation to mobile devices that are used by its staff, especially with the trend to BYOD (bring your own device).

According to a Technewsdaily report, "The DoD discovered weaknesses in the Army's mobile strategy right away." Specifically, the Army's chief information officer, Lt. Gen. Susan S. Lawrence did not: "Require secure storage for data on mobiles, insist on keeping devices free of malware, monitor mobiles while hooked up to computers or even employ training or user agreements to keep military secrets under wrap."

The audit found almost 15,000 unauthorized devices in use, and the army doesn't even know where all its mobiles are, according to the report.

Follow Karen Haslam on Twitter / Follow MacworldUK on Twitter

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Federal Bureau of InvestigationU.S. Department of Defensesecuritymobile securityencryptiongovernment

More about AppleFBImobiles

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Karen Haslam

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place