Apple’s iMessage is DEA Disaster

DEA Blam!

Apple’s iMessage app appears to be giving the U.S. Drug Enforcement Agency real problems because they are not able to trace and track text message conversations lie conventional SMS. When Apple’s iMessage was announced in mid-2011, Cupertino said it would use “secure end-to-end encryption” and sure enough messages sent between two Apple devices are encrypted communication and cannot be intercepted.  iMessage protocol is actually on Apple push notifications (APNS) – a proprietary protocol. An iPhone app developer we spoke with explained that the messaging platform’s connection is encrypted with TLS using a client side certificate. The certificate is requested by the device when the iMessage app is activated.

The DEA’s warning, marked “law enforcement sensitive,” is the most detailed example up to know of the technological obstacles — FBI director Robert Mueller has called it the “Going Dark” problem — that police face when attempting to conduct court-authorized surveillance on non-traditional forms of communication.

FBI director Mueller told a House of Representatives committee two weeks ago “There is a growing and dangerous gap between law enforcement’s legal authority to conduct electronic surveillance, and its actual ability to conduct such surveillance”

Tiro Security is a leading provide of penetration testing and can guide your company through understanding secure communications. With over 25 years of information security experience in-house we’ll find the holes before the bad guys do.