Apple Rolls Out iMessage Upgrade To Withstand Decryption By Quantum Computers (yahoo.com) 42
Apple is rolling out an upgrade to its iMessage texting platform to defend against future encryption-breaking technologies. From a report: The new protocol, known as PQ3, is another sign that U.S. tech firms are bracing for a potential future breakthrough in quantum computing that could make current methods of protecting users' communications obsolete. "More than simply replacing an existing algorithm with a new one, we rebuilt the iMessage cryptographic protocol from the ground up," an Apple blog post published on Wednesday reads. "It will fully replace the existing protocol within all supported conversations this year."
The Cupertino, California-based iPhone maker says its encryption algorithms are state-of-the-art and that it has found no evidence so far of a successful attack on them. Still, government officials and scientists are concerned that the advent of quantum computers, advanced machines that tap in to the properties of subatomic particles, could suddenly and dramatically weaken those protections. Late last year, a Reuters investigation explored how the United States and China are racing to prepare for that moment, dubbed "Q-Day," both by pouring money into quantum research and by investing in new encryption standards known as post-quantum cryptography. Washington and Beijing have traded allegations of intercepting massive amounts of encrypted data in preparation for Q-Day, an approach sometimes dubbed "catch now, crack later." More on Apple's security blog.
The Cupertino, California-based iPhone maker says its encryption algorithms are state-of-the-art and that it has found no evidence so far of a successful attack on them. Still, government officials and scientists are concerned that the advent of quantum computers, advanced machines that tap in to the properties of subatomic particles, could suddenly and dramatically weaken those protections. Late last year, a Reuters investigation explored how the United States and China are racing to prepare for that moment, dubbed "Q-Day," both by pouring money into quantum research and by investing in new encryption standards known as post-quantum cryptography. Washington and Beijing have traded allegations of intercepting massive amounts of encrypted data in preparation for Q-Day, an approach sometimes dubbed "catch now, crack later." More on Apple's security blog.
Does it withstand decryption by Wrench? (Score:1)
Re:Does it withstand decryption by Wrench? (Score:4, Insightful)
Is that a fork of Baseball Bat 1.0?
Re: (Score:2)
Actor: Sir everyone in Hollywood was a communist in 1936, it is what you said to get into ladies undergarments.
Re: (Score:2, Informative)
Isn't proving that something can't be decrypted a hard (tm) problem? The mathematics are difficult and posits certain assumptions. It's a pretty safe, but perhaps unsubstantiated, claim as there are not any quantum decryption computers -- at least not publicly disclosed.
And if in 2030 or 2050 years, the 2024 messages can be decrypted .... they can claim "based on what we knew" in 2024.
95% marketing hype.
Re:Does it withstand decryption by Wrench? (Score:5, Informative)
Isn't proving that something can't be decrypted a hard (tm) problem? The mathematics are difficult and posits certain assumptions. It's a pretty safe, but perhaps unsubstantiated, claim as there are not any quantum decryption computers -- at least not publicly disclosed.
When did security experts ever say decryption was impossible? Most security experts will say that current encryption methods are difficult to crack using today's technology. Difficult is not impossible. The brute force approach is a guaranteed method of cracking practically all of the most commonly used encryption methods. However it will take impractical amounts of time and resources. So if you want crack the internet web session of your neighbor where they bought something on Amazon, it will only take all the worlds computers as of today working past the end of the estimated lifetime of the universe to brute force it. Or by sheer luck, it can be done on the first guess.
And if in 2030 or 2050 years, the 2024 messages can be decrypted .... they can claim "based on what we knew" in 2024
This is why over the years, different algorithms and strengths have replaced older ones. Weakness have been found; technology has been advanced. I do not know of anyone in the field to have ever said that encryption was completely unbreakable forever.
95% marketing hype.
No I think people hear the wrong thing or get their information from the wrong sources like Hollywood. For example, Hollywood has their idea of "hacking" with gaudy UI and hackers typing insanely fast. For example, in the James Bond 2012 movie, Skyfall, the resident tech expert Q hooks up a laptop they found to their internal network and a wall of monitors. Instantly the computer sends out malware and takes over their network. In reality, an expert would never hook up an unknown laptop to their network first or hook up a laptop to 5 monitors that are behind him.
One of the better examples of realistic hacking is the Matrix Reloaded where Trinity types command line instructions to use an actual known exploit to take over the power plant network. Since the universe is supposed to take place in the year 1999, the root kit that was shown actually existed in 1999. What security experts found not believable is that Trinity would type on a laptop with full gloves on as being impractical.
Re: (Score:2)
No I think people hear the wrong thing or get their information from the wrong sources like Hollywood.
My favorite is still "Independence Day". Sure, we can hack an alien spacecraft with technology so advanced that the ship could eliminate the gravitational effects of a mass a quarter of that of the Moon, without knowing anything about it (not even knowing if it uses electronics and/or computers as we understand them) and get it to destroy itself, and be back home in time for dinner. No problem, but I thin
Re: (Score:2)
My favorite is still "Independence Day". Sure, we can hack an alien spacecraft with technology so advanced that the ship could eliminate the gravitational effects of a mass a quarter of that of the Moon, without knowing anything about it (not even knowing if it uses electronics and/or computers as we understand them) and get it to destroy itself, and be back home in time for dinner. No problem, but I think a little extra cash in next week's paycheck is called for.
At least that movie had a reasonable explanation in a deleted scene. I think the deleted scene with Brent Spiner explained that since the government had the alien spaceship for 30 years, they had been working on countermeasures including computer viruses. But to streamline the plot, they changed it to where Jeff Goldblum suddenly came up with the idea instead so they could not use the deleted scene as it would contradict the plot change. Yes it might be unlikely that any viruses developed for the craft woul
Re: (Score:2)
Isn't proving that something can't be decrypted a hard (tm) problem? The mathematics are difficult and posits certain assumptions. It's a pretty safe, but perhaps unsubstantiated, claim as there are not any quantum decryption computers -- at least not publicly disclosed.
And if in 2030 or 2050 years, the 2024 messages can be decrypted .... they can claim "based on what we knew" in 2024.
95% marketing hype.
100% true of every single Encryption Method.
So, did you actually have a point?
It's still collecting metadata and not really E2EE (Score:3, Informative)
Re: (Score:3)
Re: It's still collecting metadata and not really (Score:2)
Apple is part of PRISM.
Did you forget about Snowden already?
Re: (Score:2)
Remember that dinky presentation made to bring more money to finance PRISM where supposedly Apple had just joined PRISM the same time the slide was made, and the date was in a different font and date format as all the entry dates of the companies that had joined years before and that you still trust somehow. Yeah, that looked totally legit, and not like somebody tried to show at least some results to save funding.
Re: (Score:2)
At least that's what PRISM says. Do we believe what PRISM says now?
If the feds didn't have such a hard-on for Snowden I might not.
Re: (Score:2)
At least that's what PRISM says. Do we believe what PRISM says now?
If the feds didn't have such a hard-on for Snowden I might not.
What's that got to do with Apple?
Re: (Score:2)
What's that got to do with Apple?
Did you forget what we were talking about? It's literally in the text you quoted.
Re: (Score:2)
At least that's what PRISM says. Do we believe what PRISM says now?
Remember that dinky presentation made to bring more money to finance PRISM where supposedly Apple had just joined PRISM the same time the slide was made, and the date was in a different font and date format as all the entry dates of the companies that had joined years before and that you still trust somehow. Yeah, that looked totally legit, and not like somebody tried to show at least some results to save funding.
Exactly!
Re: (Score:2)
Apple is part of PRISM.
Did you forget about Snowden already?
Yeah; all based on a supposed undated PowerPoint Slide, where "Apple" is the ONLY Hand-written name on it.
Nothing else I have seen in over a decade corroborates that alleged "proof".
Re: (Score:2)
This PQC microscopic improvement is privacy-washing since key escrow in iCloud decrypts content and collected metadata is given to intelligence and law enforcement without a warrant.
Without a Warrant?
Prove it.
Re: (Score:2)
In 2021 Apple told the world that they were suing NSO and that they believed iOS 15 protected users from the attacks NSO used.
The fact that from that you get "Our data is for sale and Tim Cook is the broker." is vaguely insane.
Re: (Score:2)
Apple cannot secure our data. Backdoors and background scanning by govt agencies is now a requirement to be a platform. Not to mention the massive market of folks like QuaDream and NSO selling no-click access.
Apple is lying. They knew their devices are not and cannot be secured. Their marketing around cyber-security is entirely disconnected from any path towards actually securing user-data.
In 2021 Apple told the world that they could not protect our data from the NSO group. As a user, every change in iOS seems designed to weaken security and make it easier for hackers and black-hat appers to steal data from my phone and the accounts it has access to. https://www.apple.com/newsroom... [apple.com]
Apple is lying. Our data is for sale and Tim Cook is the broker.
Prove it, or GTFO.
Great, more bullshit (Score:2)
Quantum-resistant encryption is a current research topic and not ready for prime-time.
Re: Great, more bullshit (Score:2)
Are you suggesting Apple, in several cyber security vendors offering PQC algorithms in their products are jeopardizing security?
Re: (Score:2)
Yes.
Translation (Score:3)
"More than simply replacing an existing algorithm with a new one, we rebuilt the iMessage cryptographic protocol from the ground up,"
Translation: We replaced our existing algorithm with a completely different algorithm.
Re: (Score:2)
Probably something Apple proprietary as hell, to insure that third-party support for iMessage will continue to be difficult as possible to reverse engineer. We can't allow those peasants using Android phones to have those beautiful blue chat bubbles, can we?
Selling the change as a "security improvement" is just a bonus for Apple.
Re: (Score:2)
Probably something Apple proprietary as hell, to insure that third-party support for iMessage will continue to be difficult as possible to reverse engineer. We can't allow those peasants using Android phones to have those beautiful blue chat bubbles, can we?
Selling the change as a "security improvement" is just a bonus for Apple.
Great!
As an Apple-User, I very much want my iMessage Encryption to be chock-full of multiple layers of Proprietary Algorithms and Unpublished Trickery!
Resistance is Futile. (Score:1)
Re: (Score:2)
Quantum computers will easily decrypt all of your messages and files. You can't stop it.
Prove it.
Skeptical (Score:1)
Historically Apple has been caught many times having set things up so they and/or government can access data on their platforms and I've yet to hear about the carrier backdoors discovered more than a decade ago being blocked in either Apple or Android land.
If you think you aren't doing anything the government would be interested in so you don't care... you are wrong. Even if you aren't doing something acute like being about to vote for the guy who wants to curtail government and strengthen rights; you are s
Re: (Score:2)
Historically Apple has been caught many times having set things up so they and/or government can access data on their platforms and I've yet to hear about the carrier backdoors discovered more than a decade ago being blocked in either Apple or Android land.
Prove it.
Re: (Score:2)
https://venturebeat.com/securi... [venturebeat.com]
Re: (Score:2)
https://venturebeat.com/securi... [venturebeat.com]
Bzzt! Thanks for Playing!
Your Source is Incorrect.
The Feature is called "Advanced Data Protection". Here is how you Set It Up.
https://support.apple.com/en-u... [apple.com]
BTW, I found that in 5 seconds of DDG-ing.
Re: (Score:2)
The source is not incorrect the source is from 2020 and ADP wasn't added until 2023... three years after being caught. End-to-end encryption predates any current apple product line so not enabling it by default on all products is gross negligence at best. As you yourself point out, Apple still leaves the minimal security requirement of end-to-end encryption disabled by default. But even if they didn't the only sane policy with regard to deliberately compromising your users to hostile interests [and third pa
Re: (Score:2)
The source is not incorrect the source is from 2020 and ADP wasn't added until 2023... three years after being caught. End-to-end encryption predates any current apple product line so not enabling it by default on all products is gross negligence at best. As you yourself point out, Apple still leaves the minimal security requirement of end-to-end encryption disabled by default. But even if they didn't the only sane policy with regard to deliberately compromising your users to hostile interests [and third parties who want access to confidential data they wouldn't consent to are hostile interests] is a 1 strike policy, there is no room or need for forgiveness. Fool me once... nope, why invite shame on me when I can just support vendors who have never sold me out?
Doesn't matter when that article was written, except it was an obsolete reference, advanced as indicative of the Status Quo in 2024; which it was not.
In debate and law, details like "no longer relevant" matter.
The rest of your Post is just standard Move-The-Goalposts Hater Rhetoric.
Begone!
Re: (Score:2)
"it was an obsolete reference, advanced as indicative of the Status Quo in 2024"
You need some work on reading comprehension fan boi. "Historically Apple has been caught" requires a HISTORICAL reference to Apple being caught not a current one. They have been caught betraying their users in the past, they still deliberately default their users to an insecure configuration without any plausible justification and there is no reason to trust them in the present or the future.
"In debate and law, details like "no
Re: (Score:2)
All iMessaging passes through Apple's systems, not point-to-point, and therefore given the industry's past, they likely have somewhere they can access your messaging. So think secret court orders and other BS, and Apple will just bend right over and hand out the info.
Given Apple's recent beef with Beeper, with the squashed chance to open their protocols for use in other ways (ie: not through Apple's systems), I think that's telling, too. Apple always uses the excuse of "the user experience" which is just marking BS.
Prove it, COWARD.