Who’s Reading My iMessages?

Explaining iMessage’s end-to-end encryption for the rest of us

“Gentlemen do not read each other’s mail” — Henry L. Stimson, United States Secretary of State

In a world where GMail reads your email to serve you ads and the NSA’s information vacuum cleaner seems to be sucking up anything in sight it’s hard to believe many modern messaging apps are largely immune from such snooping.

When the national security apparatus of the West was blindsided by the terror attacks in Paris last November they blamed Telegram, a messaging app with end-to-end encryption. David Cameron briefly proposed legally forcing messaging apps to add a backdoor for law enforcement, but quickly withdrew the proposal.

But end-to-end encryption isn’t some arcane piece of technology only used by criminals and hackers.

You use it everyday.

You are actually using James-Bond-worthy spy tech as you ask a friend a quick question via iMessage, chat with colleagues via Whatsapp, or Catch up with family via Facetime.

How secure are these apps really?

How do they actually work?

The story of a message

Turns out your message to a friend goes through quite a journey. Sophisticated math algorithms package and then repackage it. It’s whisked through air, wires, and fiber. Then it’s reconstructed on your friends phone.

The math is computer code and math that makes this work is very sophisticated, but they do the same job that physical security devices like locks, keys, and seals have done for millennia.

Let me tell you the story of a simple message.

After you hit send

Imagine Bob is sending a message to Alice. He types in “Hey Alice!” and hits send. What happens?

Before the message ever leaves Bob’s phone and takes to the airwaves to find the nearest cell tower it goes through a packaging process.

Step 1: Lock box

Step 1: The Message is put in a lockbox or as the Apple Documentation states “For each receiving device, the sending device generates a random 128-bit key and encrypts the message with it using AES in CTR mode (Key 1).”

Step 1: The Message is put in a lockbox or as the Apple Documentation states “For each receiving device, the sending device generates a random 128-bit key and encrypts the message with it using AES in CTR mode (Key 1).” (Photo: Joe Filcik)

After Bob hits send the message “Hey Alice” starts down an assembly line.

Step one is to put the message in a lock box. The box contains the message and without the key the message can’t be read. iMessage creates a brand new lock and key for every message.

The actual technology here is called a symmetric encryption algorithm. This process encodes the message in such a way that only a person with the proper key can read it. To anyone without the key it’s unintelligible gibberish. It’s symmetric because, the same key or password is used both to encrypt and decrypt the message.

iMessage picks a new random key for each message. The key is picked randomly from a set of more than a trillion-trillion-trillion possible keys.

That’s a lot of possibilities.

With the best super computers in the world trying billions of keys per second it would still take millions of years to find the right key. If you can keep the key safe, then there’s no way anyone can get to your message.

But how can the key be kept safe?

Step 2: Key box

Step 2: Securing the key or as Apple’s technical doc’s put it: “This per-message AES key is encrypted using RSA-OAEP to the public key of the receiving device.”

Step 2: Securing the key or as Apple’s technical doc’s put it: “This per-message AES key is encrypted using RSA-OAEP to the public key of the receiving device.” (Photo: Joe Filcik)

If the key and the box are sent together anyone listening between Bob and Alice can just use the key to open the box and see the message. The key has to get to Alice if she’s going to read the message, but the key itself need to be protected or all the effort to create a new random key is in vane.

Protecting the key requires another lock.

A different kind of lock this time.

This new kind of lock starts unlocked. It can be, “click”, locked securely by anyone even if they don’t have the key. That ability to lock without the key is what makes it special.

This special kind of lock is called asymmetric encryption*, because a different information is used to lock than to unlock.

Alice’s special lock & key

When Alice first got her phone and started using iMessage her phone created a new random lock and key.

The key never left Alice’s phone

The lock was sent to Apple’s Directory Service.

Anyone who wants to send a message to Alice can ask for Alice’s Phones special lock and secure a message so only her phone can open it.

So, Bob downloads the special green lock for Alice’s phone. He locks away the key for Alice’s message in the box. Now the key is safe and Alice’s message is safe. Only with the green key on Alice’s phone can the message be revealed.

Awesome! Problem solved.

Why so complicated?

But wait, why not just use asymmetric encryption for the first box and avoid this added complexity?

Great question.

Turns out, symmetric encryption is much more efficient than asymmetric encryption in terms of processing & battery power, especially for large messages like pictures & audio. So symmetric encryption is used for the big box, containing the message, and asymmetric encryption is used for the little box, containing the key to the big one.

Step 3: Sealed box

Step 3: The box is sealed with Bob’s personal seal or as Apple’s documentation put it: “The combination of the encrypted message text and the encrypted message key is then hashed with SHA-1, and the hash is signed with ECDSA using the sending device’s private signing key.”

Step 3: The box is sealed with Bob’s personal seal or as Apple’s documentation put it: “The combination of the encrypted message text and the encrypted message key is then hashed with SHA-1, and the hash is signed with ECDSA using the sending device’s private signing key.” (Photo: Joe Filcik)

One last step before sending the message on it’s way to Alice.

Before the key box and the lock box are sent, they’re packaged inside a larger box, sealed with a private seal from Bob’s Phone.

This seal allows Alice to be confident that the message really came from Bob. Anyone can send a message claiming to be Bob, but this seal let’s Alice’s phone double check the message.

How does this work?

A public lock

It’s the exact inverse of step 2.

The public lock in step 2 could only be opened with a private key. Here, there’s a public picture of the seal on Bob’s phone. Anyone can tell if Bob’s phone was really the one who sealed the box, but like the private key in step 2, only Bob’s phone can create the seal. This is asymmetric encryption used in reverse.

Just like the king

This is exactly the way the royal seal of the King of England worked 500 years ago, if you think about it.

Everyone knew what the Kings seal looked like, but only the king had the stamp. It was both personally risky and technically difficult to forge the Royal seal.

Off it goes

And that’s it. The package is ready to ship.

Bob’s phone sends the package into the network. Based on the label, “To: Alice”, Apple’s Cloud finds Alice and delivers the package.

Neither Apple, nor the phone company need to see inside the package. In fact they couldn’t even if they wanted to. They just use the label, with the To & From on it to make the delivery.

Unpacking

When Alice gets the message, her phone does the reverse of the three steps above.

  • First it checks the seal, against Bob’s seal from the Apple Cloud making sure it’s really from Bob.
  • Then, it unlocks the key box using Alice’s private key.
  • Lastly, using the key it finds there to unlock and reveal the message.

That’s it. It’s as simple as that.

Now you understand some of the most sophisticated encryption tech in common use today. Congratulations!

This process means these messages, much more so than email or regular text messages, are secure against whoever might be eavesdropping in the middle – corporations, governments and hackers.

It’s sophisticated computer code, but provides the same kind of security people has sought ever since the invention of the envelop.

One last thing:

How does it work when the message is sent to multiple people?

What if Alice has a Macbook where the message is also delivered?

Great questions!

When you send a message using iMessage a separate version of the message is sent to each user and each device that user owns running iMessage. Every device has it’s own private key, so every device gets it’s own version created specifically for it.

*Note: Asymmetric Encryption is also very commonly called public-key cryptography where the “lock that anyone can use” is called a public key and the key that opens it is called a private key, however this is awkward with my analogy. If I ever rewrite this post that analogy will change :).

Joe Filcik is a technologist looking for enchanting technology used for good  @WonderNFear. His other interests include podcasts/audiobooks, economics, UX, and faith. His day job is as a Program Manager at Microsoft. Follow him on Twitter @JFilcik

Who’s Reading My iMessages?