Update: Fresh Apple statement added

The immunity of iMessages from government surveillance has been cast into doubt by QuarksLab security researchers presenting at the Hack in the Box conference in Kuala Lumpur.

A leaked DEA document had pointed to the impossibility of intercepting iMessages even with a court order, a point that was confirmed by an apparently categorical Apple statement:

The researchers reverse-engineered the iMessage protocol and confirmed that the claim was true. However, they identified that Apple needed to hold the encryption keys on its own servers, and that simply by changing these keys, it could enable access to the message content.

The researchers were keen to stress that they do not believe Apple is doing, or has ever done, this – but rather that it could do so if the NSA or another government agency were to require it. Only messages sent after Apple changed the keys would be accessible.

Apple has since issued a statement to AllThingsD:

This is, though, merely a weaker version of its earlier statement. Then, it said it couldn’t read iMessages, now it is saying that it could, but it would require work and it has no intention of doing so. That Apple would not willingly do so was never in doubt: the point is that the NSA could force it to. A demonstration from QuarksLab is below:

[youtube=https://www.youtube.com/watch?v=EbqZnTKDVU0]

When the NSA PRISM story broke, it led to a raft of denials in what some security researchers say was carefully-crafted language. Apple, among other companies, was clearly unhappy about the secrecy imposed on it and gained permission to reveal some numbers on government requests for customer data. A meeting was subsequently held at the White House in which Tim Cook and other tech CEOs met with President Obama to discuss the issue. Details of the discussions were not made public.