Investigadores afirmam que a Apple pode interceptar a comunicação do serviço iMessage, apesar de terem afirmado o contrário. A razão é a falta de certificate pinning.
What we are not saying: Apple reads your iMessages.
What we are saying: Apple can read your iMessages if they choose to, or if they are required to do so by a government order.
As Apple claims, there is end-to-end encryption. The weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages.
Also remember that the content of the message is one thing, but the metadata are also sensitive. And there, you rely on Apple to carry your messages, thus they have your metadata.
Now, you can read the article or jump to end of the article where we summarized it.
slides da apresentação