There’s been a little confusion and misinterpretation about CNET’s article detailing a U.S. Drug Enforcement Agency intelligence note concerning difficulties in intercepting Apple iMessage communications.
The DEA didn’t say that these messages couldn’t be intercepted by the government. They said they couldn’t be intercepted using typical wiretap authorizations implemented by wireless carriers. That’s because iMessage traffic is encrypted between iOS devices and Apple’s servers, and possibly end-to-end (I say “possibly” because Apple doesn’t publish its security implementation).
Even if iMessage traffic is encrypted end-to-end, Apple is still involved in the setup of the communications, and is still backing up iOS devices in iCloud, inclusive of historical iMessages. So if the government wants to see iMessage traffic, it needs to talk to Apple, not the wireless carriers
Researcher Julian Sanchez wonders if this might even be DEA misinformation. I’m inclined to think the DEA document has simply been widely misinterpreted.
iMessage is definitely better protected than traditional text messages. If your company is concerned about corporate messages that could be intercepted via rogue carrier base stations or nation states which control mobile infrastructure, iMessage is a layer of protection above the traditional mobile SMS protocols.